Technology

cross-posted from: https://lemmy.sdf.org/post/31373501

Today, EDRi filed a DSA complaint against social media giant ‘X’ in the EU, together with our member ApTI Romania. Our investigation found that X is likely in breach of its obligations towards Trusted Flaggers by misleading them—in all tested languages except English—to submit illegal content notices on a wrong, non-functional online form.

cross-posted from: https://lemmy.sdf.org/post/31339721

• Cyber security firm ESET discovered a cyberespionage operation by the China-aligned MirrorFace advanced persistent threat (APT) group against a Central European diplomatic institute in relation to upcoming Expo 2025 in Japan.
• MirrorFace has refreshed both its tooling and tactics, techniques, and procedures (TTPs).
• To our knowledge, this represents the first time that MirrorFace has targeted a European entity.
• MirrorFace has started using ANEL, a backdoor previously associated exclusively with APT10, and deployed a heavily customized variant of AsyncRAT, using a complex execution chain to run it inside Windows Sandbox.

"Known primarily for its cyberespionage activities against organizations in Japan, to the best of our knowledge, this is the first time MirrorFace has shown intent to infiltrate a European entity," Eset says in the report.

The campaign was uncovered in Q2 and Q3 of 2024 and named Operation AkaiRyū (Japanese for RedDragon) by ESET; it showcases refreshed TTPs that ESET Research observed throughout last year.

“MirrorFace targeted a Central European diplomatic institute. To our knowledge, this is the first, and, to date, only time MirrorFace has targeted an entity in Europe,” says ESET researcher Dominik Breitenbacher, who investigated the AkaiRyū campaign.

MirrorFace operators set up their spearphishing attack by crafting an email message that references a previous, legitimate interaction between the institute and a Japanese NGO. During this attack, the threat actor used the upcoming World Expo 2025 – to be held in Osaka, Japan – as a lure. This further shows that even considering this new broader geographic targeting, MirrorFace remains focused on Japan and events related to it. Before the attack on this European diplomatic institute, MirrorFace targeted two employees at a Japanese research institute, using a malicious, password-protected Word document delivered in an unknown manner.

[...]

Archive

An exploitation avenue found by Trend Micro in Windows has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.

The attack method is low-tech but effective, relying on malicious .LNK shortcut files rigged with commands to download malware. While appearing to point to legitimate files or executables, these shortcuts quietly include extra instructions to fetch or unpack and attempt to run malicious payloads.

Ordinarily, the shortcut's target and command-line arguments would be clearly visible in Windows, making suspicious commands easy to spot. But Trend's Zero Day Initiative said it observed North Korea-backed crews padding out the command-line arguments with megabytes of whitespace, burying the actual commands deep out of sight in the user interface.

Trend reported this to Microsoft in September last year and estimates that it has been used since 2017. It said it had found nearly 1,000 tampered .LNK files in circulation but estimates the actual number of attacks could have been higher.

"This is one of many bugs that the attackers are using, but this is one that is not patched and that's why we reported it as a zero day," Dustin Childs, head of threat awareness at the Zero Day Initiative, [said].

"We told Microsoft but they consider it a UI issue, not a security issue. So it doesn't meet their bar for servicing as a security update, but it might be fixed in a later OS version, or something along those lines."

[...]

Researchers Klaudia Jaźwińska and Aisvarya Chandrasekar noted in their report that roughly 1 in 4 Americans now use AI models as alternatives to traditional search engines. This raises serious concerns about reliability, given the substantial error rate uncovered in the study.

cross-posted from: https://slrpnk.net/post/19676598

The copyright status of digital content shared online is often unclear, hindering its reuse. To address this issue, the CommonsDB initiative, funded by the European Commission, is building a prototype registry of Public Domain and openly licensed works. To enhance legal certainty for digital content reuse, the registry will employ decentralized identifiers for consistent content and rights recognition.

[...]

Since 2013, Ghost has made it possible to publish content online with a website and RSS feeds. In 2019 we added support for delivering content by email newsletter.

Now, in 2025, we're taking our biggest step yet by making it possible to publish to the social web.

