Ivo's Cyber Weekly: 26th of August 2024

Telegram Founder Arrested in France

The 39-year-old entrepreneur was detained on the tarmac after his private jet landed from Azerbaijan. French authorities issued an arrest warrant on charges of complicity in drug trafficking, crimes against children, and fraud, citing Telegram's alleged lack of moderation and failure to cooperate with law enforcement. An anonymous investigator suggested that Durov would likely be placed in pre-trial detention. Despite being naturalized as a French citizen in August 2021, Durov reportedly knew he was persona non grata in France and had been avoiding countries where Telegram was under surveillance.

Cybersecurity Challenges Hinder Africa's Economic Growth

Africa's economies are experiencing rapid GDP growth, but the continent's cybersecurity deficit is causing significant pain.

Key challenges include:

• Lack of cybersecurity policies and regulations: Many African nations have not implemented adequate legal frameworks and strategies to combat cybercrime.
• Insufficient cybersecurity awareness and skills: There is a need for more cybersecurity education and training programs across Africa.
• Limited data on the impact of cybercrime: The economic costs of cybercrime in Africa are not well quantified due to underreporting and lack of research.

US Government Sues Georgia Tech for Alleged Cybersecurity Failures

The United States government has filed a lawsuit against the Georgia Institute of Technology (Georgia Tech) and its contracting entity, Georgia Tech Research Corporation (GTRC), over alleged failures to meet the Department of Defense's (DoD) cybersecurity standards for contractors. The allegations, dating back to 2019, were brought forward by whistleblowers Christopher Craig and Kyle Koza.

Main Allegations

• Failure to implement a compliant cybersecurity plan: Georgia Tech's Astrolavos Lab, which focuses on cybersecurity issues affecting national security, allegedly - failed to develop and implement a cybersecurity plan that complied with DoD standards (NIST 800-171) between May 2019 and February 2020.
• Inadequate anti-malware solutions: The Astrolavos Lab is accused of failing to implement anti-malware solutions across devices and its network between May 2019 and December 2021, violating federal requirements and Georgia Tech's own policies.
• False cybersecurity assessment score: In December 2020, Georgia Tech and GTRC allegedly submitted a false cybersecurity assessment score of 98, which was later deemed fraudulent.

The lawsuit alleges that Georgia Tech's actions put national security and defense personnel at risk. If found liable, the university could face significant penalties for non-compliance with DoD cybersecurity standards.

American Radio Relay League Pays $1 Million Ransom After Ransomware Attack

The American Radio Relay League (ARRL), the National Association for Amateur Radio, has confirmed paying a $1 million ransom to restore systems encrypted in a ransomware attack that occurred in May 2024. The attack, carried out by the Embargo ransomware gang, resulted in the encryption of ARRL's computer systems on May 14.

Key Details of the Ransomware Attack and Ransom Payment

• ARRL took impacted systems offline to contain the breach after discovering the incident.
• In July, ARRL filed a data breach notification with the Office of Maine's Attorney General, stating that the breach affected 150 employees.
• ARRL paid the $1 million ransom to obtain a decryption tool to restore the affected systems, not to prevent stolen data from being leaked.
• The ransom payment and restoration costs were largely covered by ARRL's insurance policy.
• Most systems have been restored, but it may take up to two months to bring back all affected servers under new infrastructure guidelines and standards.

Former Verizon Employee Pleads Guilty to Aiding Chinese Spy Agency

Ping Li, a former Verizon employee, has pleaded guilty to conspiring to serve as an agent of the People's Republic of China. Li, who worked for Verizon for more than 20 years, exploited his position to provide information to the Chinese Ministry of State Security (MSS).

Information Provided to the MSS

• Li supplied the MSS with various types of information, including:
• Details on Chinese dissidents, pro-democracy advocates, and members of the Falun Gong religious movement
• Information about U.S.-based nonprofit organizations
• Materials related to cybersecurity training
• Information concerning hacking events targeting United States companies, including a widely publicized hacking of a major U.S. company by the Chinese government

Charges and Potential Sentence

Initially, Li was charged with both acting as an unregistered agent of a foreign government and conspiring to do so, which could have resulted in up to 15 years in prison. However, the charges were reduced to a single count of conspiring to serve as an agent of China, carrying a potential sentence of up to five years in prison.

