Cyber Week in Review: October 16, 2020

Microsoft Attempts to Seize Russian Botnet Servers

On Monday, a United States District Court in Virginia issued a court order allowing Microsoft to seize servers used by Trickbot, a Russian botnet spreading ransomware that recently made headlines for crippling Universal Health Services. Although the court order was granted on the grounds of trademark infringement, Microsoft was driven by concerns that Trickbot ransomware could potentially threaten computers used to report on election results or maintain voter registration records, shaking voter confidence. Speaking on the threat of ransomware to the upcoming election, Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said, “I firmly believe that we’re on the verge of a global emergency.” Microsoft claims to have temporarily subdued Trickbot, yet threat intelligence companies and researchers have noted that around a dozen servers in the botnet still remain active. Microsoft hopes that the criminals behind Trickbot will not have sufficient time to rebuild it before the election.

U.S. Cyber Command has also attacked Trickbot’s network in recent weeks, according to four anonymous U.S. officials. Krebs on Security reported that, in addition to spoiling Trickbot’s victim database with millions of fake records, U.S. Cyber Command pushed multiple updates to infected computers in hopes of disconnecting them from Trickbot’s network. U.S. Cyber Command’s efforts are the latest attempts to disrupt foreign cyber threats ahead of the upcoming election.

Pakistan Bans TikTok

Last Friday, the Pakistan Telecommunications Agency (PTA) banned TikTok, citing ByteDance’s failure to address repeated complaints of immoral and indecent content. Critics argue that the ban also served to limit free expression in Pakistan, as TikTok has become a major platform for young and impoverished communities to criticize the Pakistani government and address economic hardship exacerbated by COVID-19. Amnesty International South Asia tweeted that the ban was occurring against a “backdrop where voices are muted on television, columns vanish from newspapers, websites are blocked and television ads banned.” ByteDance investors are increasingly concerned about TikTok’s future, as the app has now faced bans in five countries.

Norway Accuses Russia of Compromising Parliament Email Systems

On Tuesday, Norway publicly attributed an August cyberattack targeting the Norwegian parliament’s email system to Russia. The operation compromised numerous email accounts of politicians and parliament employees. Following the attribution, the Russian Embassy immediately denied responsibility and suggested that by circumventing “official channels for their investigation,” Norway had further jeopardized bilateral relations. In February, the Norwegian Intelligence Service cautioned that Russia would attempt to undermine citizens’ confidence in their government and election process through influence campaigns, referencing election interference in the United States: “Russia shows increased willingness and ability to use a wide range of instruments to achieve its political goals,” said the report. This isn’t the first time that Russia has been implicated in targeting a European parliament: earlier this year German prosecutors charged a Russian hacker with orchestrating a cyberattack on the German Bundestag in 2015 that compromised multiple politicians’ emails.

States Call for GGE and OEWG Replacement

Last Thursday, numerous countries including Singapore, South Korea, and the EU bloc called for [PDF] the competing UN Group of Governmental Experts (GGE) and Open-Ended Working Group (OEWG) to be replaced with a “long-term, inclusive, progress-oriented format,” such as a permanent Program of Action (PoA) for UN cybersecurity deliberations. The PoA would serve as a unified forum for UN member states to discuss a “secure, stable, accessible and peaceful cyberspace.” The proposal also argues that it would help countries implement norms from previous GGE reports that have already been agreed to. Although the PoA would likely resemble the GGE and OEWG in both form and function, the creation of a unified and distinct forum signals an effort to consolidate UN deliberations on global cybersecurity and end the ongoing rivalry between the U.S.-sponsored GGE and Russia-sponsored OEWG. Nonetheless, it is unclear whether the proposed PoA will achieve consensus to be included in the OEWG’s final report. The OEWG’s final substantive meeting has been delayed [PDF] to March 2021.

Twitter and Facebook Try to Limit Spread of New York Post Article About Hunter Biden

On Wednesday and Thursday, the New York Post published a series of highly controversial and unconfirmed reports alleging that Hunter Biden received payment from a Ukrainian businessman in exchange for access to former Vice President Joe Biden and accepted up to $30 million from a Chinese firm “for introductions alone.” Citing hacked materials, privacy violations, and potential misinformation, Twitter and Facebook attempted to slow the spread of the article, which mirrored elements of Russian influence campaigns in 2016. Twitter also suspended accounts, including the official account of President Trump's reelection campaign and White House Press Secretary Kayleigh McEnaney, for sharing content related to the New York Post reports. Republicans were quick to condemn Facebook and Twitter, accusing the social media companies of “censorship” and abuse of power. In a letter to Twitter, Senator Ted Cruz (R-TX) said, “This can only be seen as an obvious and transparent attempt by Twitter to influence the upcoming presidential election.”

On Thursday afternoon, Federal Communication Commission Chairman Ajit Pai announced that he will “move forward with rulemaking to clarify” Section 230 of the Communications Decency Act. Pai argued that the current interpretation of Section 230 had become “overly broad,” allowing tech companies like Facebook and Twitter to moderate content at their discretion—an opinion promoted by President Trump, who called for Section 230 to be repealed after platforms took steps to curb the spread of the New York Post’s stories this week.