A group of Human rights lawyers and investigators this week called on The Hague to bring the first-ever “cyber war crimes” indictment. The group is urging the International Criminal Court to bring charges against the dangerous and destructive Russian hacking group Sandworm, run by Russia’s GRU military intelligence agency. Meanwhile, activists are working to prevent Russia from using satellites controlled by French company Eutelsat to broadcast its state propaganda programs.
Researchers released findings this week that thousands of popular websites are recording data that users enter into forms on the site before they click the submit button — even if the user closes the page without submitting anything. Google has released a report on an in-depth security analysis it conducted with chipmaker AMD to find and fix bugs in specialized security processors used in Google Cloud infrastructure. The company also announced a slew of privacy and security features for its new Android 13 mobile operating system, along with a vision to make them easier for people to understand and use.
The European Union is considering legislation to protect children that would require private chats to be scanned, potentially undermining end-to-end encryption on a large scale. Additionally, advocates for nonprofit cybersecurity organization BIO-ISAC are working to protect the bioeconomy from digital threats, and this week are announcing a partnership with Johns Hopkins University’s Applied Physics Lab that will help provide resources for incident response to finance, which are provided according to the “pay-what-you-can” principle.
But wait, there’s more. Each week we round up the news that we haven’t published or covered in depth. Click on the headlines to read the full stories. And stay safe out there.
The United States is completing the development of a new generation of high-security encryption standards designed to be robust in the current technical climate and resistant to circumvention in the age of quantum computing. And although the National Security Agency helped create the new standards, the agency says it has no specific means to undermine protections. Rob Joyce, the NSA’s director of cybersecurity, told Bloomberg this week, “There are no backdoors.” device developed by NSA removed algorithm as federal standard over backdoor concerns.
A comprehensive investigation by Georgetown Law’s Center on Privacy & Technology reveals a more detailed picture than ever of U.S. Immigration and Customs Enforcement surveillance capabilities and practices. According to the report, released this week, ICE began developing its surveillance infrastructure at the end of the George W. Bush administration, years before the effort was believed to have started. And researchers found that between 2008 and 2021, ICE spent $2.8 billion on surveillance technology, including facial recognition. ICE was already known for its aggressive and invasive surveillance tactics during the Donald Trump administration’s crackdown on immigration, but the report also argues that ICE “played a key role in the federal government’s larger push to gather as much intelligence as possible.” ‘ about people in the United States.
“Our two-year investigation, which includes hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contract and procurement records, shows that ICE is now acting as a domestic watchdog,” the report said. “By accessing the digital records of state and local governments and purchasing databases containing billions of data points from private companies, ICE has created a surveillance infrastructure that allows it to pull detailed dossiers on almost anyone, seemingly at any time.”
In a legal settlement this week, Clearview AI, a facial recognition and surveillance startup, agreed to a series of restrictions on its US business, including not selling its facial print database to companies or individuals in the country. The company says it has more than 10 billion faceprints in its arsenal, belonging to people around the world and collected through photos found online. The settlement comes after the American Civil Liberties Union accused Clearview of violating the Illinois Biometric Information Privacy Act. The agreement also stipulates that the company may not sell access to its Illinois database for five years. “This agreement shows that strong privacy laws can provide real protections against abuse,” said Nathan Freed Wessler, associate director of the ACLU Speech, Privacy, and Technology Project, in a statement. Despite the privacy gain, Clearview can still sell its services to federal law enforcement agencies, including ICE, and police departments outside of Illinois.
Costa Rica President Rodrigo Chaves said Sunday that the country was declaring a national emergency after the notorious Conti ransomware gang infected several government agencies with malware last week. Sunday was the first day of Chaves’ presidency. Conti has leaked part of a 672GB trove of stolen data from multiple Costa Rican agencies. In April, the Costa Rican social security administration announced that it had been the victim of a Conti attack. “A perimeter security scan of the Conti ransomware is currently underway to check and prevent possible attacks,” the agency said tweeted back then.