Cyber Week in Review: April 23, 2021

Russia Responds to U.S. Sanctions, Expels Ten Diplomats and Eight Officials

Last Friday, the Russian government announced that it would expel ten U.S. diplomats and blacklist eight former and incumbent U.S. officials that were “involved in drafting and implementing anti-Russia policy.” The expulsions come after the Biden administration attributed the SolarWinds breach to Russia and implemented economic sanctions. According to the Russian Foreign Ministry, the list of banned U.S. officials includes FBI Director Christopher A. Wray, Attorney General Merrick Garland, and former CIA Director Robert J. Woolsey. The ministry’s statement emphasized a willingness to “avoid further escalation with the United States” and said that the Kremlin is “ready to engage in calm and professional dialogue with the United States in order to find ways of normalizing bilateral ties.” However, the Russian government also stated that “not a single round of sanctions will go unanswered” and that the current expulsions are a mere fraction of the measures at their disposal. Regarding President Biden’s proposed U.S.-Russia summit, the ministry said that the offer was “received positively and is now being considered.”

UK Government Launches Campaign Against Foreign Spies

The UK government has launched a security campaign this week meant to educate domestic audiences on strategies used by foreign spies to steal sensitive or classified information. The campaign, titled “think before you link,” is a response to an increasing number of British nationals being targeted by malicious state actors masquerading as online recruiters. Using enticing job opportunities to lure in unsuspecting targets, these operations encourage victims to meet in person where they can be blackmailed or bribed for sensitive information. In the past five years, more than 10,000 British nationals, including government employees, think tank experts, and academics, have fallen victim to these espionage attempts. The new campaign is meant to combat these foreign actors by giving “practical advice on how to identify a malicious online profile, how to respond if approached, and how to minimize the risk of being targeted in the first place.” According to Ken McCallum, director general of British intelligence agency M15, the campaign harnesses insight from domestic intelligence, behavioral science experts, and intelligence sharing with other members of the Five Eyes. 

U.S. Lawmakers Introduce Ambitious Anti-Surveillance Technology Bill

Senators Ron Wyden (D-OR) and Rand Paul (R-KY) introduced legislation on Wednesday that would bar government and local law enforcement agencies from purchasing the location data of U.S. citizens without a warrant. The “Fourth Amendment Is Not for Sale Act” [PDF] would also criminalize the police use of “illegitimately obtained” data from technology brokers such as Clearview AI, a biometrics firm that has scraped and sold billions of photos from social media and other websites. “Doing business online doesn’t amount to giving the government permission to track your every movement or rifle through the most personal details of your life,” Senator Wyden said in a statement. In response to the bill, Clearview AI chief executive Hoan Ton-That said that his team will “carefully review” the proposed legislation, adding that the company hopes to remain a “resource” for police agencies. Although the bipartisan bill has been met with support from privacy advocates and civil liberties groups, some analysts, such as digital governance expert Susan Ariel Aaronson, believe more in terms of corporate regulation needs to be done.

Facebook Targets Two Separate Palestinian Hacker Groups

On Wednesday, Facebook announced that it had broken up two separate Palestinian hacker groups—one with alleged ties to the Palestinian Preventive Security Service (PSS), the intelligence service of the Palestinian Authority, and the other, known as Arid Viper, with reported links to the Hamas militant group. According to Facebook, the PSS-backed hackers are believed to be based in the West Bank and target entities primarily in Palestine and Syria, with a lesser focus on Turkey, Iraq, Lebanon, and Libya. Their targets include journalists, critics of the Palestinian government, human rights activists, and military groups such as the Syrian opposition and Iraqi military. On the other hand, the slightly more sophisticated Arid Viper campaign has targeted government officials, student groups, security forces, and members of the Fatah political party. In order to disrupt both networks, Facebook disclosed that they “took down their accounts, released malware hashes, blocked domains associated with their activity and alerted people who we believe were targeted by these groups to help them secure their accounts.” These recent actions by Facebook reflect the growing pressure on social media sites to combat hackers and influence campaigns.

The European Union Proposes New Limits on Artificial Intelligence

The European Commission, the executive branch of the European Union, proposed on Wednesday its first legal framework for the governance of artificial intelligence and facial recognition technologies. In the 108-page document, the commission lays out strict limits on the corporate and government use of AI systems—including in policing and criminal justice, autonomous vehicles, college admissions, bank lending, and employment vetting. It would also outright ban social credit systems and other controversial uses of AI technology. The use of biometric screening in public spaces would also be prohibited, but exemptions via court approval would exist to aid in certain situations, like finding missing children. Moreover, the use of “high-risk” AI systems would be subject to new supervision and risk assessment standards, along with a fine of around 6 percent of global revenue for companies that violate the new provisions. If passed, the framework would be one of the broadest ever proposed to regulate AI, according to the Wall Street Journal. “On artificial intelligence, trust is a must, not a nice-to-have,” said European Commission Executive Vice President Margrethe Vestager. “With these landmark rules, the EU is spearheading the development of new global norms to make sure AI can be trusted.”