Latest news with #CitizenLab
Yahoo
6 days ago
- Politics
- Yahoo
Citizen Lab director warns cyber industry about US authoritarian descent
The director of Citizen Lab, one of the most prominent organizations investigating government spyware abuses, is sounding the alarm to the cybersecurity community and asking them to step up and join the fight against authoritarianism. On Wednesday, Ron Deibert will deliver a keynote at the Black Hat cybersecurity conference in Las Vegas, one of the largest gatherings of information security professionals of the year. Ahead of his talk, Deibert told TechCrunch that he plans to speak about what he describes as a 'descent into a kind of fusion of tech and fascism,' and the role that the big tech platforms are playing, and 'propelling forward a really frightening type of collective insecurity that isn't typically addressed by this crowd, this community, as a cybersecurity problem.' Deibert described the recent political events in the United States as a 'dramatic descent into authoritarianism,' but one that the cybersecurity community can help defend against. 'I think alarm bells need to be rung for this community that, at the very least, they should be aware of what's going on and hopefully they can not contribute to it, if not help reverse it,' Deibert told TechCrunch. Historically, at least in the United States, the cybersecurity industry has put politics — to a certain extent — to the side. More recently, however, politics has fully entered the world of cybersecurity. Earlier this year, President Donald Trump ordered an investigation into former CISA director Chris Krebs, who had publicly rebuffed Trump's false claims about election fraud by declaring the 2020 election secure. Trump later fired Krebs by tweet. The investigation ordered by Trump months after his 2024 reelection forced Krebs to step down from SentinelOne and vow to fight back. In response, Jen Easterly, another former CISA director and Krebs' successor, called on the cybersecurity community to get involved and speak out. 'If we stay silent when experienced, mission-driven leaders are sidelined or sanctioned, we risk something greater than discomfort; we risk diminishing the very institutions we are here to protect,' Easterly wrote in a post on LinkedIn. Easterly was herself a victim of political pressure from the Trump administration when she got the offer to join West Point rescinded in late July. Deibert, who this year published his new book, Chasing Shadows: Cyber Espionage, Subversion, And The Global Fight For Democracy, is echoing the same message as Easterly. 'I think that there comes a point at which you have to recognize that the landscape is changing around you, and the security problems you set out for yourselves are maybe trivial in light of the broader context and the insecurities that are being propelled forward in the absence of proper checks and balances and oversight, which are deteriorating,' said Deibert. Deibert is also concerned that big companies like Meta, Google, and Apple could take a step back in their efforts to fight against government spyware — sometimes referred to as 'commercial' or 'mercenary' spyware — by gutting their threat intelligence teams. These threat intelligence teams are dedicated groups of security researchers that track government hackers, both those working inside government agencies, such as China's Ministry of State Security, or Russia's intelligence agencies FSB and GRU, as well as companies such as NSO Group or Paragon. These are the same teams that are responsible for detecting hacks against their own users, such as when WhatsApp caught NSO Group hacking more than 1,400 of its users in 2019, or when Apple catches hackers using government spyware to target its customers and notifies the victims of the attacks. Deibert is concerned that these teams could be cut or at least reduced, given that the same companies have cut their moderation and safety teams. He told TechCrunch that threat intelligence teams, like the ones at Meta, are doing 'amazing work,' in part by staying siloed and separate from the commercial arms of their wider organizations. 'But the question is how long will that last?' said Deibert.
