Group of Human rights lawyers and investigators called on The Hague this week to bring what would be the first-ever “cyber war crimes” charges. The group is pushing for the International Criminal Court to indict the dangerous and destructive Russian hacking group known as Sandworm, which is run by Russia’s GRU military intelligence. Meanwhile, activists are working to block Russia from using satellites controlled by the French company Eutelsat to broadcast its state propaganda programs.
Researchers published findings this week that thousands of popular websites are recording data that users enter into site forms before they hit the submit button — even if the user closes the page without submitting anything. Google has released a report on an in-depth security analysis it conducted with chipmaker AMD to catch and fix vulnerabilities in dedicated security processors used in Google Cloud infrastructure. The company also announced a set of privacy and security features for its new Android 13 mobile operating system, along with a vision to make them easier for people to understand and use.
The European Union is considering child protection legislation that would require scanning of private chats, potentially undermining end-to-end encryption on a massive scale. Additionally, advocates from the nonprofit cybersecurity organization BIO-ISAC are racing to protect the bioeconomy from digital threats, announcing a partnership this week with Johns Hopkins University’s Applied Physics Laboratory that will help fund incident response resources, pay what you can
But wait, there’s more. Each week we round up news that we haven’t covered or haven’t covered in depth. Click on the headlines to read the full stories. And stay safe out there.
The United States is finalizing the development of a new generation of high-security encryption standards that will be robust in the current technical climate and designed to be circumvention-resistant in the age of quantum computing. And while the National Security Agency contributed to the creation of the new standards, the agency says it has no specific means of undermining the protections. Rob Joyce, the NSA’s director of cybersecurity, told Bloomberg this week: “There are no backdoors.” The NSA has been involved in backdoor encryption schemes before, including in a situation in early 2010 in which the US removed a developed from the NSA algorithm as a federal standard above backroom issues.
An extensive investigation by Georgetown Law’s Center on Privacy & Technology reveals a more detailed picture than ever of the surveillance capabilities and practices of the U.S. Immigration and Customs Enforcement agency. According to the report released this week, ICE began developing its surveillance infrastructure at the end of the administration of George W. Bush, years before those efforts are believed to have begun. The researchers found that ICE spent $2.8 billion on surveillance technology, including facial recognition, between 2008 and 2021. ICE was already known for its aggressive and invasive surveillance tactics during the Donald Trump administration’s anti-immigration crackdown, but the report also claimed that ICE “played a key role in the federal government’s larger push to accumulate as many information’ about people in the US.
“Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contract and procurement records, reveals that ICE is now operating as a domestic surveillance agency,” the report said. “By hacking into the digital records of state and local governments and purchasing databases of billions of data points from private companies, ICE has created a surveillance infrastructure that allows it to extract detailed records on almost anyone, seemingly at any time.”
In a legal settlement this week, facial recognition and surveillance startup Clearview AI agreed to a set of restrictions on its U.S. business, including that it will not sell its facial print database to businesses or individuals in the country. The company claims to have more than 10 billion facial prints in its arsenal, belonging to people around the world and collected through photos found online. The settlement comes after the American Civil Liberties Union accused Clearview of violating the Illinois Biometric Information Privacy Act. The agreement also stipulates that the company will not be allowed to sell access to its Illinois database for five years. “This settlement demonstrates that strong privacy laws can provide real protections against abuse,” Nathan Freed Wessler, deputy director of the ACLU Speech, Privacy, and Technology Project, said in a statement. Despite the privacy victory, Clearview can continue to sell its services to federal law enforcement agencies, including ICE, and police departments outside of Illinois.
Costa Rican President Rodrigo Chavez said Sunday that the country is declaring a national state of emergency after the notorious Conti ransomware gang infected multiple government agencies with malware last week. Sunday was the first day of Chávez’s presidency. Conti leaked some of the 672GB of stolen data from multiple Costa Rican agencies. In April, Costa Rica’s Social Security Administration announced it was the victim of an attack by Conti. “A security review of the Conti Ransomware perimeter is currently underway to verify and prevent possible attacks,” the agency tweeted at that time.
