Cyber Week in Review: August 26, 2022

Facebook and Twitter take down pro-Western influence campaign 

Facebook, Instagram, WhatsApp, Twitter, and Telegram disrupted a pro-Western influence campaign focused on promoting U.S. interests abroad, according to a report from Graphika and the Stanford Internet Observatory. The accounts used in the influence operation targeted the Middle East and Central Asia, frequently criticized Russia over the war in Ukraine, and often shared content from U.S. government-affiliated news outlets such as Voice of America and Radio Free Europe. Some of the accounts appear to be part of the Trans-Regional Web Initiative, a propaganda operation run by U.S. Special Operations Command active for over a decade. The campaign is the first publicly known, U.S.-run influence operation on social media. The campaign does not appear to have been very effective, as most posts received only a handful of likes or retweets, and only 19 percent of accounts had more than one thousand followers. 

Ransomware gang attacks UK water organization 

The ransomware gang Cl0p said it had infected a major water treatment company, South Staffordshire Water, in the United Kingdom. Cl0p first infected the systems of South Staffordshire on August 15, although there was some initial confusion as the gang believed it had compromised the systems of a larger utility, Thames Water, which serves most of southeast England. Cl0p did not deploy ransomware on the network, citing ethical concerns, but instead stole data and threatened further consequences unless a ransom is paid. The hackers may have gained access to the industrial control systems of South Staffordshire. Attacks on water systems have become increasingly common in recent years, and in some cases these attacks could have caused active harm to civilians. 

Lloyd’s of London Excludes State-Sponsored Cyberattacks from Insurance 

Lloyd’s of London, a major insurance market in England, announced that it will not allow insurers to cover catastrophic cyberattacks perpetrated by nation-states as of March 31, 2023. Lloyd’s currently defines a catastrophic cyberattack as an attack that will “significantly impair the ability of a state to function or... that significantly impairs the security capabilities of a state.” While some have praised the move to greater clarity on what will not be covered, others have noted that that Lloyd’s standard of catastrophic is vague and that cyberattacks are often difficult to attribute to a specific nation-state conclusively. In recent years, insurance companies have grappled with how to address major cyberattacks, and, in December 2021, Lloyd’s announced the exclusion of nation-state-led attacks from policies held in a small subset of countries, China, France, Japan, Russia, the United Kingdom and the United States, although it appears this exclusion has not been tested yet. 

Former Twitter head of security turns whistleblower 

Twitter’s former head of security Pieter Zatko, also known as Mudge, filed a whistleblower complaint against the company earlier this week. Zatko made a series of claims about the state of Twitter’s security, including that Twitter unknowingly employs agents of foreign nations, deleted data may still be accessible, and that the loss of a few key data centers could permanently take down the entire site. Zatko also alleged that Twitter’s security practices violated an agreement with the Federal Trade Commission that prohibited Twitter from misleading user about its security or privacy practices. Zatko, who developed L0phtCrack in 1997, a password-recovery tool still in use in an updated form today, is well-respected in the cybersecurity community for his work over the past three decades. Zatko’s disclosures will likely affect the court case between Twitter and Elon Musk over whether the tech entrepreneur can back out of his bid to buy the company without significant penalty, although experts are divided as to whether Zatko’s disclosures will help or hurt Twitter. 

Baidu unveils first quantum computer 

Chinese internet company Baidu announced it had built its first quantum computer on Thursday this week. The computer, dubbed Qianshi, has a ten qubit processor, significantly behind Google’s Sycamore at fifty four qubits, and Zuchongzi from the University of Science and Technology of China at sixty six qubits. Baidu said that it had also developed a thirty six qubit processor, although it appears that processor has not been used yet. Quantum computing has been a major research focus for China, the United States, and European Union in recent years, as each country has poured billions of dollars into research on quantum computing. The Biden administration recently announced a series of initiatives aimed at growing quantum research in the United States.