TechCrunch
6 days ago
- Politics
- TechCrunch
Citizen Lab director warns cyber industry about US authoritarian descent
The director of Citizen Lab, one of the most prominent organizations investigating government spyware abuses, is sounding the alarm to the cybersecurity community and asking them to step up and join the fight against authoritarianism. On Wednesday, Ron Deibert will deliver a keynote at the Black Hat cybersecurity conference in Las Vegas, one of the largest gatherings of information security professionals of the year. Ahead of his talk, Deibert told TechCrunch that he plans to speak about what he describes as a 'descent into a kind of fusion of tech and fascism,' and the role that the big tech platforms are playing, and 'propelling forward a really frightening type of collective insecurity that isn't typically addressed by this crowd, this community, as a cybersecurity problem.' Deibert described the recent political events in the United States as a 'dramatic descent into authoritarianism,' but one that the cybersecurity community can help defend against. 'I think alarm bells need to be rung for this community that, at the very least, they should be aware of what's going on and hopefully they can not contribute to it, if not help reverse it,' Deibert told TechCrunch. Historically, at least in the United States, the cybersecurity industry has put politics — to a certain extent — to the side. More recently, however, politics has fully entered the world of cybersecurity. Earlier this year, President Donald Trump ordered an investigation into former CISA director Chris Krebs, who had publicly rebuffed Trump's false claims about election fraud by declaring the 2020 election secure. Trump later fired Krebs by tweet. The investigation ordered by Trump months after his 2024 reelection forced Krebs to step down from SentinelOne and vow to fight back. In response, Jen Easterly, another former CISA director and Krebs' successor, called on the cybersecurity community to get involved and speak out. 'If we stay silent when experienced, mission-driven leaders are sidelined or sanctioned, we risk something greater than discomfort; we risk diminishing the very institutions we are here to protect,' Easterly wrote in a post on LinkedIn. Easterly was herself a victim of political pressure from the Trump administration when she got the offer to join West Point rescinded in late July. Deibert, who this year published his new book, Chasing Shadows: Cyber Espionage, Subversion, And The Global Fight For Democracy, is echoing the same message as Easterly. 'I think that there comes a point at which you have to recognize that the landscape is changing around you, and the security problems you set out for yourselves are maybe trivial in light of the broader context and the insecurities that are being propelled forward in the absence of proper checks and balances and oversight, which are deteriorating,' said Deibert. Deibert is also concerned that big companies like Meta, Google, and Apple could take a step back in their efforts to fight against government spyware — sometimes referred to as 'commercial' or 'mercenary' spyware — by gutting their threat intelligence teams. These threat intelligence teams are dedicated groups of security researchers that track government hackers, both those working inside government agencies, such as China's Ministry of State Security, or Russia's intelligence agencies FSB and GRU, as well as companies such as NSO Group or Paragon. These are the same teams that are responsible for detecting hacks against their own users, such as when WhatsApp caught NSO Group hacking more than 1,400 of its users in 2019, or when Apple catches hackers using government spyware to target its customers and notifies the victims of the attacks. Deibert is concerned that these teams could be cut or at least reduced, given that the same companies have cut their moderation and safety teams. He told TechCrunch that threat intelligence teams, like the ones at Meta, are doing 'amazing work,' in part by staying siloed and separate from the commercial arms of their wider organizations. 'But the question is how long will that last?' said Deibert.
Japan Forward
30-06-2025
- Politics
- Japan Forward
JINF Report: China and Russia's Strategic Merger
As geopolitical tensions escalate in multiple theaters, China and Russia continue to strengthen their partnership in ways that contest the existing international norm. A seminar hosted on June 27 by the Japan Institute for National Fundamentals (JINF) shed light on how the two authoritarian powers are tightening their strategic alignment, both in cyberspace and in conventional military measures. Jun Osawa, a senior fellow at the Nakasone Peace Institute (NPI), spoke on the evolving sophistication of China's cognitive warfare capabilities. "Whereas Beijing's central propaganda machine once fed specific narratives that spread through state media and were later amplified by bloggers and influencers on social media, the method is now becoming more Russian-like," Osawa said. One example is the spread of conspiracy theories surrounding the August 2023 wildfires in Hawaii. A Chinese disinformation operation known as Storm-1376 falsely claimed, using AI-generated images, that the United States government had started the fires using an energy weapon. A May 2023 video of a transformer explosion in Chile was falsely repurposed to depict an explosion preceding the wildfires in Maui. Unlike earlier top-down propaganda efforts, this campaign was decentralized. Osawa likened it to Russia's favorite playbook: exploiting societal fault lines with misinformation and synthetic media to stir social unrest. Storm-1376, reportedly linked to China's Ministry of Public Security, has for years promoted content aimed at discrediting the American democracy and political system. In April 2023, the US Department of Justice filed charges against 34 Chinese officials implicated in related influence campaigns. Beijing's growing cyber infiltration activities are also targeting Japan. Citing a February 2024 report by Citizen Lab at the University of Toronto, Osawa described a China-based network of at least 123 fake news websites posing as local outlets in 30 countries. These sites blend genuine news from other platforms and fabricated articles to distort information ecosystems and advance specific agendas. Homepage of a news site flagged by Citizen Lab as likely operated by Chinese bots and designed to mimic a legitimate local news outlet. In Japan, domains like masquerade as local news outlets, reprinting authentic content while slipping in pro-Beijing fake stories. Since April 2024, websites imitating major Japanese news brands such as Sankei Weekly and Yomiuri Daily have appeared to enhance their credibility. "While the viewership of these sites is still low, like Russia, the purpose is to spread the news on social media as if it's from a neutral and credible source," Osawa said. There are also signs of disinformation being used as a geopolitical lever. On June 1, a prominent Chinese military blogger shared an article that falsely attributed a provocative quote to a Japanese Maritime Self-Defense Force Commander. In the article, Commander Hiroshi Ito is falsely cited as saying, "If necessary, we will cooperate with Ukraine to launch attacks from both sea and land and recapture the four islands." The Four Islands refer to the Northern Territories, a chain located just off the northeast coast of Hokkaido, which have long been in dispute between Japan and Russia. The four disputed islands in the Northern Territories are Etorofu, Kunashiri, Shikotan, and the Habomai. (©Public Domain) The post, which garnered a whopping 168 million views, appeared just one day after former Prime Minister Shinzo Abe's widow, Akie Abe, met with Vladimir Putin. "Given that a photo of Putin and Akie was placed at the bottom of the news site, it was clearly intended to drive a wedge between Japan and Russia," the NPI researcher said. Russian President Vladimir Putin welcomes Akie Abe, the widow of former Prime Minister Shinzo Abe, to the Kremlin with a large bouquet of flowers. Moscow, May 29 (©Sputnik via Reuters) Another tactic used to influence foreign politics is the "hack-and-leak" strategy. In mid-2022, Chinese hackers released partial itineraries of two Taiwanese national security officials, selectively highlighting their off-duty activities such as shopping and dining. They were intended to manipulate public perception and sow distrust among the Taiwanese public toward their government officials. Notably, Osawa explained that these leaks resemble Russia's interference in the 2016 US presidential election. Two Russian hackers at the time breached the Democratic National Committee's servers and exposed information damaging to the Democratic candidate. Turning from cyber to military cooperation, JINF researcher Maki Nakagawa pointed out that since launching joint military exercises in 2012, the scope and intensity of Sino-Russian drills have significantly expanded. In July 2024, for instance, four Chinese naval vessels transited Japan's Soya and Tsugaru Straits en route to the Bering Sea, waters within the US Exclusive Economic Zone. China's navy presence in US territorial waters dates back to 2015, when its vessels entered for the first time following a joint exercise with Russia. US and Canadian fighter jets intercept Chinese H-6 bombers near Alaska on July 24, 2024. (©NORAD) Joint air patrols are also broadening their scope. In that same month, China's H-6K bomber flew alongside a Russian bomber into Alaska's Air Defense Identification Zone. Before the flight, Nakagawa noted that the Chinese aircraft stopped at Anadyr airport in Russia's Far East, reflecting growing logistical interoperability. "Moscow is effectively providing Chinese forces with access to the northern Pacific, allowing it to pressure America's coastal defenses," she said. In turn, Chinese forces are joining Russian troops in joint drills in the Arctic and the Sea of Okhotsk, regions of strategic importance to Moscow. The Sea of Okhotsk includes the contested Northern Territories. The deepening military cooperation between China and Russia places a heavy responsibility on East Asian democracies. Nakagawa, a former Commander of the Basic Intelligence Unit in the Ground