Cyber Week in Review: January 26, 2024

Fake Joe Biden robocalls circulate in New Hampshire ahead of primary election

The New Hampshire Attorney General is investigating a recorded message which used a deepfake version of President Joe Biden’s voice to urge people not to vote in the January 23 New Hampshire presidential primary. Democrats in the state had been running a write-in campaign for Joe Biden in the primary, who is not listed on the ballot because the New Hampshire primary falls before the first sanctioned Democratic primary in South Carolina on February 3. The message appeared aimed at reducing turnout for that write-in campaign, and ended by reciting the phone number of Kathy Sullivan, a former New Hampshire Democratic Party chair and current director of a pro-Biden super PAC coordinating the write-in campaign. Sullivan said that she had received calls from voters who believed that it was Joe Biden who had called them. It’s not clear how many voters received the calls, or if a particular type of voter was targeted. New Hampshire Secretary of State David Scanlan said the call is evidence of “the effect of artificial intelligence and how it might impact elections and campaigns in negative ways.”

United States launches National Artificial Intelligence Research Resource

The U.S. National Science Foundation (NSF) announced that it is launching a pilot National Intelligence Research Resource (NAIRR) in collaboration with ten federal agencies and twenty five other organizations. The NAIRR will provide U.S.-based researchers with access to advanced computing, datasets, software, training, and user support to power innovative AI research. The NSF said that the initiative was also designed to promote collaboration between academia, AI companies, nonprofits, and government agencies. The pilot program will focus on four areas: allowing access to diverse AI resources, enabling research on ensuring privacy and security in AI, facilitating and investigating the interoperability of AI systems, and reaching out to new communities through education and training. The Biden administration had ordered the NSF to launch the NAIRR pilot within 90 days of the signing of Executive Order 14110, on October 30, 2023.

Microsoft’s internal networks breached by Russian hackers

Microsoft said that its internal networks had been breached in November 2023 by Russian state-sponsored hackers known as The Dukes. Microsoft said that the hackers compromised its networks by using password spraying attacks to compromise an outdated production test account, which they used to gain access to Microsoft’s broader internal networks, including the emails of several members of the senior leadership team. It is unclear if the breach led to any vulnerabilities beyond Microsoft, and the company said none of its products or services were affected. Experts heavily criticized Microsoft following the breach, with most criticism focused on Microsoft’s failure to implement multi-factor authentication for its internal accounts, and the fact that a test account was given extensive permissions on Microsoft’s production network and was not deactivated when testing was finished. Senator Ron Wyden commented on the attack, saying, “This is yet another wholly avoidable hack that was caused by Microsoft’s negligence.”

Pegasus spyware discovered on phones of two Togolese journalists

Reporters Without Borders (RSF) says it found traces of Pegasus spyware on the phones of two Togolese journalists, Loïc Lawson and Anani Sossou, on trial for defamation. Lawson and Sossou were arrested in November and accused of defaming Kodjo Adédzé, the minister of urban planning, housing, and land reform, after they reported that €600,000 in hard currency had been stolen from Adédzé’s home. RSF says that it identified at least twenty three uses of Pegasus spyware against Lawson and Sossou’s phones between February and July 2021, and emphasized that the Togolese government was a client of NSO Group, the maker of Pegasus, during that time. Other Togolese journalists have previously been identified as likely victims of Pegasus; an investigation by Forbidden Stories and Amnesty International found that the phones of Togolese journalists Ferdinand Ayité and Carlos Ketohou were likely infected with Pegasus sometime between 2016 and 2021. Ayité was forced to flee Togo in March 2023 and was sentenced in absentia to three years in prison for “contempt of authority” and “spreading mendacious comments on social media.”

Australia, United Kingdom, and United States sanction Russian hacker for Medibank cyberattack

The Australian, UK, and U.S. governments announced coordinated sanctions against Alexander Ermakov, one of the hackers responsible for a ransomware attack against the Australian health insurance company Medibank in 2022. REvil, a Russian ransomware gang, broke into Medibank’s systems in October 2022 and stole personal information for almost ten million customers. The hackers also stole health claims data, including information on major procedures such as abortions, for almost 500,000 customers, before leaking it in December 2022 when Medibank refused to pay a ransom. Australia announced a whole-of-government response in the aftermath of the attack, and the Australian Signals Directorate was tasked with determining how the breach happened and who was behind the attack. Ermakov is based in Russia and as such is unlikely to be arrested, given the Russian government’s tolerance of ransomware groups, but the sanctions and publication of Ermakov’s personal information will likely curtail his ability to work with other cybercrime groups.