Cyber Week in Review: September 22, 2023

UK Parliament passes Online Safety Bill

The UK Parliament passed the Online Safety Bill on Tuesday, which will require large social media platforms to enforce more stringent content moderation standards. The bill will prohibit content that promotes suicide, self-harm, or eating disorders, and will require companies to verify the age of their users, among other standards. Privacy and security advocates have attacked parts of the bill, most notably a provision that would force companies to break end to end encryption to scan for child sexual abuse material (CSAM). Messaging platforms WhatsApp and Signal have threatened to pull out of the country if the provision is enforced, and the UK government has said that it does not have the technology needed to securely break encryption, although it may still enforce the provision.

Countries and companies announce AI funding commitments

Following a meeting on the side of the UN General Assembly in New York, several countries and companies announced they were allocating new funding for artificial intelligence (AI) initiatives. The U.S. Department of State announced that it was committing almost $15 million to developing AI governance mechanisms, while Spain announced it was directing more money to a venture capital fund devoted to using AI to combat climate change and the United Kingdom announced a new fund that aims to use artificial intelligence to predict conflicts and crises globally respectively. The partner companies announced funding to train students on machine learning and to use AI to address climate change.

Irish Data Protection Commission fines TikTok $370 million

The Irish Data Protection Commission (DPC) fined ByteDance, the parent company of TikTok, almost $370 million earlier this week for its failure to properly process children’s personal data. Among other findings, the DPC cited default public settings for accounts of users aged thirteen to seventeen, which allowed anyone to view and interact with their content, as well as inadequate risk assessment for the potential that users younger than thirteen could access the service. The DPC also ordered TikTok to change popups sent to teenage users encouraging them to change their account privacy settings to public. The violations took place between July 31, 2020 and December 31, 2020. The $370 million fine is the fourth-largest the DPC has ever levied, behind three separate fines against Meta.

Ransomware attack hits Colombian government

Multiple government ministries in Colombia were impacted by ransomware earlier this week, including the Ministry of Health and Social Protection, the Judiciary Branch, and the Superintendency of Industry and Commerce. The attack appeared to stem from a breach of the technology provider IFX Networks’ systems, and may have affected other countries in Latin America, although on a smaller scale. The attack was severe enough that the Colombian judiciary partially suspended operations until its systems were brought back online. Colombia’s Minister of Information and Telecommunications Mauricio Lizcano said that IFX Networks may face a civil lawsuit or even criminal action in the wake of the attack.

International Criminal Court says it was hacked

The International Criminal Court (ICC) said on Tuesday that it had suffered what it called “a cybersecurity incident.” The ICC appears to have significantly curtailed operations in the wake of the attack, shutting off staff access to email and restricting access to document sharing systems. It is unclear if these effects are part of the ICC’s incident response or a consequence of the attacker’s actions. The ICC is currently conducting seventeen investigations into potential crimes against humanity or war crimes, including Russia’s invasion of Ukraine, genocide in Darfur, Sudan, and Israel’s actions in Palestine. The ICC has been a major espionage target in the past, with a deep-cover Russian agent arrested in 2022 after trying to infiltrate the court.