Cyber Week in Review: November 1, 2019
Russia Targets African Countries on Facebook with New Disinformation Tactics
Facebook has said that it removed three Russian-backed influence networks on its site that were aimed at African countries, including Mozambique, Cameroon, Sudan, and Libya. According to Facebook, Russia has been testing new disinformation tactics ahead of the 2020 U.S. presidential election, techniques that exceed what the Russians deployed in the 2016 election. In a departure from previous Russian influence operations, the networks spread Arabic-language posts and worked with locals in African countries to set up accounts, making it more difficult for Facebook to flag them as inauthentic. The posts promoted Russian policies, criticized French and American policies in Africa, and spread articles from the state-owned Sputnik news organization.
Cryptocurrencies and Blockchain Technology
WhatsApp Sues NSO Group after 1,400 Users Compromised with Spyware
On October 29, WhatsApp sued Israeli surveillance firm NSO Group, accusing it of helping governments break into the phones of roughly 1,400 users across four continents. The accusations entail a hacking spree whose targets included diplomats, political dissidents, journalists and senior government officials. According to WhatsApp, which is used by 1.5 billion people monthly, the attack exploited its video calling system in order to infect users’ phones with spyware. Despite denying the allegations, NSO acknowledges that its technology allows governments to circumvent the encryption that protects users’ data. Moreover, NSO’s software has been implicated in human rights controversies across Latin America and the Middle East, as well as allegedly in the death of Washington Post journalist Jamal Khashoggi in 2018.
China Throws Support behind Blockchain with Digital Yuan on the Horizon
After Chinese President Xi Jinping endorsed blockchain research, calling it an “important breakthrough,” bitcoin shares experienced their largest single-day surge since going public in 2014. President Xi’s stance on blockchain is a remarkable shift from previous policies that have been tough on cryptocurrencies, including China’s 2017 ban on cryptocurrency exchanges, mining, and initial coin offerings, all efforts to tighten controls on risky investments. Moreover, China’s central bank has said that it expects to launch a digital version of the yuan later this year or early in 2020, which will make it the first major global currency to become digitized. Following Xi’s endorsement, articles calling blockchain technology a “scam” were banned in China.
Georgia Hit with Largest Cyberattack since 2008 Russia Breach
Cryptocurrencies and Blockchain Technology
On October 29, a cyberattack struck 2,000 websites in Georgia, including those of the president, courts, several mayors’ offices, and three television channels. Many of the targeted pages were defaced with a photo of the former president Mikheil Saakashvili and the words, “I’ll be back.” Saakashvili fled Georgia in 2013 after being accused of corruption and is wanted on criminal charges. This is not the first time that Georgia has been the target of a coordinated cyber operation—in 2008, Russia laid the groundwork for its invasion of Georgia with a similar wave of cyberattacks. The attacks were not particulary sophisticated, Georgia’s overall level of cybersecurity is low, and the country is reliant on Russian technologies, but the scale of the cyber operations strongly suggests state-sponsorship. Critical national infrastructure did not appear to have been compromised.
India Confirms Cyberattack on Nuclear Power Plant by North Korean Threat Group
The Indian government has confirmed that its newest and largest nuclear facility, the Kudankulam nuclear power plant, was hacked using DTrack, the data extraction malware linked to the North Korean-backed Lazarus Group. India is no stranger to DTrack; in 2016, it was used to steal the financial data of millions of its citizens. Admission of the attack comes a day after the plant issued a denial, dismissing reports as disinformation propagated on social media. While India denies that the malware affected networks involved with the operation of the plant, cybersecurity experts say that sensitive information was compromised. Security officials have known about the hack since September, but news of the hack only surfaced when VirusTotal, a virus scanner site owned by Alphabet, flagged a data dump related to the malware. Critics have pointed to the attack as evidence that even as Prime Minister Narendra Modi pushes his “Digital India” initiative, India has lagged in its cybersecurity capabilities.