Cyber Week in Review: September 20, 2024

UN High Level Advisory Body releases final recommendations for global AI governance

The UN Secretary General’s High-level Advisory Body on Artificial Intelligence (HLAB) published its final report on Thursday of this week. The HLAB was convened in October 2023 and published an interim report in December 2023. The group was originally convened to provide recommendations on strengthening international cooperation on AI and harnessing AI to build toward the UN Sustainable Development Goals. In  announcing the report, the group emphasized how the UN hoped to expand the conversation around governance of AI to better include the Global South. The report recommends establishing a global AI fund to spearhead projects in these countries and creating resources, including trainings, to help governments stand up their own AI governance initiatives. The report also recommends centralizing new fact-finding and policy dialogues within the UN, with a focus on identifying AI capabilities and risks while also ensuring technical interoperability between systems. To that end, the report recommends the creation of an independent international scientific panel within the UN to issue an annual report on the state of AI science. The report also pushes for two new information-exchanging bodies: a policy forum to convene relevant stakeholders to discuss AI governance, human rights, and a framework for international cooperation, as well as an AI standards exchange between states. The report appears to take a page from internet governance in some parts, especially in its emphasis on retaining technical interoperability between AI systems even as governments pursue distinct regulatory regimes. It identifies several gaps between ongoing governance initiatives in different countries and regions and recommends pulling many questions of AI governance into the UN, both to increase the equity of the process, and reduce duplication of effort.

Pagers and mobile radios explode across Lebanon and Syria

Thousands of pagers and walkie talkies exploded in coordinated attacks on Tuesday and Wednesday in Lebanon, leaving thousands injured and at least thirty people dead. The attacks appeared to be aimed at crippling the communications networks of Hezbollah, which had begun to rely on pagers and radios more frequently for communications over fears that Israel was using cellphones and cell networks to spy on and locate Hezbollah operatives. The attacks are believed to have been coordinated by Israel, which infiltrated the supply chain for the pagers Hezbollah bought and inserted explosives into the batteries of pagers being shipped to Hezbollah. The supply chain compromise appeared to stem from a Hungarian front company, B.A.C. Consulting, which had a contract with Taiwanese company Gold Apollo to produce versions of Gold Apollo pagers. B.A.C. had several legitimate clients who were not sent the booby-trapped pagers. B.A.C began shipping the compromised pagers to Hezbollah in 2022, and significantly increased production as Hezbollah moved away from cellphones. Some news outlets reported that the Israeli government chose to detonate the pagers as part of its goal of allowing citizens to return to their homes in northern Israel. Hezbollah’s rocket attacks on the area, and the specter of a larger conflict between Israel and Hezbollah, had motivated the Israeli government to evacuate nearly 60,000 people to the south earlier this year.   

EU Commissioner Thierry Breton resigns

France’s commissioner to the European Union, Thierry Breton, abruptly resigned earlier this week over what he called “questionable governance” decisions by European Commission President Ursula von der Leyen. In his resignation letter, Breton claimed that von der Leyen had asked the French government to withdraw his nomination as commissioner, in return for an “allegedly more influential portfolio.” Breton had served as the EU’s commissioner? for internal markets in von der Leyen’s last administration and was responsible for enforcing several major pillars of the EU’s technology regulatory agenda, including the Digital Services Act. Breton had been closely involved in the EU’s attempt to regulate some of the largest technology platforms andrecently feuded publicly with Elon Musk over X’s handling of illegal content and disinformation. The shakeup in von der Leyen’s leadership comes as she tries to finalize a leadership team for her second term as European Commission President, which began in July. Breton was nominated by the French government for a second stint as commissioner, and experts said it was unusual for a nominee to resign so soon after being nominated. French Prime Minister Emannuel Macron has said that France will nominate Stéphane Séjourné, the former Minister of Foreign Affairs and a close ally of Macron, to take Breton’s place as commissioner. It is unclear what portfolio Séjourné will take in his role as commissioner and if anyone will step into Breton’s place as the main public enforcer of EU technology regulations.

Instagram rolls out privacy overhaul for teenagers’ accounts

Instagram announced sweeping changes to its platform earlier this week designed to improve privacy protections on the app and mitigate some of the addictive qualities of the app for users younger than eighteen. The app will require users to verify their age, with varying methods by country, automatically set teenage users’ accounts to private, and impose stricter settings on who can message teenagers’ accounts. Instagram will also make several changes to reduce the addictiveness of the app for teens: teens will be prompted to close the app after sixty minutes of continuous use; teenagers’ accounts will be placed in “sleep mode” between 10 pm and 7 am, which will stop them from receiving notifications; and  parents accounts far more visibility and control over who teenagers message and what kind of content they can view. Adam Mosseri, the head of Instagram, said that the changes would likely encourage teenagers to try and circumvent Instagram’s age assurance systems; Mosseri said that Instagram was exploring new methods of verifying users’ age in association with their accounts, including the use predictive technology to proactively find accounts who misrepresent their age.

U.S. and allies seize control of Chinese-controlled botnet

The United States and several allied states said they had taken control of a botnet composed of more than 250,000 Internet-of-things (IOT) devices that were being used by Chinese government-affiliated hackers to conceal their activities. The Justice Department said the botnet was controlled by a group tracked as Flax Typhoon, which is affiliated with a government contractor in Beijing called Integrity Technology Group. Authorities said that Flax Typhoon used the botnet to hide its activities while it stole information from organizations and mapped critical infrastructure in the United States and Europe. Almost 48 percent of all the compromised devices are in the United States, according to a joint cybersecurity advisory issued by U.S. and European agencies. In 2023, Flax Typhoon was detected in the systems of several Taiwanese organizations, where it gained a foothold in certain companies and tried to expand and retain its access to key information systems. Integrity Technology Group had already been tied to Chinese intelligence agencies, having hosted a hacking competition widely seen as a recruiting ground for Chinese cyberespionage groups; however, the new report ties Integrity much closer to active network exploitation, rather than mere talent identification and training.