cross-posted from: https://midwest.social/post/14300049

A bunch of eighth graders in a "wealthy Philadelphia suburb" recently targeted teachers with an extreme online harassment campaign that The New York Times reported was "the first known group TikTok attack of its kind by middle schoolers on their teachers in the United States."

According to The Times, the Great Valley Middle School students created at least 22 fake accounts impersonating about 20 teachers in offensive ways. The fake accounts portrayed long-time, dedicated teachers sharing "pedophilia innuendo, racist memes," and homophobic posts, as well as posts fabricating "sexual hookups among teachers."

Archived link

By not investigating the underlying weakness in Microsoft software that was key to the SolarWinds hack against the U.S. government, the Cyber Safety Review Board missed an opportunity to prevent future attacks against, experts say.

Russian state hackers had infiltrated SolarWinds, an American software company that serves the U.S. government and thousands of American companies. The intruders used malicious code and a flaw in a Microsoft product to steal intelligence from the National Nuclear Security Administration, National Institutes of Health and the Treasury Department in what Microsoft President Brad Smith called “the largest and most sophisticated attack the world has ever seen.” Get Our Top Investigations

The U.S. president issued an executive order establishing the Cyber Safety Review Board in May 2021 and ordered it to start work by reviewing the SolarWinds attack.

But for reasons that experts say remain unclear, that never happened.

Nor did the board probe SolarWinds for its second report.

[...]

A full, public accounting of what happened in the Solar Winds case would have been devastating to Microsoft. ProPublica recently revealed that Microsoft had long known about — but refused to address — a flaw used in the hack. The tech company’s failure to act reflected a corporate culture that prioritized profit over security and left the U.S. government vulnerable, a whistleblower said.

[...]

The board was created to help address the serious threat posed to the U.S. economy and national security by sophisticated hackers who consistently penetrate government and corporate systems, making off with reams of sensitive intelligence, corporate secrets or personal data.

[...]

The board is not independent — it’s housed in the Department of Homeland Security. Rob Silvers, the board chair, is a Homeland Security undersecretary. Its vice chair is a top security executive at Google. The board does not have full-time staff, subpoena power or dedicated funding.

[...]

As a result, there has been no public examination by the government of the unaddressed security issue at Microsoft that was exploited by the Russian hackers. None of the SolarWinds reports identified or interviewed the whistleblower who exposed problems inside Microsoft.

[I edited the title from 'President' to 'U.S. President' for making it clear which country is meant.]

cross-posted from: https://feddit.org/post/536301

Archived link

The Russia’s State Social University (RSSU) has launched a “social rating” platform that claims to build a person’s “social portrait” with possible applications in future government policies.

Named “We,” the platform promises to determine a user’s comparative “social status” based on a survey that includes questions about income, family status, benefits, creditworthiness, criminal record, lifestyle and state awards, among others.

“The social rating figures don’t affect [a person’s] life, the availability of services or the career trajectory in any way,” RSSU said on the platform’s website. “But who knows what these figures will mean for you in the future?”

Observers on social media compared the platform’s name “We” to the highly influential 1921 dystopian novel of the same name by Russian author Yevgeny Zamyatin. [The novel "We" describes a world of harmony and conformity within a united totalitarian state. It inspired British author George Orwell to write his own novel, "Nineteen Eighty-Four", which was published in 1949.]

Archived version

The Insider has obtained hacked correspondence from officers of Russia's foreign intelligence agency (SVR) responsible for “information warfare” with the West. The leaked documents, intended for various government agencies, reveal the Kremlin's strategy: spreading disinformation on sensitive Western topics, posting falsehoods while posing as radical Ukrainian and European political forces (both real and specially created), appealing to emotions — primarily fear — over rationality, and utilizing new internet platforms instead of outdated ones like RT and Sputnik.

The documents also detail localized campaigns against Russian émigrés, including efforts to discredit a fundraiser for Alexei Navalny's Anti-Corruption Foundation who had moved to the United States.

• The secret disinformation operation was codenamed “Project Kylo,” perhaps in reference to the antiquated Russian word for “pick-axe,” or an allusion to the Dark Side warrior from the Star Wars sequels determined to rule the galaxy. Or maybe both.

• The key emotions to prey upon, the SVR planners intoned, were “fear,” “panic” and “horror” — a psychosocial manipulation campaign straight out of the Cold War playbook of the Soviet KGB’s First Chief Directorate’s Department D. The D stood for disinformation.

• The architect of Kylo was Mikhail Kolesov, a pudgy, bald, 45 year-old SVR officer who was previously stationed in Kabul, Afghanistan. On May 23, 2022, Kolesov emailed himself a Word document titled simply, “Propaganda.” It appeared to be the outline of a presentation Kolesov was set to give three days later at a private roundtable discussion in the Russian Senate concerning “information warfare with the West.”

• That forum, headed by former Soviet diplomat turned hawkishly anti-Western senator Alexei Pushkov, featured recognizable mouthpieces of Vladimir Putin’s regime including Maria Zakharova, the Foreign Ministry spokesperson, psychological warfare specialists from the Ministry of Defense, and loyalist journalists.

• Pushkov was gravely worried about how pro-Ukrainian sentiments were dominating on Western internet platforms, and disappointed by Russian media. The Kremlin was losing on two battlefields: physical and informational. Using “old” state-controlled media organs such as RT and Sputnik “have demonstrated near-zero effectiveness for decades, not years;” and attempts to cultivate friendly social media platforms, such as Telegram channels, “does not live up to the expectations placed on performers and demiurges. Lack of creativity, hypocrisy and moralizing aggravate the current situation.”

• Kolesov’s fresh proposal, crafted in a stilted language — equal parts critical theory, pseudo-science, and marketing jargon — was therefore designed to inject a new scheme into the Kremlin’s propaganda approach: “systematic, targeted and active, offensive in nature.”

• Rather than propounding straightforward pro-Russian arguments, he suggested, the SVR should now aim to “deepen internal contradictions between the ruling elites” in the West by creating a fake NGO - in reality a cut-out funded and run by agents of the Kremlin — to whip up anti-establishment demonstrations on the territory of the glavnyi protivnik, or “main adversary".

• Fake advertisements disguised as news headlines, all crafted by SVR recruits, would be visible on most any desktop computer screen or mobile device used by target audiences in the West, luring them to click-through and land on “internet resources controlled by the Kremlin.

• "Waging network wars in EU cyberspace based on the increasing demands of Ukrainian migrants and the new waves of irritation of the local population provoked by this, according to preliminary estimates, will have a very high efficiency both now and in the foreseeable future.”

• German authorities, for exampke, have identified over two dozen legitimate-seeming news websites catering to exactly these fears, with articles headlined (in fluent German), “How Ukrainians are robbing Germany of economic prosperity.” The portals are part of a vast Russian influence operation.

• European politicians had already been clamoring about Ukrainians fleeing the war and becoming burdens on state resources. For instance, in September 2022, Friedrich Merz, the leader of the Christian Democratic Union of Germany, the country’s conservative party, had accused Ukrainian refugees of “welfare tourism,” an allegation for which Merz later apologized.

• The “leitmotif of our cognitive campaign in the [Western] countries is proposed to be the instilling of the strongest emotion in the human psyche — fear,” the [propaganda] document states. “It is precisely the fear for the future, uncertainty about tomorrow, the inability to make long-term plans, the unclear fate of children and future generations. The cultivation of these triggers floods an individual's subconscious with panic and terror.”

• 2023 saw its fair share of Russian-sponsored provocations seemingly aligned with Operation Kylo all across Europe. Research by a European media consortium revealed that a roving troupe of Russian hirelings kept turning up at protests in major cities such as Paris, Brussels, Madrid, and The Hague denouncing Western arms shipments to Ukraine. The men, the consortium concluded, had likely been hired by Russian special services.

Archived version

Here is the report (pdf)

The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are embedding a polyfill script linking to the malicious domain as of July 2, 2024.

This includes references to "https://cdn.polyfill[.]io" or "https://cdn.polyfill[.]com" in their HTTP responses, the attack surface management firm said.

"Approximately 237,700, are located within the Hetzner network (AS24940), primarily in Germany," it noted. "This is not surprising – Hetzner is a popular web hosting service, and many website developers leverage it."

Details of the attack emerged in late June 2024 when Sansec alerted that code hosted on the Polyfill domain had been modified to redirect users to adult- and gambling-themed websites. The code changes were made such that the redirections only took place at certain times of the day and only against visitors who met certain criteria.

