Cyber Week in Review: October 13, 2023

Social media swarmed with bad information following Israel-Hamas conflict

Social media has been flooded with mis- and disinformation in the aftermath of Hamas terror attacks on Israel last weekend and Israel’s declaration of war against Hamas. Numerous examples of fake content spread across online platforms. A 2021 video of an Israeli airstrike on a building was circulated by numerous accounts that claimed an airstrike had just taken place. A compilation of clips purporting to show the capture of Israeli generals, when fact checked, was proven instead to show former leaders of the disputed Nagorno-Karabakh region in Azerbaijan. European Commissioner for the Internal Market Thierry Breton sent letters to Meta, TikTok, and X (formerly Twitter), ordering the companies to clarify and improve their content moderation efforts, or face fines under the EU Digital Services Act. Meanwhile, researchers and academics raised particular concerns about how significantly X has degraded as a source for credible information, and how Elon Musk’s decision to remove access to automated functions that were critical to researchers has impacted analysis of the broader information dynamics surrounding the conflict. 

Google mitigated largest DDoS attack ever

Google announced that in August it mitigated the largest distributed denial of service (DDoS) attack ever recorded. The attack peaked at 398 million requests per second, almost seven times higher than the second largest attack ever. The attackers made use of a vulnerability, dubbed Rapid Reset or CVE-2023-44487, in the HTTP/2 protocol which allows far higher request rates in attacks than other techniques. Cloudflare and Amazon Web Services both said the vulnerability was used in DDoS attacks against them as well, although the attacks peaked at a lower rate than the one detected by Google. The perpetrators and ultimate targets of the attacks are not yet clear.

Chinese programmer fined $140,000 for using virtual private network

A programmer in the city of Chengde in northern China with the surname Ma had over 1.058 million Chinese yuan ($120,651) confiscated by the police after it was found that Ma was using a virtual private network (VPN) to work for a company in Turkey. VPNs are the main method of circumventing the Chinese government’s strict internet censorship regime, commonly dubbed the Great Firewall, and using one is illegal in the country without the government’s permission. The fine may be the most severe financial penalty issued for using a VPN in China. The fine proved controversial on Chinese social media, where some users criticized the reliance of Chengde’s police force on large fines to make up for budget shortfalls.

Vietnam reportedly tried to deploy Predator spyware against EU, U.S., and Asian politicians

Amnesty International published a report claiming that actors within the Vietnamese government attempted to deploy Predator zero-click spyware against politicians in the European Union, United States, and Asia. The attackers tried to compromise victim devices by posting malicious links as a reply to X threads posted by the targets. The politicians targeted include, President of the European Parliament Roberta Metsola, the President of Taiwan Tsai Ing-Wen, U.S. Congressman Michael McCaul, U.S. Senator John Hoeven, and the German Ambassador to the United States Emily Haber, among others. The attempts came as the United States and Vietnam were negotiating a strategic partnership. The attackers tried to compromise victim devices by posting malicious links as a reply to X threads posted by the targets. Citizen Lab published a concurring report independently confirming Amnesty International’s findings.

Internet Governance Forum meets in Japan 

The annual UN Internet Governance Forum ran from October 8 to 12 in Kyoto, Japan. The conference focused on a variety of issues, including the impact of AI and emerging technologies, cybercrime, and data governance and trust, among other issues. The IGF put forward several aims ahead of the meeting, including fostering a multistakeholder model of artificial intelligence governance and contributing to the UN’s Global Digital Compact, although some experts have said these goals are at odds with each other. Opening statements from stakeholders repeatedly cited the value of a multistakeholder approach for internet governance, with the U.S. government expressing unequivocal support for that model. At the conclusion of the IGF, it was announced that the 2024 conference would be held in Riyadh, Saudi Arabia. Several organizations published an open letter criticizing the choice of Riyadh as host city, citing Saudi Arabia’s ongoing human rights abuses, safety concerns which could affect civil society group’s ability to attend the meeting, and Saudi Arabia’s tight control of the internet in the country, which Freedom House assesses is among the most restrictive in the world.