[...]

Archived

Oblivion menaces every scrap of information that doesn’t spark joy in the Oval Office. “It’s gone,” Trump said of “wokeness,” during his recent address to Congress, in almost motherly tones. “And we feel so much better for it, don’t we? Don’t we feel better?” But on this front, at least, the Administration is facing well-organized resistance. It comes from a loose coalition of archivists and librarians, who are standing athwart history and yelling “Save!” They belong to organizations such as the Internet Archive, which co-created a project called the End of Term Web Archive to back up the federal web in 2008; the Environmental Data and Governance Initiative, or EDGI; and libraries at major universities such as M.I.T. and the University of Michigan. Like the Encyclopedists of Isaac Asimov’s “Foundation”—who race to compile a collapsing empire’s accumulated knowledge—they’re assembling information arks to ride out the chaos.

[...]

cross-posted from: https://lemmy.sdf.org/post/31222338

Russia is conducting an escalating and violent campaign of sabotage and subversion against European and U.S. targets in Europe led by Russian military intelligence (the GRU), according to a new CSIS database of Russian activity. The number of Russian attacks nearly tripled between 2023 and 2024. Russia’s primary targets have included transportation, government, critical infrastructure, and industry, and its main weapons and tactics have included explosives, blunt or edged instruments (such as anchors), and electronic attack. Despite the increase in Russian attacks, Western countries have not developed an effective strategy to counter these attacks.

[...]

Today, Russian active measures support the following types of foreign policy objectives:

• Influencing public opinion through psychological operations in Europe, the United States, and other countries to support Russian interests.
• Coercing governments, companies, or individuals to stop taking specific actions, particularly curbing military and other assistance to Ukraine.
• Deterring countries, companies, or individuals from taking specific actions, such as escalating the type and amount of military aid to Ukraine.
• Deterring Russian soldiers, government officials, and citizens from defecting to the West.
• Creating fissures between governments, especially between NATO allies.
• Undermining the democratic norms and values that underpin the West.

[...]

Archived

The Tow Center for Digital Journalism at the Columbia University in the U.S. conducted tests on eight generative search tools with live search features to assess their abilities to accurately retrieve and cite news content, as well as how they behave when they cannot.

Results in brief:

• Chatbots were generally bad at declining to answer questions they couldn’t answer accurately, offering incorrect or speculative answers instead.
• Premium chatbots provided more confidently incorrect answers than their free counterparts.
• Multiple chatbots seemed to bypass Robot Exclusion Protocol preferences.
• Generative search tools fabricated links and cited syndicated and copied versions of articles.
• Content licensing deals with news sources provided no guarantee of accurate citation in chatbot responses.

[...]

Overall, the chatbots often failed to retrieve the correct articles. Collectively, they provided incorrect answers to more than 60 percent of queries. Across different platforms, the level of inaccuracy varied, with Perplexity answering 37 percent of the queries incorrectly, while Grok 3 had a much higher error rate, answering 94 percent of the queries incorrectly.

[...]

Five of the eight chatbots tested in this study (ChatGPT, Perplexity and Perplexity Pro, Copilot, and Gemini) have made the names of their crawlers public, giving publishers the option to block them, while the crawlers used by the other three (DeepSeek, Grok 2, and Grok 3) are not publicly known.We expected chatbots to correctly answer queries related to publishers that their crawlers had access to, and to decline to answer queries related to websites that had blocked access to their content. However, in practice, that is not what we observed.

[...]

The generative search tools we tested had a common tendency to cite the wrong article. For instance, DeepSeek misattributed the source of the excerpts provided in our queries 115 out of 200 times. This means that news publishers’ content was most often being credited to the wrong source.

Even when the chatbots appeared to correctly identify the article, they often failed to properly link to the original source. This creates a twofold problem: publishers wanting visibility in search results weren’t getting it, while the content of those wishing to opt out remained visible against their wishes.

[...]

The presence of licensing deals [between chat bots and publishers] didn’t mean publishers were cited more accurately [...] These arrangements typically provide AI companies direct access to publisher content, eliminating the need for website crawling. Such deals might raise the expectation that user queries related to content produced by partner publishers would yield more accurate results. However, this was not what we observed during tests conducted in February 2025

[...]

These issues pose potential harm to both news producers and consumers. Many of the AI companies developing these tools have not publicly expressed interest in working with news publishers. Even those that have often fail to produce accurate citations or to honor preferences indicated through the Robot Exclusion Protocol. As a result, publishers have limited options for controlling whether and how their content is surfaced by chatbots—and those options appear to have limited effectiveness.

[...]

Archived

[...]

UNC3886 deployed backdoors disguised as legitimate system processes on Juniper MX routers running outdated hardware and software. These routers, using end-of-life (EOL) configurations, were easier targets due to vulnerabilities in their security systems. The malware leveraged Junos OS’s Veriexec, a file integrity monitor, to avoid detection. Instead of disabling Veriexec, the attackers injected malicious code into legitimate processes.

[...]

UNC3886 is a well-known hacking group with a track record of targeting network devices and virtualization technologies, often using previously unknown vulnerabilities (known as zero-day exploits). The group’s main focus is on espionage against industries like defence, technology, and telecommunications, particularly in the US and Asia.

While other Chinese hacking campaigns, such as those attributed to groups like Volt Typhoon or Salt Typhoon, have made headlines, Mandiant found no direct technical connections between UNC3886’s activities and those operations. This suggests that UNC3886 is a distinct threat, operating with its own tools and strategies.

cross-posted from: https://lemmy.sdf.org/post/30940295

Chinese tech giant Huawei is at the centre of a new corruption case in Europe’s capital. On Thursday, Belgian police raided the homes of its lobbyists, Follow the Money and its media partners Le Soir and Knack can reveal.

Archived

Authorities suspect that Huawei lobbyists have paid bribes to MEPs in return for backing their cause in the European Union. Around 15 former and current MEPs are “on the radar” of the investigators.

In the early hours, Belgium’s federal police raided Huawei’s EU office and the homes of lobbyists for the Chinese tech company on suspicions of bribery, forgery, money laundering and criminal organisation, people close to the investigation told Follow the Money and Belgian outlets Le Soir and Knack.

Twenty-one addresses were searched in total, in Brussels, Flanders, Wallonia and in Portugal, as part of the sweeping corruption probe. Several documents and objects have been seized. No searches have taken place at the European Parliament.

“Around fifteen (former) MEPs are on the radar of the investigation”

Police were looking for evidence that representatives of the Chinese company broke the law when lobbying members of the European Parliament (MEPs), the sources said. The dawn raids were part of a covert police investigation that started about two years ago after a tip-off from the Belgian secret service.

According to one source close to the case, “around fifteen (former) MEPs are on the radar” of the investigators. For current lawmakers, Belgian prosecutors would have to ask the European Parliament to waive their immunity in order to investigate further. No such request has been made yet, sources said.

The Belgian federal prosecutors’ office confirmed that “several people were questioned. They will be heard about their alleged involvement in practices of bribery in the European Parliament and in forgery and use of forged documents. The facts are supposed to have been committed in a criminal organisation.” The state security service declined to comment.

[...]

Investigators suspect that Huawei lobbyists may have committed similar crimes by bribing MEPs with items including expensive football tickets, lavish gifts, luxurious trips to China and even cash to secure their support of the company while it faced pushback in Europe. Payments to one or several lawmakers have allegedly passed through a Portuguese company, a source said.

Several EU nations have taken action in recent years to restrict or ban “high-risk” vendors such as Huawei from their 5G networks, following warnings from the United States and the European Commission that the company’s equipment could be exploited for espionage by Beijing. Huawei has strongly denied claims of interference from the Chinese government.

[...]

The possible involvement of Huawei will also be part of the probe, the people familiar said. Authorities are investigating suspected offences including criminal organisation and money laundering [...]

The probe comes at a critical moment for the EU’s relations with China, its second biggest trading partner. US President Donald Trump’s recent threats and tariffs have been framed as an opportunity for a rapprochement between the EU and Beijing after years of escalating tensions.