The nefarious behavior is said to have been introduced after the domain and its associated GitHub repository were sold to a Chinese company named Funnull in February 2024.

The development has since prompted domain registrar Namecheap to suspend the domain, content delivery networks such as Cloudflare to automatically replace Polyfill links with domains leading to alternative safe mirror sites, and Google to block ads for sites embedding the domain.

[Edit typo.]

cross-posted from: https://feddit.org/post/490647

Archived link

“[Russian] information operations are underway […] to gradually demoralise the public debate so that Russian narratives can be disseminated. These are part of an information war to stop the flow of material aid to a struggling Ukraine,” warned the Czech National Centre for Combating Organised Crime (NCOZ) in a report.

“The Kremlin’s efforts to diminish public trust in institutions and the state is not new, but the increase in the intensity of influence operations is a threat,” the Czech Strategic Communications Coordinator Otakar Foltýn said in reaction to the NCOZ report.

• According to the NCOZ, Russian activities are aimed at influencing the population of Western European countries while increasing the threat of sabotage against critical and transport infrastructure, with local residents and criminal networks are becoming more involved in various activities.

• These include gathering information, identifying targets, putting pressure on specific individuals, such as those from the exiled diaspora, and even direct attacks on infrastructure and public places.

• “This issue has been persistent for several years, with Russian and Chinese influence attempting to infiltrate Czech society,” Jurečka said. “We must cultivate a society that can critically think, resist disinformation, and not succumb to fear,” Jurečka added.

cross-posted from: https://feddit.org/post/488027

Archived link

• Russia has increased its information war against Moldova joining the European Union (EU), Kremlin disinformation campaigns are heavily using social media: Facebook, Tik Tok, Telegram and others.

• Russia’s disinformation in Moldova pursues three key goals: to derail Moldova’s accession to the EU, undermine support for the pro-Europe government of President Maia Sandu and bring Moldova back into Russia’s orbit.

• Some of the disinformation attacks are startlingly transparent lies: A prominent Russian, pro-Kremlin commentator, Vladimir Solovyov, last year posted a photo on social media of a Moldovan rally supporting EU membership, simply relabeling it an anti-EU demonstration in a different city. Other attacks are increasingly sophisticated, including the use of artificial intelligence to create “deepfaked” videos of President Maia Sandu, according to Moldova-based journalists and Sandu’s office.

The Russian campaign uses several core narratives, according to a study:

1. A risk of war over Transnistria, a separatist enclave at Moldova’s eastern edge, if Moldova should press for the withdrawal of Russian troops based there.

2. Risk of communal conflict between Moldova’s ethnic or linguistically Romanian citizens (roughly 80 percent or more of the population) and the minorities of Russians or other Russian-speaking citizens.

3. NATO’s threat of war. Moldova is constitutionally mandated to be militarily neutral, but it cooperates with NATO. Russia warns that Moldova may join NATO, making war almost inevitable.

4. Anti-LGBT propaganda. Russia warns that liberal EU policies include “homosexual propaganda” that will turn Moldovan children to homosexuality.

5. Russia is good, Europe is bad. Russian narratives say that deeply impoverished Moldova owes its few advantages — such as Soviet-built factories — to its rule from Moscow, while “nothing good came out of Europe.”

Russian Disinformation: Impact and Response

• Investigations have found that 35% of Moldovans are agreeing that "Russia invaded Ukraine to protect people marginalized by Nazi sympathizers.” Similarly, 31% agreed that “the Russian Federation is the guarantor of peace and stability in Moldova.” Russia’s disinformation campaigns “lead to decreased support for human rights, exacerbate relations between linguistic groups, and may increase vulnerability to political violence, especially among the youth.”

• Because Moldova is a small media market, the limited advertising or other revenue available to its news media leaves fact-based journalism massively overmatched by the millions of dollars per month that experts say Russia is spending on disinformation.

• International partners find ways to help Moldova’s Association of Electronic Press or other institutions build capacities for real-time detection and countering of faked information. This could include initiatives like StopFals, a fact-checking project run by Moldova’s Independent Press Association.

cross-posted from: https://feddit.org/post/461229

The leap in emissions is largely due to energy-guzzling data centers and supply chain emissions necessary to power artificial intelligence (AI) systems such as Google’s Gemini and OpenAI’s ChatGPT. The report estimated that in 2023, Google’s data centers alone account for up to 10% of global data center electricity consumption. Their data center electricity and water consumption both increased 17% between 2022 and 2023.

