Cyber Week in Review: December 13, 2024
CSRB hosts meeting on Salt Typhoon hack; Russia disconnects from internet in test; China will probe Nvidia after U.S. export controls; Romanian Supreme Court annuls election; Australia to tax social media platforms.
December 13, 2024 4:37 pm (EST)
- Post
- Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.
CSRB to host first meeting on Salt Typhoon telecom hack
The U.S. Cyber Safety Review Board (CSRB) held its first meeting earlier this week on a major telecommunications hack by Chinese threat actor Salt Typhoon that compromised at least eight telecommunications companies and exposed the call records of countless senior government officials. The cyberattack, which may have begun as far back as 2022, involved exploiting routers and switches used by telecommunications companies to burrow deep into their networks, allowing hackers to observe call log data and potentially monitor calls in real-time. The hack also piggy-backed off a system used by law enforcement agencies to carry out wiretaps, prompting criticism from some privacy and civil liberties groups, who argue that the insecure nature of the wiretapping system allowed the hack to take place. The CSRB is composed of a mix of government officials and private sector experts and is charged with delivering reports on major cyber incidents, although experts have warned that the CSRB lacks the resources and political independence necessary to ensure comprehensive, impartial reports. The CSRB faces a daunting challenge as it investigates the ongoing hack, especially given its sprawling nature, the depth of Salt Typhoon’s intrusion, and the fact that U.S. cybersecurity officials are still determining the true scope of the attack and working to evict Salt Typhoon. Lawmakers from both parties have signaled support for the investigation, and Senator Ron Wyden (D-OR) introduced a bill to the Senate that would substantially tighten cybersecurity requirements for telecommunications companies.
Russia tests “sovereign internet” in several regions, disconnects from global internet
Russia appears to have tested its ability to cut itself off from the worldwide internet earlier this week. Several regions, all with large numbers of ethnic minority groups, were affected by internet outages during the testing, in what Russian telecommunications regulator Roskomnadzor described as a test of its ability to disable foreign internet access in specific regions. The testing, which affected users in Dagestan, Chechnya, and Ingushetia, among other regions, affected access to Western services like Google and even Russian services like Yandex. Unlike other tests of internet censorship technology, the Russian “sovereign internet” model even prevents access to blocked services when users use a virtual private network (VPN). Roskomnadzor said that the test was intended to determine Russia’s ability to “maintain the operation of key foreign and domestic services in the event of intentional external interference." The tests could have significant implications for opposition activists in the regions, all three of which have recently experienced unrest. A functional sovereign internet system would allow the Russian government to control or restrict access to sites like Telegram or WhatsApp that are used to communicate among opposition groups.
China announces antitrust probe into Nvidia following U.S. chip controls
More on:
The Chinese Communist Party’s (CCP) main antitrust regulator, the State Administration for Market Regulation (SAMR), announced an antitrust investigation into U.S. chip company Nvidia. The probe comes days after the United States announced its latest round of export controls aimed at the Chinese semiconductor industry. SAMR said it will investigate whether Nvidia violated Chinese antimonopoly laws, specifically in its 2019 acquisition of an Israeli-American networking and transmission company, Mellanox. Nvidia has been central to the booming AI industry, with its graphical processing units (GPU), which are essential for training many of the largest AI models, regarded as a class above its competitors’ offerings; this dominance has also fed fears about Nvidia’s potential to become a monopoly—the company currently controls nearly 90 percent of the GPU market—which have spurred antitrust investigations in the United States and Europe. Despite the existence of these investigations, some experts said that the investigation by Chinese authorities may be less focused on Nvidia’s actual behavior; instead, Chinese regulators may be more concerned with sending a message to the incoming Trump administration that the CCP is willing to push back against any aggressive trade controls the administration may impose.
Romanian Supreme Court seeks to annul election after Russian interference
Romania’s Constitutional Court has ruled that the first round of the Romanian presidential election, which took place on November 24, must be scrapped amid concerns about Russian interference. Two candidates ran: Elena Lasconi, a center-right small-town mayor, and Călin Georgescu, a far-right independent who was polling at less than 10 percent months prior to the election, but who saw his vote share rise to 23 percent during the overturned vote. The Court’s decision has been highly controversial, with even Lasconi, Georgescu’s opponent, denouncing the decision as anti-democratic. On December 4, current Romanian President Iohannis declassified intelligence files indicating that Russia coordinated a campaign of hacks, leaks, and social media influence operations designed to boost Georgescu’s campaign. While Russia’s influence campaign likely significantly helped Georgescu, he also benefitted from other dynamics, including widespread discontent with existing political systems in Romania, and the late withdrawal of several other far-right candidates. The crisis in Romania could have important implications for TikTok], which is facing heightened scrutiny worldwide over its potential impact on electorates; the European Union has ordered TikTok to freeze its data around Romania’s elections, pending an EU investigation.
Australia will charge digital media platforms unless they share revenue with local news outlets
Australia plans to tax social media platforms earning more than A$250 million a year that choose not to enter into or renew commercial agreements with local news publishers, whether or not those platforms carry news. The Australian government said it would release more specific plans regarding the tax after it had consulted with social media platforms and news agencies. The tax is a follow up to an Australian law passed in 2021 that required social media platforms like Google and Meta to pay journalists and news websites for hosting news on their platforms. Supporters of the tax claim that it will bolster Australia’s flagging media industry, which lost an estimated 1,000 jobs this year. Meta, one of the strongest opponents of the new tax, argued that it is not primarily a news publisher because news is not the primary draw for its users. Meta and other social media platforms have also said they are concerned that the tax amounts to charging one particular industry in order to subsidize another. Australia’s Assistant Treasurer Stephen Jones stated that because digital platforms receive financial benefits from Australia, they have a responsibility to contribute to Australians' access to quality journalism.
Maya Schmidt is the intern for the Digital and Cyberspace Policy Program.
More on: