Cyber Week in Review: December 22, 2023

There will be no Cyber Week in Review next Friday, December 29. The Week in Review will return on Friday, January 5. Happy Holidays!

Leading AI image training database contains child sexual abuse material

A new report from the Stanford Internet Observatory and Canadian Centre for Child Protection found that several AI image training datasets run by the Large-scale Artificial Intelligence Open Network (LAION) contained child sexual abuse material (CSAM). The dataset in question, LAION-5B, was used to train Stability AI’s Stable Diffusion text-to-image AI program, and contained at least 3,200 CSAM images, out of total of 5.8 billion total images. LAION said it has a zero tolerance policy for illegal content and was removing the dataset from circulation until it was made safe. The report also calls for Stability AI to remove Stable Diffusion 1.5, its model with the fewest controls, from circulation because of the presence of CSAM in its training data and Stable Diffusion 1.5’s ability to generate explicit content. Stability AI said it “has taken proactive steps to mitigate the risk of misuse” in its models, although it didn’t specify what those steps were.

European Union formally opens investigation into X/Twitter

The European Commission announced that it was formally opening an investigation into the social media platform X, formerly known as Twitter, for violating the EU Digital Services Act by failing to adequately moderate content or share data with researchers, and by structuring its paid tier system in a deceptive way. EU Commissioner for the Internal Market Thierry Breton sent a letter to X’s owner Elon Musk in October demanding that the platform clarify its content moderation policies and step up efforts to take down illegal content following the start of the conflict between Israel and Hamas. After Elon Musk bought the platform in October 2022, X largely ceased posting transparency reports, which are mandated under the DSA, although it recently posted a transparency report covering the period between August and October 2023. X’s official Safety account posted a statement that the company hopes the investigation “remains free of political influence and follows the law.”

Lt. General Timothy Haugh confirmed as head of U.S. Cyber Command and NSA

The U.S. Senate confirmed Lt. General Timothy Haugh, previously the deputy commander of U.S. Cyber Command, as the new head of the National Security Agency (NSA) and Cyber Command earlier this week. Two senators had previously placed holds on Haugh’s nomination: Tommy Tuberville (R-AL) placed a blanket hold on all military confirmations in opposition to the Pentagon’s policy on abortions, and Ron Wyden (D-OR) placed a hold on Haugh’s confirmation until the Pentagon acknowledged whether the NSA, the world’s largest spy organization, is buying the location data and web browsing records of U.S. citizens from data brokers. Both senators dropped their holds earlier this month, allowing Haugh to be confirmed with other senior military officials. Haugh will take over for General Paul Nakasone, who has led the NSA and Cyber Command for the past six years.

AlphV ransomware gang compromised by U.S. law enforcement

The Justice Department announced that it had seized the leak site of the AlphV ransomware group, also known as Blackcat, and distributed decryption keys to more than five hundred victims, saving them over $68 million in ransoms. According to a search warrant unsealed earlier this week, the takedown was partly enabled by a confidential source, who managed to infiltrate the group as an affiliate and provide law enforcement with access to the affiliate control panel, although the FBI and DOJ likely gained access to AlphV’s internal networks later in the process. AlphV apparently managed to regain control of its leak site, posting a message on Wednesday saying it had reestablished control of its leak site and that it was removing rules around affiliates targeting prohibited targets, including hospitals and nuclear power plants. The announcement marked  the second major takedown of a ransomware group by the DOJ this year, after the January takedown of the Hive ransomware gang.

Israel-linked hacktivists attack Iranian gas payment system

Predatory Sparrow, a hacktivist group linked to Israel, took responsibility for an attack on an Iranian payment system used by gas stations across the country. Iranian state television said that up to 70 percent of gas stations across the country were affected by the attack. Predatory Sparrow said that it had warned emergency services before the attack, and said it purposefully left some gas stations online as part of the attack. The attack wasn’t the first time the gas stations’ payment systems have been targeted. In October 2021 unknown hackers used a vulnerability in the Iranian gas subsidy system to shut down stations across the country, causing long lines for fuel. Some experts said that the attacks were likely a signal from the Israeli government that Iran had gone too far in targeting Israel with cyberattacks.