ІНСАЙДЕР УКРАЇНА

In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.

Initially reticent to name the cause, Microsoft has now disclosed that DDoS attacks by the murky upstart were indeed to blame.

But the software giant has offered few details — and did not immediately comment on how many customers were affected and whether the impact was global. A spokeswoman confirmed that the group that calls itself Anonymous Sudan was behind the attacks. It claimed responsibility on its Telegram social media channel at the time. Some security researchers believe the group to be Russian.

Microsoft’s explanation in a blog post Friday evening followed a request by The Associated Press two days earlier. Slim on details, the post said the attacks “temporarily impacted availability” of some services. It said the attackers were focused on “disruption and publicity” and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called botnets of zombie computers around the globe.

Microsoft said there was no evidence any customer data was accessed or compromised.

While DDoS attacks are mainly a nuisance — making websites unreachable without penetrating them — security experts say they can disrupt the work of millions if they successfully interrupt the services of a software service giant like Microsoft on which so much global commerce depends.

It’s not clear if that’s what happened here.

“We really have no way to measure the impact if Microsoft doesn’t provide that info,” said Jake Williams, a prominent cybersecurity researcher and a former National Security Agency offensive hacker. Williams said he was not aware of Outlook previously being attacked at this scale.

“We know some resources were inaccessible for some, but not others. This often happens with DDoS of globally distributed systems,” Williams added. He said Microsoft’s apparent unwillingness to provide an objective measure of customer impact “probably speaks to the magnitude.”

Microsoft dubbed the attackers Storm-1359, using a designator it assigns to groups whose affiliation it has not yet established. Cybersecurity sleuthing tends to take time — and even then can be a challenge if the adversary is skilled.

Pro-Russian hacking groups including Killnet — which the cybersecurity firm Mandiant says is Kremlin-affiliated — have been bombarding government and other websites of Ukraine’s allies with DDoS attacks. In October, some U.S. airport sites were hit. Analyst Alexander Leslie of the cybersecurity firm Recorded Future said it’s unlikely Anonymous Sudan is located as it claims in Sudan, an African country. The group works closely with Killnet and other pro-Kremlin groups to spread pro-Russian propaganda and disinformation, he said.

Edward Amoroso, NYU professor and CEO of TAG Cyber, said the Microsoft incident highlights how DDoS attacks remain “a significant risk that we all just agree to avoid talking about. It’s not controversial to call this an unsolved problem.”

He said Microsoft’s difficulties fending of this particular attack suggest “a single point of failure.” The best defense against these attacks is to distribute a service massively, on a content distribution network for example.

Indeed, the techniques the attackers used are not old, said U.K. security researcher Kevin Beaumont. “One dates back to 2009,” he said.

Serious impacts from the Microsoft 365 office suite interruptions were reported on Monday June 5, peaking at 18,000 outage and problem reports on the tracker Downdetector shortly after 11 a.m. Eastern time.

On Twitter that day, Microsoft said Outlook, Microsoft Teams, SharePoint Online and OneDrive for Business were affected.

Attacks continued through the week, with Microsoft confirming on June 9 that its Azure cloud computing platform had been affected.

On June 8, the computer security news site BleepingComputer.com reported that cloud-based OneDrive file-hosting was down globally for a time.

Microsoft said at the time that desktop OneDrive clients were not affected, BleepingComputer reported.
…

U.S. security officials say the U.S. Energy Department and several other federal agencies have been hacked by a Russian cyber-extortion gang.

Homeland Security officials said Thursday the agencies were caught up in the hacking of MOVEit  Transfer, a file-transfer program that is popular with governments and corporations.

The Energy Department said two of its entities were “compromised” in the hack.

The Russia-linked extortion group CI0p, which claimed responsibility for the hacking, said last week on the dark web site that its victims had until Wednesday to negotiate a ransom or risk having sensitive information dumped online.  It added that it would delete any data stolen from governments, cities and police departments.

