Cyber Week in Review: April 30, 2021
from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: April 30, 2021

India orders suppression of critical social media posts amid COVID-19 outbreak; Senate Intelligence Committee crafting cyber breach notification law; Japanese government to impose stricter rules on external research funding; Warrantless FBI surveillance power granted by federal court despite violations; and Hackers obtain and publish personnel files on DC police.
Senate Intelligence Committee Chairman Senator Mark Warner, D-VA, speaks during a Senate Select Committee on Intelligence hearing.
Senate Intelligence Committee Chairman Senator Mark Warner, D-VA, speaks during a Senate Select Committee on Intelligence hearing. Graeme Jennings/Pool via REUTERS

India Orders Suppression of Critical Social Media Posts Amid COVID-19 Outbreak

As a devastating second wave of COVID-19 spreads through India, the Narendra Modi government announced on Sunday that it had ordered Instagram, Facebook, and Twitter to remove roughly 100 social media posts critical of its response to the pandemic. All three platforms have complied with the order. Among the posts removed include calls for Prime Minister Modi to resign as well as criticism from opposition politicians. For example, one from Member of Parliament Revanth Reddy referred to the outbreak as a “disaster,” mentioning “Shortage of vaccines, shortage of medicines, increasing number of deaths.” As the pandemic in India worsens, the United States and the European Union have said that they will provide aid to India’s healthcare workers.

Senate Intelligence Committee Crafting Cyber Breach Notification Law

On Tuesday, U.S. Senate Select Committee on Intelligence Chairman Mark Warner (D-VA) revealed that the committee was drafting a bill that would mandate reporting for private companies that are victims of large-scale cyber breaches. The move follows the massive SolarWinds breach by alleged Russian hackers that compromised nine federal agencies and was only publicly revealed after cybersecurity firm FireEye published a blog post about it. Senator Warner emphasized the need to identify breaches mid-incident, stating that although fully preventing breaches like the one that affected SolarWinds is not plausible, there should be “an early warning system that can alert across industry sectors, private sector, and public sector” when such breaches occur. Although there is not a clear timeline for the when the potential legislation could be introduced, Warner believes that it will have “broad” industry and bipartisan support.

Japanese Government to Impose Stricter Rules on External Research Funding

More on:

Cybersecurity

India

COVID-19

Japan

On Tuesday, the Japanese government announced that it will impose stricter disclosure rules for universities seeking external funding for research into artificial intelligence, quantum computing, and other emerging technologies. Under the new rules, universities will soon be required to report any financial contributions from foreign sources and will be penalized if they are found to have disclosed false reports. These steps are being taken to safeguard joint research initiatives with the United States, reports Nikkei Asia, and to prevent information from leaking to China and other foreign rivals. “We must dispel concerns of illicit demands from and technological leaks to overseas actors in order to ensure Japan’s economic security,” said Shinji Inoue, Japan’s state minister for science and technology policy. Guidelines for Japan’s new restrictions are expected to be implemented later this year.

Warrantless FBI Surveillance Power Granted by Federal Court Despite Violations

A ruling declassified [PDF] by the Office of the Director of National Intelligence on Monday revealed that the FBI received approval from the Foreign Intelligence Surveillance Court (FISC) in November 2020 to continue warrantless surveillance permitted under section 702 of the Foreign Intelligence Surveillance Act (FISA). Nonetheless, the court recognized that the bureau had repeatedly used information obtained through Section 702 for U.S.-person queries and domestic law enforcement, violating the provision that Section 702 can only be used to surveil non-U.S. persons located outside of the United States for foreign intelligence purposes. As the Washington Post notes, this marks at least the third time the FBI has been shown to have violated FISA. “We’ve seen this movie before,” Julian Sanchez, senior fellow at the Cato Institute, said. “The court wags its finger at systemic noncompliance but ultimately decides to give the FBI yet another chance.”

Hackers Obtain and Publish Personnel Files on DC Police

Hackers breached the internal servers of the Washington Metropolitan Police Department (MPD) earlier this month and subsequently published the personnel files of five current and former officers in an extortion attempt. In a statement to CNN on Monday, the MPD said that they “are aware of unauthorized access on our server” and “have engaged the FBI to fully investigate this matter.” The confidential files are roughly 100 pages each and are labeled “Background Investigation Documents.” They include personal information such as arrest history, financial records, and polygraph test results. Babuk, the ransomware group behind the breach, claim that they stole more than 250 gigabytes worth of data and published the information in response to an unpaid ransom. Although Babuk had previously threatened additional attacks, the group announced on Thursday that the “Babuk project will be closed” and that they will publicly release the source code for their malware. According to Brett Callow, a threat analyst at Emsisoft, the increased attention surrounding the operation likely triggered the group’s decision to retire.

In response to the rise in ransomware attacks in recent years, the Institute for Security and Technology’s Ransomware Task Force released forty-eight recommendations on Thursday for the public and private sectors to address ransomware. Among them include calling for stronger cyber defenses, ransomware response plans, stronger international law enforcement collaboration, and cryptocurrency regulation. Emphasizing the threat posed by ransomware, former Justice Department and White House cybersecurity official Chris Painter, who served on the task force, said, “We need to start treating these issues as core national security and economic security issues, and not as little boutique issues… I’m hopeful that we’re getting there, but it's always been an uphill battle for us in the cyberrealm trying to get people’s attention for these really big issues.”

More on:

Cybersecurity

India

COVID-19

Japan

Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail