Cyber Week in Review: January 13, 2023

U.S. Supreme Court denies NSO Group’s petition 

The U.S. Supreme Court declined to block a lawsuit brought by WhatsApp against NSO Group over the spyware maker's exploitation of a flaw in the instant messaging app’s audio recording code to deliver Pegasus spyware. NSO had argued it was immune from the lawsuit due to sovereign immunity, because it was acting on behalf of a state when it utilized the vulnerability. NSO is facing several other lawsuits; Apple and a group of journalists in El Salvador both filed suits in U.S. courts. In addition to the lawsuits, NSO faces suffocating sanctions imposed by the Biden administration in November 2021, creating internal chaos at the company. 

President Biden calls for more technology regulation 

U.S. President Joe Biden published in the Wall Street Journal an opinion piece on Wednesday calling for bipartisan regulation of the Big Tech 11. The article calls for “clear limits” on what data companies are allowed to collect and store, especially internet history, location, and biometric data. Biden also stressed the need for the United States to “bring competition back to the tech sector” by curtailing the power of large technology companies to stifle growing rivals. Finally, Biden called for major reform of Section 230 of the Communications Decency Act, which limits the legal exposure of companies for speech on their platforms. Though it is hard to imagine Republicans and Democrats supporting Biden’s call in the current political environment, some critics worry that unified congressional action on these issues will lead to the United States becoming more like Europe, shackling the technology sector with regulation and stymying innovation.  

Russian cyberespionage group targets U.S. nuclear research labs 

Researchers detected the Russian state-sponsored threat actor Cold River, also known as Callisto, had targeted three U.S. nuclear research labs, as part of phishing campaign. The campaign used fake login screens to trick scientists at the Argonne, Brookhaven, and Lawrence Livermore national labs into turning over their usernames and passwords. It is unclear if the hackers succeeded in breaking into any networks. Cold River was known for attacking foreign policy and intelligence organizations in the United States and Western Europe, but has shifted its targeting since the start of the Russian invasion of Ukraine and has extensively targeted organizations and individuals tied to the war effort in Ukraine.   

Aviation control outage sparked by computer failure  

The Federal Aviation Administration (FAA) grounded flights for ninety minutes earlier this week after critical software used to run its Notice to Air Missions (NOTAM) system failed. NOTAM is used to provide pilots with information on changing conditions while they are flying. The FAA said the failure was likely human error, as a contractor failed to follow procedure when updating the NOTAM system. There was some speculation that the outage was caused by a cyberattack, but officials quickly said that they did not believe a malicious attack was responsible. Federal officials have warned of the consequences of aging federal technology infrastructure in the past, and this outage may be another consequence of legacy infrastructure, as the software the NOTAM system runs on is nearly thirty years old.  

Jack Ma relinquishes control of Ant Group 

The embattled Chinese entrepreneur Jack Ma ceded control of Ant Group, the fintech and digital payment arm of the Alibaba conglomerate he founded. Public interest in Ma’s whereabouts has been palpable since Chinese authorities launched a campaign to intensify regulatory pressure on technology giants, and notably sabotaged Ant Group’s initial public offering (IPO) bid in 2020. As of now, the company says it has no plans to pursue an IPO, and is instead focusing its efforts on business optimization. Meanwhile, Beijing’s hostility toward big technology companies appears to have shifted as of late. Regulators recently approved a $1.5 billion capital plan for Ant’s consumer lending affiliate, while a top Communist Party official declared the crackdown to be “basically over.” An investigation conducted this week by the Hangzhou Municipal Party Committee concluded that Ant Group should “keep on the right direction, increase innovation, and continue to enhance the core competitiveness of the enterprise.”