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said while the intrusion was “largely an opportunistic one” that was superficial and caught quickly, her agency was “very concerned about this campaign and working on it with urgency.”

Reuters reports that the Britain’s Shell Oil Company, the University of Georgia, Johns Hopkins University and the Johns Hopkins Health System were also among those targeted in the hacking campaign. The Associated Press quoted a senior CISA official as saying U.S. military and intelligence agencies were not affected.

MOVEit said it is working with the federal agencies and its other customers to help fix their systems.

Information for this report was provided by The Associated Press and Reuters.  
…

The first large-scale battery to be built at an Australian coal site has been switched on in Victoria’s Latrobe Valley, east of Melbourne.

The 150-megawatt battery is at the site of the former Hazelwood power station in the southern Australian state of Victoria. The station was built in the 1960s and closed in 2017.

The new battery was officially opened Wednesday and has the ability to power about 75,000 homes for an hour during the evening peak. The decommissioned coal plant produced 10 times more electricity, but the battery’s operators aim to increase its generating capacity over time.

The Latrobe Valley has been the center of Victoria’s coal-fired power industry for decades, but the region is changing.

The new battery will store power generated by offshore wind farms and is run by the French energy giant Engie, and its partners Eku Energy and Fluence.

Engie chief executive Rik De Buyserie told reporters it is an important part of Australia’s green energy future.

“The commissioning of this battery represents a key milestone in this journey and marks an important step in the transition of the La Trobe Valley from a thermal energy power to a clean energy power provider,” he said.

The state of Victoria aims to have at least 2.6 gigawatts of battery storage connected to the electricity grid by 2030 and 6.3 gigawatts by 2035.

Lily D’Ambrosio, Victoria’s minister for climate action, energy and resources, told reporters that the state government is committed to boosting its renewable energy sector.

“It is important that we just do not sit around waiting for old technology to disappear, close down, but we actually get in front of it and make sure that we have more than sufficient supply to meet our needs,” she said. “That is what keeps downward pressure on prices.”

Australia has legislated a target to cut carbon emissions by 43% from 2005 levels by 2030 and to achieve net zero emissions by 2050.

Electricity generation in Australia is still dominated by coal and gas but there is a distinct shift to renewable sources of power.

In April the Clean Energy Council, an industry association, said that clean energy accounted for 35.9% of Australia’s total electricity generation in 2022, up from 32.5% in 2021.
…

An announcement by YouTube that it will no longer remove content containing misinformation on the U.S. 2020 presidential election has some experts divided.

In a June blog post, YouTube said it was ending its policy — enforced since December 2020 — that removed tens of thousands of videos that falsely claimed the 2020 election was impaired by “widespread fraud, errors or glitches.”

“We find that while removing this content does curb some misinformation, it could also have the unintended effect of curtailing political speech without meaningfully reducing the risk of violence or other real-world harm,” the post said.

The Google-owned platform says the move is to support free speech, but some experts in tech and disinformation say it could allow harmful content to again be easily shared.

“The message that YouTube is sending is that the election denial crowd is now welcome again on YouTube and can resume its campaign of undermining trust in American elections and democratic institutions,” said Paul Barrett, deputy director at New York University’s Stern Center for Business and Human Rights.

But others say the policy caused “legitimate” content to be removed and that the core issue is a wider societal problem, not something confined to YouTube.

YouTube’s other election misinformation policies remain unchanged, the platform said.

These include prohibiting content aimed at misleading people about the time and place for voting and claims that could significantly discourage voting.

Google spokesperson Ivy Choi told VOA in an email that the company has “nothing to add beyond what we shared in our blog post.”

Still, some U.S. lawmakers and experts are concerned about how harmful content circulates on YouTube.

Representative Zoe Lofgren, who sat on the House January 6 committee, said the idea that election denial disinformation is “no longer harmful — including that they do not increase the risk of violence — is simply wrong.”

“The lies continue to have a dramatic impact on our democracy and on the drastic increase in threats faced by elected officials at all levels of government,” Lofgren told VOA in an emailed statement.

Lofgren, a Democrat from California, added that YouTube’s parent company Alphabet should reconsider its decision.

Justin Hendrix, founder and editor of the nonprofit website Tech Policy Press, questioned whether YouTube’s policy had even been successful.

“There is, to me, a bigger question about whether YouTube was ever really effectively removing information that promoted false claims about the 2020 election,” Hendrix told VOA. “I wonder whether this is a capitulation to the reality that the company was never able to effectively take action against false claims in the 2020 election.”

YouTube is one of the most popular social media platforms in the United States, and it has over 2 billion users around the world.

But despite the platform’s popularity, it has escaped the level of scrutiny given to Twitter and Facebook, according to Barrett. The main reason: the difficulty in analyzing videos in bulk.

YouTube is the main place people go for videos on innocuous things like how to fix your car or do your makeup, said Barrett. “But it’s also the go-to place for video for people with extreme political ideas,” he added.

Videos on YouTube amplified the false narratives that the 2020 election was rigged and that the entire American election system is corrupt, according to a 2022 report Barrett and Hendrix co-authored, A Platform ‘Weaponized’: How YouTube Spreads Harmful Content – And What Can Be Done About It.

Election misinformation was also cited by the January 6 committee as it investigated the circumstances that resulted in a mob of former President Donald Trump’s supporters storming the U.S. Capitol on the day the election results were due to be certified.

In a report on the insurrection, the committee said the platform “included efforts to boost authoritative content” and that it “labeled election fraud claims — but did so anemically.”

Some free-speech experts like Jennifer Stisa Granick, the surveillance and cybersecurity counsel at the American Civil Liberties Union, believe the policy change is good.

“There have been some legitimate discussions about voting and the legitimacy of the election that have been adversely impacted” under the former policy, Granick said.

“Election disinformation was not spread by YouTube or other online platforms, but by [Trump] himself. And the misinformation that circulates online is a drop in the bucket compared to what the [former] president of the United States says,” Granick said.

The bigger problem, she said, is that for some political candidates, “election denial is a fundamental part of their campaigns.”

People who complain that YouTube is evading its responsibility are “looking to the platform to solve a social and political problem that the United States has,” Granick said.

Roy Gutterman, director of the Tully Center for Free Speech at Syracuse University, believes any policy that openly fosters free speech is worthwhile.

“But calls to violence, which may accompany some of this discourse, would still not be protected,” Gutterman told VOA.

Barrett, however, is concerned that the reversal creates the potential for YouTube to be exploited.

The broader effect, Barrett said, “is the erosion of trust more generally” — not just in American elections.

Studies have shown that exposure to misinformation and disinformation is tied to lower trust in the media.

The YouTube policy change is hardly the main cause of that process, Barrett said, but it’s a contributing factor.

The policy change comes as several major social media companies face criticism for failing to quell election misinformation and disinformation on their platforms. The recent development with YouTube is part of a broader trend in the tech industry, according to Hendrix.

“I’m concerned that we’re seeing across the board almost a kind of throwing up the hands around some of these issues,” he said, pointing to staff layoffs, including those in trust and safety departments.

All of these factors contribute to “an erosion of even more than democracy,” Barrett said. “That’s an erosion of the social connections that hold society together.”
…

Suspected state-backed Chinese hackers used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organizations globally, nearly a third of them government agencies including foreign ministries, the U.S. cybersecurity firm Mandiant said Thursday.

“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant’s chief technical officer, said in an emailed statement. That hack compromised tens of thousands of computers globally.

In a blog post Thursday, Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ Email Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.” It said the activity began as early as October.

The hackers sent emails containing malicious file attachments to gain access to targeted organizations’ devices and data, Mandiant said. Of those organizations, 55% were from the Americas, 22% from the Asia Pacific region and 24% from Europe, the Middle East and Africa, and they included foreign ministries in Southeast Asia and foreign trade offices and academic organizations in Taiwan and Hong Kong. the company said.

Mandiant said the majority impact in the Americas may partially reflect the geography of Barracuda’s customer base.

Barracuda announced on June 6 that some of its email security appliances had been hacked as early as October, giving the intruders a back door into compromised networks. The hack was so severe that the California company recommended fully replacing the appliances.

After discovering it in mid-May, Barracuda released containment and remediation patches, but the hacking group, which Mandiant identifies as UNC4841, altered its malware to try to maintain access, Mandiant said. The group then “countered with high-frequency operations targeting a number of victims located in at least 16 different countries.”

Blinken trip

Word of the breach comes as U.S. Secretary of State Antony Blinken departs for China this weekend as part of the Biden administration’s push to repair deteriorating ties between Washington and Beijing.

His visit had initially been planned for early this year but was postponed indefinitely after the discovery and shootdown of what the U.S. said was a Chinese spy balloon over the United States.

Mandiant said the targeting at both the organizational and individual account levels focused on issues that are high policy priorities for China, particularly in the Asia Pacific region. It said the hackers searched for email accounts of people working for governments of political or strategic interest to China at the time they were participating in diplomatic meetings with other countries.

In an emailed statement Thursday, Barracuda said about 5% of its active Email Security Gateway appliances worldwide showed evidence of potential compromise. It said it was providing replacement appliances to affected customers at no cost.

The U.S. government has accused Beijing of being its principal cyber espionage threat, with state-backed Chinese hackers stealing data from both the private and public sector.

In terms of raw intelligence affecting the U.S., China’s largest electronic infiltrations have targeted OPM, Anthem, Equifax and Marriott.

Earlier this year, Microsoft said state-backed Chinese hackers have been targeting U.S. critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the U.S. and Asia during future crises.

China says the U.S. also engages in cyber espionage against it, hacking into computers of its universities and companies.
…

Chinese manufacturers of electric vehicles are stepping up their push to dominate the European market. As Amy Guttman reports from London, they are making progress in Britain, where car shoppers are eager to buy the lower-cost electric cars that Chinese automakers are offering.
…

Microsoft Founder Bill Gates was in China on Thursday for what he said were meetings with global health and development partners who have worked with his charitable foundation.

“Solving problems like climate change, health inequity and food insecurity requires innovation,” Gates tweeted. “From developing malaria drugs to investing in climate adaptation, China has a lot of experience in that. We need to unlock that kind of progress for more people around the world.”

Gates said global crises stifled progress in reducing death and poverty in children and that he will next travel to West Africa because African countries are particularly vulnerable “with high food prices, crushing debt, and increasing rates of TB and malaria.”

Reuters, citing two people familiar with the matter, said Gates would meet with Chinese President Xi Jinping.

Gates is the latest business figure to visit China year, following Apple’s Tim Cook and Tesla’s Elon Musk.

Some information for this report came from The Associated Press, Agence France-Presse and Reuters.
…

Experts are raising concerns that a recent Cambodian government order allocating around $1 million to a local company for a facial recognition technology project could pave the way for the technology to be used against citizens and human rights defenders.

The order, signed by Prime Minister Hun Sen and released in March in a recent tranche of government documents, would award the funds to HSC Co. Ltd., a Cambodian company led by tycoon Sok Hong that has previously printed Cambodian passports and installed CCTV cameras in Phnom Penh, Cambodia’s capital.

The Oct. 17 order appears to be the first direct indication of Cambodia’s interest in pursuing facial recognition, alarming experts who say such initiatives could eventually be used to target dissenters and build a stronger surveillance state similar to China’s. In recent months, the government has blocked the country’s main opposition party from participating in the July national elections, shut down independent media and jailed critics such as labor organizers and opposition politicians.

Neither the Interior Ministry nor the company would answer questions about what the project entails.

“This is national security and not everyone knows about how it works,” Khieu Sopheak, secretary of state and spokesperson for the Interior Ministry, told VOA by phone. “Even in the U.S., if you ask about the air defense system, they will tell you the same. This is the national security system, which we can’t tell everyone [about].”