Self-Defense Force, warned that Japan must prepare for a "two-front scenario," with Chinese military forces advancing from both the Sea of Japan and the East China Sea. China's expanding naval and aerial reach, she said, will inevitably complicate America's ability to respond quickly to crises within the First Island Chain. A Chinese Coast Guard vessel with a helicopter taking off near the Senkakus, afternoon of May 3. (©Japan Coast Guard) Compounding these complexities is "China's enhanced nuclear deterrent, backed by its advancing triad capabilities and ballistic missile early warning system," the JINF researcher added. The implication for Taiwan is also significant. While Beijing is unlikely to seek direct Russian military intervention, Nakagawa said it would expect intelligence sharing, anti-access and area denial A2/AD support, nuclear deterrence, and weapons transfers in the event of a potential Cross-Strait conflict. By observing the real-world use of drones and advanced weaponry in the war in Ukraine, China is seeking to draw lessons from its authoritarian ally across a broad spectrum of domains, extending beyond cyber operations. Author: Kenji Yoshida
Forbes
19-06-2025
- Forbes
Google's Gmail Warning—Do Not Use Any Of These Passwords
New Gmail password warning dpa/picture alliance via Getty Images Google has confirmed details of a complex attack with a simple warning attached. Yet again, bad actors have exploited Google's legitimate account infrastructure to trick users into compromising their own security. And while in this instance the targets were highly targeted, the basic vulnerability affects all users. Google's Threat Intelligence Group and Citizen Lab warn that Russian state-affiliated hackers used seemingly legitimate U.S. State Department email addresses to help target high-value individuals with emails and calendar invites. With a target hooked, a malicious PDF attachment was then sent which triggered a password request to open. Victims were directed to 'to create an Application Specific Password (ASP) or 'app password'. ASPs are randomly generated 16-character passcodes that allow third-party applications to access your Google Account, intended for applications and devices that do not support features like 2-step verification (2SV)." As Citizen Lab says, 'while many state-backed attackers still focus on phishing a target's passwords and MFA codes, others are constantly experimenting with novel ways to access accounts." This attack "is yet another effort to gain account access through a novel method: convincing the target user to create and share a screenshot of an App-Specific Password (ASP).' ASP Warning Google The target was then told to share the Gmail ASP to open the document. This enabled the attackers to gain access to the victim's Gmail account using that ASP. As Google says, 'users have complete control over their ASPs and may create or revoke them on demand.' But if you don't know you've been attacked, you have no reason to do so. Two separate warnings here. If you consider yourself a high-value target for any flavor of sophisticated or even state-affiliated hacker, if you're in a high-profile or high-risk job or location, then you should enable Google's Advanced Protection Program. This will better lock down your account, but it is for a small minority of users. For all others, the second warning is not to use these ASPs. Google warns 'app passwords aren't recommended and are unnecessary in most cases. To help keep your account secure, use 'Sign in with Google' to connect apps to your Google Account." Even if you're not at risk from a sophisticated attack, the use of ASPs has now been flagged and it wil be very easy for attackers to socially engineer simpler, wider campaigns that trick users into sharing ASPs using a wide variety of lures. As such do not set these up and certainly never share them.
CTV News
16-06-2025
- Politics
- CTV News
Border bill raises questions about expanded data sharing with U.S.: Citizen Lab
OTTAWA — An organization that monitors the effect of information flows on human rights says the new federal border security bill appears to 'roll out a welcome mat' for expanded data-sharing agreements with the United States and other foreign authorities. Researchers with The Citizen Lab at the University of Toronto say they want the federal government to reveal more about the information-sharing implications of the bill due to a possible risk to human rights. A preliminary Citizen Lab analysis of the bill also raises questions about how any new information-sharing plans would comply with Canada's policy on tabling treaties in Parliament. The analysis released today notes the legislation refers to the potential for agreements or arrangements with a foreign state. The bill also mentions the possibility that people in Canada may be compelled to disclose information by the laws of a foreign state. The government says the legislation is intended to keep borders secure, fight transnational organized crime, stop the flow of deadly fentanyl and crack down on money laundering. This report by The Canadian Press was first published June 16, 2025 Jim Bronskill, The Canadian Press