“We could even expand our trade and investment ties [with China],” European Commission President Ursula von der Leyen told EU ambassadors last month.

The Belgian police’s investigation therefore risks having major geopolitical repercussions, especially if authorities charge Huawei along with any individual suspects.

Huawei’s links with the Chinese government

While Huawei has consistently maintained its independence from the Chinese government, researchers have found that the tech giant is 99 per cent owned by a union committee, and argued that independent unions don’t exist in China. Huawei founder Ren Zhengfei served in the Chinese military for 14 years before setting up the company, according to the recent book House of Huawei by journalist Eva Dou of the Washington Post.

Former Huawei employees who were granted anonymity to talk freely about sensitive issues told Follow the Money how the company over the past five years has grown increasingly close to the Chinese government – and increasingly hostile towards the West.

The arrest of Ren’s daughter and Huawei CFO Meng Wanzhou in Canada, China’s crackdown on tech firms seen as too independent from the state and Russia’s war in Ukraine were among the events that accelerated this shift, the former Huawei staffers said.

[...]

One of the main suspects in the corruption probe is 41-year-old Valerio Ottati. The Belgian-Italian lobbyist joined Huawei in 2019, when the company was ramping up its lobbying in the face of US pressure on European countries to stop buying its 5G equipment.

Before becoming Huawei’s EU Public Affairs Director, Ottati worked for a decade as an assistant to two Italian MEPs – from the centre-right and centre-left – who were both members of a European Parliament group dealing with China policy.

Ottati was not immediately available for comment. The investigation is still in an early stage and it remains to be seen whether Ottati or the other suspects in the case will be charged with criminal offences.

[...]

cross-posted from: https://lemmy.sdf.org/post/30887912

Here is the report Security and Trust: An Unsolvable Digital Dilemma? (pdf)

Police authorities and governments are calling for digital backdoors for investigative purposes - and the EU Commission is listening. The Centre for European Policy (cep) warns against a weakening of digital encryption. The damage to cyber security, fundamental rights and trust in digital infrastructures would be enormous.

[...]

The debate has become explosive due to the current dispute between the USA and the UK. The British government is demanding that Apple provide a backdoor to the iCloud to allow investigating authorities access to encrypted data. Eckhardt sees parallels with the EU debate: "We must prevent the new security strategy from becoming a gateway for global surveillance." Technology companies such as Meta, WhatsApp and Signal are already under pressure to grant investigators access to encrypted messages.

"Once you install a backdoor, you lose control over who uses it," says Küsters. Chinese hackers were recently able to access sensitive data through a vulnerability in US telecommunications networks - a direct consequence of the infrastructure there. Instead, Küsters advocates a strategy of "security by design", i.e. designing systems securely from the outset, and the increased use of metadata analyses and platform cooperation as viable alternatives to mass surveillance.

[...]

Lessons from across the Atlantic?

A recent episode from the US provides an illustrative cautionary tale. For decades, some US law enforcement and intelligence agencies advocated “exceptional access” to encrypted communications, claiming that only criminals needed such robust privacy protections – echoing the current debate in the EU. But over the past months, a dramatic shift occurred following revelations that Chinese state-sponsored hackers had infiltrated major US telecommunications networks, gaining access to call metadata and possibly even live calls (the so-called “Salt Typhoon” hack).

Specifically, the Chinese hackers exploited systems that US telecom companies had built to comply with federal wiretapping laws such as Communications Assistance for Law Enforcement Act (CALEA), which requires telecommunications firms to enable “lawful intercepts”. In theory, these built-in channels were supposed to only give law enforcement an exclusive window into suspect communications. In practice, however, they became a universal vulnerability that hostile actors could just as easily exploit.

Suddenly, the very government voices that once dismissed end-to-end encryption began recommending that citizens use encrypted messaging apps to maintain their security.

**What can we learn from this? **

While governments often push for greater surveillance capabilities, the real and current threat of state-sponsored cyber-espionage demonstrates the indispensable value of strong encryption. As the Electronic Frontier Foundation has noted, Salt Typhoon shows once more that there is no such thing as a backdoor that only the “good guys” can use.

