Cyber Week in Review: August 4, 2022

Nancy Pelosi Visits Taiwan

U.S. House Speaker Nancy Pelosi (D-CA) made a contentious trip to Taiwan last week. Pelosi attended lunch with Taiwanese President Tsai Ing-wen and a group of prominent Taiwanese electronics manufacturers during the trip. The United States is working to the implement the Chips and Science Act which provides $52 billion in federal subsidies to microchip factories in the United States. Taiwan Semiconductor Manufacturing Company (TSMC) plans to build a $12 billion chip factory in Arizona within the next five years. Taiwan’s chipmakers currently produce 90 percent of the world’s most advanced chips, and TSMC supplies chips for some of the U.S. military’s most advanced equipment, including the F-35 fighter. Speaker Pelosi’s visit to Taiwan resulted in aggressive rhetoric from China towards its neighboring island given that the Chinese Communist Party claims Taiwan as its territory. On Tuesday, Taiwan reported a cyberattack that caused its presidential office website to go offline. Information security researchers said the attack likely did not represent the full extent of Chinese capabilities, and could have been launched by nationalistic hackers, rather than state-sponsored groups.

Facebook Accounts Spread Dangerous Content About Upcoming Elections in Kenya

The National Cohesion and Integration Commission (NCIC) in Kenya threatened to suspend Facebook for allowing hate speech to proliferate ahead of the country’s general elections this month. Despite the platform’s claims to have cracked down on harmful content, ads in English and Swahili promoting ethnic violence continue to spread. Nonprofit groups Global Witness and Foxglove revealed that ads including calls to slaughter and rape ethnic minorities in Kenya were approved by Facebook. In response to these accusations, Facebook parent company Meta released a statement saying that it uses a combination of artificial intelligence (AI), human reviewers, and user reports to address harmful content. Meta has previously admitted that it faces challenges teaching AI to recognize hate speech in languages other than English. Although Meta has a 350-person team with native Arabic, Somali, and Swahili language abilities monitoring terrorist content , Kenyans speak dozens of dialects that are difficult for human moderators to track.

Israeli Police’s Use of Pegasus Found to Exceed Authority

The Israeli government’s probe into the police’s use of Pegasus spyware found that it was only used after securing a judicial warrant, but the amount of information collected exceeded the police’s authority. The investigation was launched after the Israeli newspaper Calcalist published a report accusing the police of illegally using Pegasus to spy on public figures. The investigative team released their findings on the case on Monday, saying the police did not break the law, but claiming that when the technology was used, the police received extra information not covered by a warrant. While NSO Group claims that it only provides Pegasus to governments to fight crime and terrorism, Pegasus has been linked to spying on human rights activists and journalists in numerous countries. The Association for Civil Rights in Israel and other political groups said that the findings of the probe depict major failures and raise concerns about privacy. The groups are advocating a ban on police use of spyware until legislation detailing proper use is passed.

Hackers Drain Nomad of $190 Million in Cryptocurrency

A group of hackers withdrew $190 million in cryptocurrency from Nomad, a startup firm and blockchain bridge, a service which acts as an intermediary where people can transfer or exchange tokens between cryptocurrency platforms. The hackers exploited a flaw in Nomad’s code that allowed them to withdraw more assets than they deposited into the platform. Once other users figured out how to replicate this, hundreds of users began launching copycat attacks. Bridges like Nomad have become prime targets for hackers due to poor design or lax security. In 2022, more than $1 billion in crypto assets have been stolen through blockchain bridges. In April, a bridge called Ronin was drained of $600 million in an attack later attributed to North Korea, while $100 million was stolen from the Harmony bridge a few months later.

United States and Ukraine Agree to Greater Cooperation on Cybersecurity

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) announced a new agreement to strengthen and expand cooperation on cybersecurity. The agreement  expands information sharing, especially on the subject of best practices in cyber incidents and of data on critical infrastructure breaches, and will also increase the number of joint cybersecurity exercises. The United States has been offering technical assistance to Ukrainian cybersecurity teams since before the Russian invasion in February of this year both by conducting defend forward actions and sending teams from U.S. Cyber Command to shore up Ukrainian networks. Ukraine has faced several large scale cyberattacks against its infrastructure since the start of the war, including attempts by Sandworm, a Russian hacking group, to take down the power grid around Kyiv.