The order names HSC, a company Sok Hong founded in 2007, as the funds’ recipient. HSC’s businesses span food and beverage, dredging and retail.

HSC also has close ties to the government: in addition to printing passports and providing CCTV cameras in Phnom Penh, it runs the system for national ID cards and has provided border checkpoint technology. Malaysian and Cambodian media identify Sok Hong as the son of Sok Kong, another tycoon who founded the conglomerate Sokimex Investment Group. Both father and son are oknhas or “lords,” a Cambodian honorific given to those who have donated more than $500,000 to the government.

When reached by phone, Sok Hong told VOA, “I think it shouldn’t be reported since it is related to national security.”

Cambodia’s history of repression, including monitoring dissidents in person and online, has raised suspicions that it could deploy such technology to target activists. Last year, labor leaders reported they were recorded via drones during protests.

“Authorities can use facial recognition technology to identify, track individuals and gather vast amounts of personal data without their consent, which could eventually lead to massive surveillance,” said Chak Sopheap, director of the Cambodian Center for Human Rights. “For instance, when a government uses facial recognition to monitor attendance at peaceful gatherings, these actions raise severe concerns about the safety of those citizens.”

In addition, giving control of facial recognition technology to a politically connected firm, and one that already has access to a trove of identity-related information, could centralize citizens’ data in a one-stop shop. That could make it easier to fine-tune algorithms quickly and later develop more facial recognition tools to be shared with the government in a mutually beneficial relationship, Joshua Kurlantzick, Council on Foreign Relations senior fellow for Southeast Asia, told VOA.

China — one of Cambodia’s oldest and closest allies — has pioneered collecting vast amounts of data to monitor citizens. In Xinjiang, home to about 12 million Uyghurs, Chinese authorities combine people’s biometric data and digital activities to create a detailed portrait of their lives.

In recent years, China has sought to influence Southeast Asia, “providing an explicit model for surveillance and a model for a closed and walled-garden internet,” Kurlantzick said, referring to methods of blocking or managing users’ access to certain content.

Some efforts have been formalized under the Digital Silk Road, China’s technology-focused subset of the Belt and Road initiative that provides support, infrastructure and subsidized products to recipient countries.

China’s investment in Cambodian monitoring systems dates back to the early days of the Digital Silk Road. In 2015, it installed an estimated $3 million worth of CCTV cameras in Phnom Penh and later promised more cameras to “allow a database to accumulate for the investigation of criminal cases,” according to reports at the time. There is no indication China is involved in the HSC project, however.

While dozens of countries use facial recognition technology for legitimate public safety uses, such investments must be accompanied by strict data protection laws and enforcement, said Gatra Priyandita, a cyber politics analyst at the Australian Strategic Policy Institute.

Cambodia does not have comprehensive data privacy regulations. The prime minister himself has monitored Zoom calls hosted by political foes, posting on Facebook that “Hun Sen’s people are everywhere.”

Given the country’s approach to digital privacy, housing facial recognition within a government-tied conglomerate is “concerning” but not surprising, Priyandita said.

“The long-term goal of these kinds of arrangements is the reinforcement of regime security, of course, particularly the protection of Cambodia’s main political and business families,” Priyandita said.

In the immediate future, Cambodia’s capacity to carry out mass surveillance is uncertain. The National Internet Gateway — a system for routing traffic through government servers which critics compared to China’s “Great Firewall” — was delayed in early 2022. Shortly before the scheduled rollout, the government advertised more than 100 positions related to data centers and artificial intelligence, sowing doubts about the technical knowledge behind the project.

Still, the government is pushing to strengthen its digital capabilities, fast-tracking controversial laws around cybercrime and cybersecurity and pursuing a 15-year plan to develop the digital economy, including a skilled technical workforce.

Sun Narin of VOA’s Khmer Service contributed to this report.
…