According to Li's attorney, Daniel Fernandez, the reduction in charges indicates that the violation was not considered egregious. Fernandez also stated that Li made a mistake by providing information to an individual he knew was an agent of the Chinese government, someone he grew up with in China.

Russian National Arrested in Argentina for Laundering Funds from Lazarus APT and Other Criminals

The Argentine Federal Police (PFA) has arrested a 29-year-old Russian national for laundering millions of dollars in illicit cryptocurrency from various criminal groups, including the North Korea-linked Lazarus APT, child sexual abuse material vendors, and terrorist financiers. The man operated a financial institution from his apartment in Buenos Aires, exchanging tainted cryptocurrency for "clean" cryptocurrency and fiat currency.

Key Details of the Arrest and Seizure

• The PFA seized over $120,000 worth of cryptocurrency during the arrest and another $15,000,000 from other properties controlled by the suspect.
• The man frequently received visitors at his apartment, carrying briefcases, bags, and backpacks for illegal foreign currency exchanges and cryptocurrency wallet transfers.

Connection to the Harmony Bridge Hack by Lazarus Group

• The investigation began in November when authorities discovered that part of the $100 million stolen by the Lazarus APT in the Harmony Bridge hack had been transferred to a cryptocurrency wallet in Argentina. In January 2023, the FBI confirmed that the Lazarus Group and APT38 were responsible for the theft of $100 million from Harmony's Horizon bridge in June 2022.
• The arrest of the Russian national highlights the ongoing efforts of law enforcement agencies to combat money laundering and the use of cryptocurrencies by cybercriminal groups. It also underscores the global reach of North Korea's state-sponsored hacking activities and the importance of international cooperation in tracking and seizing illicit funds.

Toyota Confirms Third-Party Data Breach Impacting Customers

Toyota has confirmed that customer data was exposed in a data breach involving a third-party entity that was misrepresented as Toyota. The breach was discovered after a threat actor named ZeroSevenGroup leaked a 240GB archive of stolen data on a hacking forum.

Key Details of the Data Breach

• The issue is limited in scope and not a system-wide problem for Toyota.
• Toyota Motor North America's systems were not directly breached or compromised.
• The stolen data includes information on Toyota employees and customers, contracts, financial information, and network infrastructure details.
• The files appear to have been stolen or created on December 25, 2022, possibly indicating that the threat actor gained access to a backup server.

Cisco Criticizes UN Cybercrime Convention for Potential Overreach and Abuse

Cisco has expressed concerns about the United Nations' proposed cybercrime convention, arguing that it could be misused by authoritarian governments to stifle free speech and crack down on political dissent. The networking giant believes that the current draft of the convention, known as the "Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes," lacks sufficient safeguards against abuse.

Key Concerns Raised by Cisco

• Overly broad definitions: The proposed convention uses broad definitions of cybercrime that could be interpreted to include activities such as online protests, investigative journalism, and political dissent.
• Lack of human rights protections: The draft does not include adequate protections for human rights, such as freedom of expression and privacy, which could enable authoritarian regimes to misuse the convention to suppress legitimate online activities.
• Potential for abuse: Cisco warns that the convention could be used by governments to force companies to hand over sensitive data or build backdoors into their products, compromising the security and privacy of users.

Cisco's Call for Amendments and Safeguards

Cisco has called on the UN to amend the proposed convention to include stronger safeguards against abuse and to ensure that it does not undermine human rights or the security of digital technologies. The company recommends:

• Narrowing the definition of cybercrime to focus on malicious activities that cause harm
• Incorporating robust human rights protections and oversight mechanisms
• Ensuring that the convention does not require companies to weaken the security of their products or services

EOF