Cyber Week in Review: February 23, 2024

EU Digital Services Act enters into effect  

On February 17, the Digital Services Act (DSA) went into effect. The act requires companies with users in the European Union (EU) to abide by regulations that aim to prevent large internet platforms from prioritizing their own services and create a safer online space for everyone. The DSA rules apply to services with more than forty five million monthly users, dubbed very large online platforms (VLOPs) and very large online search engines (VLOSEs); both VLOSEs and VLOPs will face fines of up to 6 percent of their global turnover if they are found to be out of compliance with the DSA. Companies with less than forty five million active users will be supervised at the Member State level by an independent regulator acting as the national Digital Services Coordinator (DSC). The DSA will have major impacts on VLOPs and VLOSEs operations in the EU, including by banning ads that target underage users based on personal data; empowering users and companies to flag illegal goods and services sold on platforms; requiring platforms to provide a reason to users when their content is removed or their account suspended; and allowing users to opt out of recommendation systems and profiling. The DSA will also have implications for researchers, who will be allowed to request access to data from social media platforms through a member state’s DSC. A subset of the larger DSA rules have been in force since December 2023, and on February 19, the European Commission opened a formal investigation to review whether TikTok violated the new DSA rules that protect minors online with potential algorithmic systems that stimulate behavioral addictions amongst youth users.

Leaked data from Chinese cyberespionage company shows international hacking efforts 

An unknown person leaked a trove of files from a Chinese cybersecurity company, i-SOON, also known as Sichuan Anxun. The documents, which were posted in a GitHub repository, include business pitches, internal chat logs, product descriptions, and passwords and other credentials stolen from victims. The business pitches deal with several different topics, ranging from tools to hack Outlook email accounts and analyze data to i-SOON's attempts to bid on a contract for a surveillance tool to be used against Uyghurs in Xinjiang. The company appeared to have a broad range of foreign targets, attacking companies in Southeast Asia, universities and NATO offices in Europe, and a pro-democracy movement in Hong Kong. The leaked chat logs also show how China’s vulnerability disclosure process, which has changed over the past year to force firms to report vulnerabilities to the government before publicizing them, has been leveraged to enable cyberespionage. In the chats, i-SOON's CEO, Wu Haibo, asked one of his employees if he could acquire exploit code from the Tianfu Cup, a Chinese cybersecurity competition, from the local Ministry of Public Security.   

Google to launch pre-bunking campaign ahead of EU elections  

Google’s Jigsaw unit, which explores threats to open societies, is preparing an advertising campaign across five EU countries: Belgium, France, Germany, Italy, and Poland. The campaign—aimed to make voters resilient to online electoral misinformation—will utilize a “pre-bunking” technique developed with researchers from the Universities of Cambridge and Bristol that will use ads to teach people to spot misinformation and false claims before encountering them. Beth Goldberg, head of research and development at Jigsaw, said, “using ads as a vehicle to counter a disinformation technique is pretty novel.” Jigsaw had previously tested this approach in Indonesia during the recent presidential election and found that a forty five second pre-bunking video could improve voters’ ability to spot manipulative techniques by 2 to 3 percent. Google’s campaign in the EU coincides with the new Digital Services Act implemented on February 19, which requires very large online platforms (VLOPs) and very large online search engines (VLOSEs) to tackle misinformation and illegal content. In addition to the campaign launch, Google said it will limit its A.I. chatbot, Bard, from engaging with specific election-related queries that may spread misinformation. More tech companies are moving to restrict the proliferation of electoral misinformation on their artificial intelligence (AI) platforms. Twenty tech companies signed a pact at the Munich Security Conference highlighting companies’ commitment to managing misleading A.I. election content, but not banning A.I. election content.  

United States, UK, and EU take down LockBit ransomware gang 

The United States, United Kingdom, and Europol announced that they had collaborated to take down the infrastructure of the LockBit ransomware gang, freeze illicit cryptocurrency wallets, release decryption tools for LockBit’s ransomware, and arrest two LockBit affiliates in Poland and Ukraine. The collaborating agencies said they had gained access to a trove of information on LockBit affiliates, including the source code of LockBit’s platform, details of who had attacked given victims, the amount of money extorted from each victim, and what data had been stolen by affiliates, among other information. The Japanese national police used access to LockBit’s source code to create a decryption tool which is available for public download on Europol’s No More Ransom website. LockBit’s creators have operated since at least 2019 and rapidly grew in popularity in June 2021 after it released LockBit 2.0, a retooled and improved version of its original ransomware. LockBit has since named nearly 2,350 victims on its leak site - around one fifth of the total number of victims named on any ransomware leak site between May 2019 and today. The U.S. Justice Department has previously compromised two other ransomware groups in a similar fashion: Hive in January 2023 and AlphV in December 2023. 

Russian disinformation campaign in Africa targets healthcare providers 

The U.S. State Department’s Global Engagement Center (GEC) has exposed Russian attempts to undermine U.S.-funded public health programs and initiatives in Africa. The Kremlin’s African Initiative campaign is a new “information agency” focused on Africa-Russia relations. The Initiative has spread disinformation by distributing news articles containing fake information across social media platforms regarding a mosquito-borne viral disease outbreak, claiming that Africans who were treated for the illness at legitimate U.S. health clinics are subjects of non-consensual biological research programs. The GEC said that Artem Sergeyevich Kureyev, the Chief Editor of the African Initiative, was likely directing the campaign, and that the African Initiative likely contained former employees of Yevgeniy Prigozhin, deceased founder of the now-defunct Wagner Group, who orchestrated a large misinformation operation through his Internet Research Agency. In response to the disinformation campaign, the State Department said it would launch a coordinated counteroffensive against the Kremlin’s disinformation tactics, although it was unclear what exact steps the U.S. government would take. U.S. Envoy James Rubin, the head of the GEC, met with American, British, and Canadian counterparts at the Munich Security Conference to demonstrate a united front against Moscow’s Africa Initiative. The exposure of the Kremlin’s disinformation operation follows the Munich Conference’s annual risk report, which revealed that cyberattacks and disinformation were top-ranked security worries for global leaders. 

Cecilia Marrinan is the intern for the Digital and Cyberspace Policy Program.