If the mechanism exists, a malicious party will eventually find it and weaponise it. The lesson for Europe is clear: undermining encryption to aid investigations may prove short-sighted if it also exposes citizens – and state institutions – to hostile foreign interference. Is this really what we want to do in an increasingly challenging geopolitical environment? The debate about ensuring lawful and effective access to data in the digital age will remain one of the most pressing challenges, so we need to ask whether there are alternative, viable models.

[...]

A former senior Facebook executive has told the BBC how the social media giant worked "hand in glove" with the Chinese government on potential ways of allowing Beijing to censor and control content in China.

Sarah Wynn-Williams - a former global public policy director - says in return for gaining access to the Chinese market of hundreds of millions of users, Facebook's founder, Mark Zuckerberg, considered agreeing to hiding posts that were going viral, until they could be checked by the Chinese authorities.

Ms Williams - who makes the claims in a new book - has also filed a whistleblower complaint with the US markets regulator, the Securities and Exchange Commission (SEC), alleging Meta misled investors. The BBC has reviewed the complaint.

Facebook's parent company Meta, says Ms Wynn-Williams had her employment terminated in 2017 "for poor performance".

It is "no secret we were once interested" in operating services in China, it adds. "We ultimately opted not to go through with the ideas we'd explored."

[...]

Ms Wynn-Williams says her allegations about the company's close relationship with China provide an insight into Facebook's decision-making at the time.

[...]

Ms Wynn-Williams claims that in the mid-2010s, as part of its negotiations with the Chinese government, Facebook considered allowing it future access to Chinese citizens' user data.

"He was working hand in glove with the Chinese Communist Party, building a censorship tool… basically working to develop sort of the antithesis of many of the principles that underpin Facebook," she told the BBC.

Ms Wynn-Williams says governments frequently asked for explanations of how aspects of Facebook's software worked, but were told it was proprietary information.

"But when it came to the Chinese, the curtain was pulled back," she says.

"Engineers were brought out. They were walked through every aspect, and Facebook was making sure these Chinese officials were upskilled enough that they could not only learn about these products, but then test Facebook on the censorship version of these products that they were building."

[...]

In her SEC complaint, Ms Wynn-Williams also alleges Mr Zuckerberg and other Meta executives had made "misleading statements… in response to Congressional inquiries" about China.

One answer given by Mr Zuckerberg to Congress in 2018 said Facebook was "not in a position to know exactly how the [Chinese] government would seek to apply its laws and regulations on content"

[...]

Misinformation, market volatility and more: Faced with the need to mitigate risks that artificial intelligence presents, countries and regions are charting different paths

Archived

The original presentation is available in Spanish only.

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.

"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.

"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."

The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant.

[...]

cross-posted from: https://slrpnk.net/post/19214397

Archived

(Note that Pravda network of websites this article is talking about is different from the websites using the Pravda.ru domain, which publishes in English and Russian and are owned by Vadim Gorshenin, a self-described supporter of Russian President Vladimir Putin, who formerly worked for the Pravda newspaper, which was owned by the Communist Party in the former Soviet Union.)

A Moscow-based disinformation network named “Pravda” — the Russian word for "truth" — is pursuing an ambitious strategy by deliberately infiltrating the retrieved data of artificial intelligence chatbots, publishing false claims and propaganda for the purpose of affecting the responses of AI models on topics in the news rather than by targeting human readers, NewsGuard has confirmed. By flooding search results and web crawlers with pro-Kremlin falsehoods, the network is distorting how large language models process and present news and information. The result: Massive amounts of Russian propaganda — 3,600,000 articles in 2024 — are now incorporated in the outputs of Western AI systems, infecting their responses with false claims and propaganda.

This infection of Western chatbots was foreshadowed in a talk American fugitive turned Moscow based propagandist John Mark Dougan gave in Moscow last January at a conference of Russian officials, when he told them, “By pushing these Russian narratives from the Russian perspective, we can actually change worldwide AI.”

A NewsGuard audit has found that the leading AI chatbots repeated false narratives laundered by the Pravda network 33 percent of the time — validating Dougan’s promise of a powerful new distribution channel for Kremlin disinformation.

[...]

The Pravda network does not produce original content. Instead, it functions as a laundering machine for Kremlin propaganda, aggregating content from Russian state media, pro-Kremlin influencers, and government agencies and officials through a broad set of seemingly independent websites.

[...]

Since its launch, the network has been extensively covered by NewsGuard, Viginum, the Digital Forensics Research Lab, Recorded Future, the Foundation for Defense of Democracies, and the European Digital Media Observatory. Starting in August 2024, NewsGuard’s AI Misinformation Monitor, a monthly evaluation that tests the propensity for chatbots to repeat false narratives in the news, has repeatedly documented the chatbots’ reliance on the Pravda network and their propensity to repeat Russian disinformation.

[...]

The network spreads its false claims in dozens of languages across different geographical regions, making them appear more credible and widespread across the globe to AI models. Of the 150 sites in the Pravda network, approximately 40 are Russian-language sites publishing under domain names targeting specific cities and regions of Ukraine, including News-Kiev.ru, Kherson-News.ru, and Donetsk-News.ru. Approximately 70 sites target Europe and publish in languages including English, French, Czech, Irish, and Finnish. Approximately 30 sites target countries in Africa, the Pacific, Middle East, North America, the Caucasus and Asia, including Burkina Faso, Niger, Canada, Japan, and Taiwan. The remaining sites are divided by theme, with names such as NATO.News-Pravda.com, Trump.News-Pravda.com, and Macron.News-Pravda.com.

[...]

Despite its scale and size, the network receives little to no organic reach. According to web analytics company SimilarWeb, Pravda-en.com, an English-language site within the network, has an average of only 955 monthly unique visitors. Another site in the network, NATO.news-pravda.com, has an average of 1,006 monthly unique visitors a month, per SimilarWeb, a fraction of the 14.4 million estimated monthly visitors to Russian state-run RT.com.

Similarly, a February 2025 report by the American Sunlight Project (ASP) found that the 67 Telegram channels linked to the Pravda network have an average of only 43 followers and the Pravda network’s X accounts have an average of 23 followers.

But these small numbers mask the network’s potential influence. Instead of establishing an organic audience across social media as publishers typically do, the network appears to be focused on saturating search results and web crawlers with automated content at scale. The ASP found that on average, the network publishes 20,273 articles every 48 hours, or approximately 3.6 million articles a year, an estimate that it said is “highly likely underestimating the true level of activity of this network” because the sample the group used for the calculation excluded some of the most active sites in the network.

[...]

[Edit typo.]

cross-posted from: https://lemmy.sdf.org/post/30517126

[...]

The start of a new government in Germany is accompanied by a turnaround in transatlantic relations and an unprecedented anti-democratic takeover of power by tech broligarchs in the United States. "Therefore, mass surveillance by tech companies is even more of a political issue than before, which a new government cannot ignore," the CCC writes on its site.

[...]

The CCC demands:

• A ban on biometric mass surveillance of public spaces and the untargeted biometric analysis of the Internet. In particular, any form of database that analyses images, videos, and audio files from the Internet for biometric characteristics in an untargeted manner will actively be dismantled. The corresponding powers of the Federal Office for Migration and Refugees will be revoked.
• Mass data retention without occasion will be rejected. Instead, more effective and rights-preserving law enforcement measures, such as the so-called ‘quick-freeze’-procedure and the ‘login trap’, should be pursued.
• Automated data analysis of information held by law enforcement agencies and any form of predictive policing or automated profiling of people are rejected. Cooperation between German and US intelligence services will be restricted, and any kind of automated mass exchange of content or metadata will be prevented.
• The full evaluation of surveillance programmes (‘Überwachungsgesamtrechnung’) will be published, continuously updated and legislation will adjust the scope of state surveillance powers accordingly.

[...]

[Edit title for clarity.]

Archived

Cybercriminals behind Zhong Stealer don’t rely on complex exploits or high-tech hacking tools to break into businesses. Instead, they use a low-effort but highly effective scam that plays on human nature: urgency, confusion, and frustration.

As noted by ANY.RUN researchers, the attack unfolds in a calculated, repetitive pattern designed to wear down customer support agents:

• A new support ticket appears but the sender’s account is brand new and completely empty. There’s no history, no past interactions, just a vague request for help.
• The attacker types in broken language, usually Chinese, making the conversation difficult to follow. This adds an element of confusion and makes the request seem more urgent.
• A ZIP file is attached, supposedly containing screenshots or other necessary details for the request. The attacker insists the support agent must open it to understand the issue.
• If the agent hesitates, the attacker becomes increasingly frustrated, pressuring them to act.

[...]

Bluesky is built on a protocol intended to mitigate this problem. The AT Protocol describes itself as “an open, decentralized network for building social applications”. The problem is that, [...] “A federatable service isn’t a federated one”. The intention to create a platform that users can leave at will, without losing their social connections, does not mean users can actually do this. It’s a technical possibility tied to an organisational promise, rather than a federated structure that enables people to move between services if they become frustrated by Bluesky.

[...]

The problem is that, as Doctorow observes, “The more effort we put into making Bluesky and Threads good, the more we tempt their managers to break their promises and never open up a federation”. If you were a venture capitalist putting millions into Bluesky in the hope of an eventual profit, how would you feel about designing the service in a way that reduces exit costs to near zero? This would mean that “An owner who makes a bad call – like removing the block function say, or opting every user into AI training – will lose a lot of users”. The developing social media landscape being tied in the Generative AI bubble means this example in particular is one we need to take extremely seriously.

[...]

cross-posted from: https://lemmy.sdf.org/post/30379477

The planned installation of 16 Chinese wind turbines off the German coast should be prevented on the grounds of public safety, business daily Handelsblatt reported based on an advisory paper from the German Institute for Defence and Strategic Studies (GIDS).

The analysis, commissioned by the defence ministry, warned of potential blackmail and said all legal options must be used to prevent plans to build the wind farm off the coast of Borkum in northwestern Germany. Hamburg-based asset manager Luxcara awarded the contract to a Chinese manufacturer.

"Unlike millions of solar panels, which today come almost exclusively from China, a single offshore wind farm with the capacity of an entire power plant in a strategically significant location is a much greater target for manipulation of the energy supply – and also for espionage," the business daily reported. The warning comes as wind farm operators increasingly turn to Chinese manufacturers amid tightening global supply chains.

[...]

GIDS warned of possible espionage through sensors, which could potentially track naval ships, submarines and aircraft. It also added that it could not be ruled out that the critical infrastructure would be unavailable in the event of a crisis or conflict. The European Commission has also expressed concerns over security and a growing dependence on China.

[...]

cross-posted from: https://lemmy.sdf.org/post/30367666

The UK data watchdog has launched what it calls a "major investigation" into TikTok's use of children's personal information.

The Information Commissioner's Office (ICO) will inspect the way in which the social media platform uses the data of 13 to 17-year-olds to recommend further content to them.

John Edwards, the Information Commissioner, said it would look at whether TikTok's data collection practices could lead to children experiencing harms, such as data being leaked or spending "more time than is healthy" on the platform.

TikTok told the BBC its recommender systems operated under "strict and comprehensive measures that protect the privacy and safety of teens".

It added that the platform also has "robust restrictions on the content allowed in teens' feeds".

Mr Edwards said TikTok's algorithm "feeds" on personal data gleaned from user profiles, preferences, links clicked and how long they spend watching a particular video - making it subject to UK rules.

In addition to the probe into TikTok, the ICO is also checking the age verification processes of Reddit and Imgur, an image-sharing platform.

The investigation will look into whether the companies are complying with both the UK's data protection laws, and the children's code.

The code is set to design principles for online platforms aimed at protecting children in the UK. Platforms which collect UK children's user data must minimise the amount they gather and take extra care when processing it.

[...]

Cross post from https://lemmy.sdf.org/post/30315054

Archived

The Belgian government opened a probe into a suspected Chinese espionage campaign targeting the country's civilian intelligence service.

Citing government sources, Le Soir reported Wednesday that Chinese hackers in November 2023 targeted the State Security Service by hacking email security appliances made by Barracuda Networks.

The hackers are suspected of accessing sensitive communications between the prosecutors' office, police and ministers, as well as staff information, Le Soir reported.

The Belgian prosecutor's office opened a probe into the hack on Wednesday.

[...]

The attack on the Belgian government aligns with the broader Chinese strategy of compromising edge devices for stealth espionage campaigns. Chinese hackers have targeted Sophos, Microsoft Exchange Server, FortiClient and Ivanti edge device flaws.

cross-posted from: https://lemmy.sdf.org/post/30015875

Archived

[...]

A new analysis of data on scanners drawn from AidData’s Global Chinese Development Finance Dataset reveals that China’s provision of aid and credit for the dissemination of customs inspection equipment abroad—from providers like Nuctech, a Chinese partially state-owned company—is extensive. Despite increasing scrutiny of Chinese equipment used in critical infrastructure like ports, scanners provided by Chinese companies and financed by Chinese donors and lenders are still being widely distributed around the globe. China’s global scanner distribution poses potential national security risks at global seaports, airports, and border crossings.

[...]

China’s provision of customs inspection equipment is far-reaching: at least 65 low- and middle-income countries received this equipment financed via grants and loans from China between 2000 and 2022. The scanners can be found in locations ranging from Serbia and Albania in Eastern Europe, to Cambodia and Laos in Southeast Asia, to countries in Central Asia, the Middle East, North Africa, and the Pacific. Over the past two decades, China provided at least $1.67 billion (constant 2021 USD) of aid and credit for customs inspection activities in recipient countries.

[...]

Donations and zero-interest loans appear to be a deliberate business strategy of Chinese government entities to facilitate the acquisition, installation, and use of customs inspection equipment produced by Chinese companies. Of the 108 customs inspection equipment-related activities tracked, 89 (or 82.4%) constituted donations, with the remainder provided through loans from Chinese agencies for recipients to purchase scanners from China. 44 of these donations were financed directly by China’s Ministry of Commerce (MOFCOM).

[...]

Nuctech Company Ltd. (同方威视技术股份有限公司) is one of the key companies involved in the provision of global inspection equipment, ranging from cargo and vehicle inspection to personnel screening. Its competitors include U.S.-based companies such as Rapiscan Systems, L3Harris Technologies, and Leidos, as well as European-based companies like Smiths Detection and Thales Group, among others.

Nuctech is a partially state-owned company that emerged from Tsinghua University in the 1990s. Its parent company is Tsinghua Tongfang (清华同方股份有限公司), a state-owned enterprise. China National Nuclear Corporation (中国核工业集团公司), an energy and defense conglomerate controlled by China’s State Council, is the controlling stakeholder of Tsinghua Tongfang and holds a 21 percent ownership stake in Nuctech. Nuctech is further connected to the state, as the company’s former chairman in the early 2000s now serves in the central government.

[...]

U.S. Federal Trade Commission urged to investigate Google’s RTB data in first ever complaint under new national security data law.

Google sends enormous quantities of sensitive data about Americans to China and other foreign adversaries, according to evidence in a major complaint filed today at the FTC by Enforce and EPIC. This is the first ever complaint under the new Protecting Americans’ Data from Foreign Adversaries Act.

The complaint (open pdf) targets a major part of Google’s business: Google’s Real-Time Bidding (RTB) system dominates online advertising, and operates on 33.7 million websites, 92% of Android apps, and 77% of iOS apps. Much of Google’s $237.9 billion advertising revenue is RTB.

Today’s complaint reveals that Google has known for at least a decade that its RTB technology broadcasts sensitive data without any security, according to internal Google discussions highlighted in today’s complaint.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls (example) to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers. Even Google’s so called “non personalized” data contains dangerous data.

[...]