Cyber Week in Review: Feb 21, 2020

Multiple Countries Attribute Cyberattacks Against Georgia to Russia

Multiple countries, including the United Kingdom (UK), Georgia, the United States, and Poland, have attributed large-scale disruptive cyberattacks against Georgian web hosting providers and national broadcasters to the GRU—Russia’s military intelligence service. The attacks were launched on October 28, 2019 and resulted in the defacement of Georgian websites, including those belonging to the government, courts, NGOs, and businesses, and an interruption in the service of several national broadcasters. Though no evidence has been released by any country thus far, the UK’s National Cyber Security Centre confirmed with “95%+” certainty that GRU was behind the attacks and noted that this was the first significant example of the group using cyberattacks to disrupt or destroy since 2017. This is not the first time that Russia has launched a large-scale cyberattack against Georgia; Russia’s 2008 invasion of Georgia was pre-empted by Russian distributed denial of service attacks and the redirection of Georgian internet traffic through Russian networks. The United States and its allies have engaged in joint attribution before—ascribing NotPetya to Russian hackers and calling out a Chinese cyber espionage operation—in the hopes of establishing norms of state behavior in cyberspace.

China Tightens Internet Controls in Response to Coronavirus Outbreak

During the coronavirus outbreak that has so far claimed over 2,250 lives, the Chinese government has been cracking down on virtual private networks (VPN), which are often used to access foreign news sources, claiming that its “‘biggest political task’ of the moment [is] to guide the coverage of the epidemic and fulfil the party’s news ideals.” Criticism had spread about the government’s initial attempts to cover up the crisis and its treatment of Li Wenliang, a physician and whistleblower who was punished by the police for speaking out about the true severity of the epidemic early on. Li died of the disease on February 7. China regularly increases its restriction of VPN services at politically sensitive times, though this particular tightening follows a brief liberalization of information control in late January.

Iran Targets VPN Providers to Breach Target Networks

A report [PDF] released on Sunday by ClearSky Cyber Security shows that an Iranian state-backed threat actor used multiple flaws in VPN software to attack companies in the United States, Israel, and Saudi Arabia, among others. The attacks show a high level of sophistication, including the rapid weaponization of “1-day” vulnerabilities—that is, only recently revealed vulnerabilities—and an arsenal of unique tools. The report links the activity to three previously-known Iranian entities: APT33/Shamoon, APT34/Oilrig, and APT39/Chafer. The main goal of the attacks appears to have been espionage, but the authors worry that the access could be leveraged in a supply chain attack or to sabotage companies with destructive malware.

Bharatiya Janata Party Uses Deepfake Technology for First Time in Delhi Legislative Assembly Election

On Tuesday, VICE reported that the Bharatiya Janata Party (BJP) of Delhi used deepfake technology to create videos of Manoj Tiwari, their president, speaking in English and Haryanvi. The video encouraged viewers to vote against the incumbent Aam Aadmi Party (AAP) in the Delhi Legislative Assembly elections on February 8. To create these separate videos, Tiwari recorded a video of himself speaking Hindi, which was then manipulated to make him appear to be speaking English and Haryanvi. Afterwards, the deepfakes were used to target voters in those languages. Though benign in this case, some experts warn that the technology has significant potential for harm, as it could be used to create videos of political figures appearing to say things that are false, embarrassing, or inflammatory. In this case, it doesn’t appear to have done the BJP much good: the AAP won 62 out of 70 seats.

Bloomberg Campaign Blurs Line Between Advertising and Organizing Online

On Wednesday, the Wall Street Journal published a report showing that Michael Bloomberg’s campaign intends to pay people, who staffers refer to as “deputy digital organizers,” $2,500 per month to promote his candidacy to their friends via text message and their personal social media accounts. Though this practice is common in “AstroTurf” campaigns—well-funded advocacy campaigns designed to look organic—it is unusual in a presidential campaign. Bloomberg’s campaign insists the posts would not have to be labeled as sponsored content since they are a form of political organizing, though the Federal Trade Commission has previously implied that social media posts that tag a brand or business constitute endorsement and require the disclosure of relevant financial interests. Bloomberg’s immense financial resources—he is the ninth-richest person on Earth—have allowed him to outspend other Democratic candidates by a factor of thirteen in Super Tuesday states.

European Union Unveils Plan to Reassert “Technological Sovereignty”

This week, the European Union (EU) unveiled a plan to reassert its “technological sovereignty” in response to its perceived overreliance on foreign technology. Though short on specifics, the plan recommends that the EU work to support European technology firms and scrutinize foreign companies, especially those that could potentially use their vast data resources in an anticompetitive way, such as Amazon, Facebook, and Google. It also recommends that the development of artificial intelligence (AI) be better regulated. Though the EU has often led the world in terms of regulating tech, it has lagged in supporting European technological entrepreneurship. The plan recommends that the EU ensure that European startups and small businesses have access to financing and the ability to grow their market share.