Cyber Week in Review: October 4, 2024

Leading Cambodian journalist charged for reporting on nation’s cyber scam industry

Mech Dara, an award-winning Cambodian journalist well-known for his reporting on cybercrime, was arrested and charged by Cambodian authorities on Tuesday with “incitement to commit a felony or cause social disorder” after continuously reporting on Cambodia’s cyber scam industry; Dara is currently detained in Kandal Provincial Prison. The Cambodian government frequently uses this charge to silence critics. Last year, Dara was honored by U.S. Secretary of State Anthony Blinken as one of the first journalists to write in-depth investigative pieces on incidents of human trafficking connected to online scams; that reporting brought international attention to a multi-billion dollar trafficking and scamming industry in Cambodia. So-called “pig butchering” scams have become increasingly common in Southeast Asia over the past five years; the scams involve creating a fake identity and building up a rapport with a victim before asking them to either loan or invest money with the scammer, with some victims losing hundreds of thousands of dollars. The criminal gangs who run some of the largest pig butchering operations have also come to rely on human trafficking as a source of labor. Recent reporting has found that more than 200,000 people in Southeast Asia have been forced into running these scams in recent years. Similar cyber scam operations are appearing in other regions, including Latin America, the Middle East, and other regions. Dara’s reporting has been instrumental in exposing the depth of cyber scams in Cambodia; forty-six civil society groups and Cambodian news organizations signed a joint statement calling for his release, which was published by Cambodian human rights organization LICIDHO the same day. Bryony Lau, Deputy Asia director at Human Rights Watch, stated that “arresting the award-winning journalist Mech Dara on bogus charges shows that the Cambodian government is determined to stamp out all that remains of independent media in the country.”

California Governor Gavin Newsom vetoes major AI bill

California Governor Gavin Newsom vetoed a major AI safety bill earlier this week. The bill would apply a new set of standards to the largest and most advanced AI models. Developers of models governed under the bill would have to adhere to a number of new standards, including: building in a “kill switch” that would enable organizations to shut off and isolate AI systems if they became a threat, and requiring safety testing before large models could be released publicly. The bill also would have authorized the California attorney general to sue companies for any serious harm caused by their models, including death or property damage. Newsom said that he vetoed the bill because it was too focused on regulating so-called frontier models, the most advanced AI models, without dealing with broader societal risks posed by AI. While no existing models would be governed under the bill, it still became a major source of contention among AI researchers and developers. Renowned AI developer and scholar Fei-Fei Li, who has focused extensively on responsible AI development, wrote an op-ed in August saying that the bill would harm “our budding AI ecosystem.” Several large companies, including OpenAI, Google, and Microsoft, also opposed the bill on the grounds that it would stifle innovation. Geoffrey Hinton, Lawrence Lessig, and several other prominent academics who have been leading voices warning against AI existential risk, wrote a letter to Newsom and other senior California officials in August and said that the bill was the “bare minimum for effective regulation of” AI. Some experts also noted the level of corporate opposition to the bill, with Amba Kak, president of the AI Now think tank, saying, “When debates about regulating A.I. get reduced to Silicon Valley infighting, we lose sight of the broader stakes for the public.”

U.S. Justice Department indicts Iranians for election interference

The U.S. Justice Department announced charges against three members of the Iranian Revolutionary Guard Corps (IRGC) for their role in a hack and leak campaign that targeted the Trump campaign earlier this year. According to the indictment, the three Iranians perpetrated a years-long scheme to gain access to the email accounts of former U.S. government officials. In May, they began using this access to target and gain access to accounts associated with the Trump campaign and then used that access to the broader network to steal documents and emails. The Iranians concocted a fake persona to send the stolen documents to members of the press and the Biden-Harris campaign, although news outlets refused to publish the documents. It appears that Biden-Harris staffers never downloaded the documents they were sent. The Office of the Director of National Intelligence (ODNI) released an assessment of foreign interference in the upcoming U.S. election in mid-September. The assessment found that Russia, Iran, and China continue to actively interfere in the U.S. election, with Iran aiming to amplify polarizing issues. All three countries are expected to step up their activities in the weeks approaching the election, which takes place on November 5.

Microsoft will start paying some publishers for content that its AI references

Microsoft announced that Copilot Daily, a new news feature in its Copilot AI assistant, will offer a licensing deal to publishers and provide payments when their articles are referenced. According to Microsoft, the new feature will pull from a small group of licensed, trusted sources for its answers, in contrast to the broad inputs of other AI tools. Thus far, Reuters, Axel Springer, Hearst Magazines, USA Today Network, and the Financial Times have signed licensing agreements with Microsoft to allow their content to be used for Copilot Daily; the individual terms of each deal have not been disclosed. Perplexity, another AI developer, also recently announced a licensing scheme that will pay news organizations a set amount every time one of their links is surfaced by Perplexity’s AI products; the model is similar to the revenue per-click model used by most large advertising groups on the internet. AI developers and content publishers continue to tussle over AI developers’ use of massive datasets scraped from different parts of the internet, often with little respect for copyright and intellectual property. Publishers have begun to push back in different ways, both through licensing agreements, and other methods, such as Cloudflare’s new AI Audit offering, a suite of tools that allow website owners to preventing scraping of their site.

U.S. hosts Counter Ransomware Initiative Summit in Washington, D.C.

The Counter Ransomware Initiative Summit of 2024 took place from September 30 to October 3, and members focused on launching capabilities to disrupt attackers, improving information sharing for cybersecurity, and fighting back against bad actors by refusing to pay ransoms. At the summit, CRI members reaffirmed their joint commitment that members should not pay ransoms to cybercriminals, and the United States launched a new fund for CRI members to strengthen capabilities through targeted support and rapid assistance in the wake of a cyberattack. CRI also tapped several countries to lead different lines of effort on countering ransomware and achieving the CRI’s goals. Singapore and the UK are spearheading the Policy Pillar of the CRI, with the goal of providing guidance for businesses on how to prepare for, deal with, and recover from ransomware attacks. Germany and Nigeria will continue to lead the Diplomacy and Capacity Building Pillar, which helped expand CRI partnerships to include eighteen new members over the past six months. Finally, Canada has developed an advisory panel on public-private collaboration and best practices. In parallel to the Summit, the U.S. Treasury Department announced it was sanctioning several members of the Evil Corp ransomware gang. Among those sanctioned include a former member of the FSB, Eduard Benderskiy, who was allegedly instrumental in establishing Evil Corp’s connections with the Russian government.

Maya Schmidt is the intern for the Digital and Cyberspace Policy Program.