Google released 14.3 million metric tons of carbon dioxide just last year, 13% higher than the year before.

Climate scientists have shown concerns as Big Tech giants such as Google, Amazon and Microsoft continue to invest billons of dollars into AI.

cross-posted from: https://feddit.org/post/408358

Original version behind a subscription

Archived version

A surge of Chinese plastic supply is threatening to overflow in the face of weak domestic demand, morphing into a fresh trade challenge for the rest of the world.

“Everyone in China has this notion that if they are fast enough, if they are the first in the industry, able to burn cash long enough, then they will become the survivor that takes market share. And then they can raise the price,” said Ms Vivien Zheng, Asia chemicals analyst with Bloomberg Intelligence.

• Plants have mushroomed along the country’s eastern coast over the last decade, built in a race to satisfy China’s hunger for plastic and to help refiners counter an expected downturn in transport fuels, as electric vehicles take off. Vast volumes and lacklustre post-pandemic demand mean margins are paper thin – but companies have kept producing, hoping to cling to existing market share.

• “This is yet another example – after steel and solar panels – where China’s structural imbalances are clearly spilling over into global markets,” one expert for Chinese industries said. In an echo of its predicament from batteries to green-energy technology, the world’s second-largest economy is staring down a situation of dramatic industrial excess.

• Factories currently navigate the supply surge with brief shutdowns and low run rates, but as production capacity continues to be added, petrochemical executives and sector analysts say surpluses will grow – enough in many products to turn China into a significant exporter, often selling into a glut and potentially exacerbating existing trade tensions.

• “China’s substantial investments between 2020 and 2027 have reshaped global supply dynamics, leading to a structural surplus in Asia and persistent low or negative profit margins,” said Ms Kelly Cui, principal petrochemicals analyst at Wood Mackenzie. The consultancy estimates that almost a quarter of global ethylene capacity is at risk of closure, even as China is still adding more.

• Between 2019 and the end of 2024, China will have completed construction of so many plants to turn crude oil and gas into products such as ethylene and propylene – materials behind everything from plastic bottles to machinery – that nameplate capacity is now equal to Europe, Japan and South Korea combined, according to the International Energy Agency (IEA).

• Part of the reason is that smaller plants do not require approvals from Beijing, as large refineries do. The local authorities were quick to see the opportunity to use cheap land and fiscal perks to encourage job creation and investment. All sought to feed demand for a plastic known as polypropylene, used for plastic packaging, automobile parts and electrical appliances.

• But as supply flowed, domestic demand faltered. Now the trouble is that financial and market-share pressures are also adding up.

• China is already a net exporter of polyester products such as PVC and PET, used in clothing or food containers, shipping them to countries like Nigeria, Vietnam and India, according to an expert, again creating or worsening trade surpluses.

• Most of the new facilities in China were installed in the last three or five years despite slowing demand, which makes this economic development harder and harder to sustain.

cross-posted from: https://feddit.org/post/408016

Original report (pdf)

Russia has been utilizing Kaliningrad, its strategic exclave bordering Poland and Lithuania, as a base to disrupt European Union satellite systems, according to a report from the United Nations International Telecommunications Union (ITU).

The ITU’s Radio Regulations Board (RRB) urged Russia to “immediately cease any deliberate action to cause harmful interference to frequency assignments of other administrations.” This statement follows a review of geolocation data from disrupted signals, which the board described as “extremely worrisome and unacceptable.”

For several months, European satellite companies have reported being targeted by Russian radio frequency interference, leading to broadcast interruptions and, in at least two instances, violent programming overriding content on children’s channels.

Initially, complaints from several NATO members identified the sources of disruption as mainland Russia and occupied Crimea. However, the RRB’s latest findings indicate that recent interference originated from locations including Kaliningrad and Moscow.

The disruptions have primarily targeted TV and radio channels with Ukrainian content, but have also affected channels operated by the Administration of the Netherlands, the report said. The interference has manifested in various forms, such as high-power unmodulated carriers and replicated multiplexing signals, which override the original content transmitted by satellite.

Two separate satellite operators conducted geolocation analyses, both independently concluding that the interference occurred from earth stations located in Moscow, Kaliningrad, and Pavlovka.

Last week, reports emerged that a commercial transatlantic flight experienced significant disruptions due to GPS jamming, marking the first known instance of such an incident on this route. A flight from Madrid to Toronto was forced to operate in a “degraded mode” because a higher-altitude flight had been affected by GPS interference.

The Institute for the Study of War, a think tank that monitors global conflicts, previously reported that it observed high levels of GPS jamming over Poland and the Baltic region since late 2023. Some analysts and experts have attributed these incidents to Russian electronic warfare (EW) activity from the Kaliningrad area and near St. Petersburg, Russia.

For years I was using Drupe, but they've thoroughly enshittified. What used to be a sleek, extremely functional dialer app with a fantastic UI has become a slow, ad-filled sack of garbage with a still pretty good UI.

A few months back I had enough and I switched to FOSS Dialer. The biggest thing on my radar was looking for something that isn't prone to being turned to adware garbage for a quick quarterly profit, so it seemed like a good fit.

But in the past few months I've probably made more accidental calls in a single week than in the years that I used Drupe. It's super obnoxious. Click once, and I call some random person. When I open my phone it literally just starts at the top of my contact list.

Drupe was great because I could arrange which frequent numbers I wanted to use in which order along the left side of my screen and calling or texting just required me to drag it over to a spot on the right side of my screen. I could call people without looking at my phone, I hardly ever called the wrong number or accidentally dialed someone, and it was really comfortable and easy to use. If it hadn't turned to a bloated piece of crap I'd have used it forever.

So my question: is there anything more along the lines of Drupe in terms of UI that is at least not at the moment packed full of ads, slow as hell, and collecting all sorts of data? I've kinda had it up to here with FOSS Dialer.

It looks like it will require a manual review process for now but it could be automated down the line.

https://github.com/SerenityOS/serenity/pull/6814

cross-posted from: https://feddit.org/post/390314

"We encourage you to consider, beyond the state subsidies, other reasons leading Chinese EVs to be sold at prices below market in the EU," Philippe Dam, EU Advocacy Director at Human Rights Watch (HRW), writes in an open letter to the European Commission.

Refering to the EU's ongoing consultations with Beijing regarding tariffs on Electric Vehicles (EVs), HRW asks the Commission to "urge the Chinese government to end crimes against humanity against Uyghurs and Turkic Muslims in Xinjiang and elsewhere and implement the recommendations of the August 2022 OHCHR report on Xinjiang".

HRW demands three points:

• Release everyone who remains arbitrarily detained or imprisoned

• Investigate and appropriately prosecute government officials implicated in serious violations of human rights and crimes against humanity

• Grant free and unfettered access to Xinjiang to independent monitors, as requested by the UN High Commissioner for Human Rights and several UN Special Procedures

The rights groups also calls to ensure coherence with the pending Forced Labor Regulation, which enables the European Commission and EU member states to take steps to block entry into the EU market for products made with forced labor.

cross-posted from: https://feddit.org/post/375357

cross-posted from: https://feddit.org/post/373442

Archived link

Here is the report (pdf).

Serbian authorities have adopted invasive surveillance practices and facial recognition technology to monitor political opponents, civic activists and critical journalists, says a BIRN report entitled ‘Digital Surveillance in Serbia – A Threat to Human Rights?’, published on Friday.

Equipment from Chinese manufacturers, such as Dahua and Hickvision, predominates.

Serbia’s aspirations for EU membership mean that it faces pressure to adhere to EU standards on data protection and privacy as well as cybersecurity. However, Serbia has simultaneously strengthened ties with authoritarian countries, especially China and Russia.

cross-posted from: https://feddit.org/post/352534

- China implemented new regulations on Monday under its toughened counterespionage law, which enables authorities to inspect smartphones, personal computers and other electronic devices, raising fears among expatriates and foreign businesspeople about possible arbitrary enforcement.

- A Japanese travel agency official said the new regulations could further prevent tourists from coming to China. Some Japanese companies have told their employees not to bring smartphones from Japan when they make business trips to the neighboring country, according to officials from the companies.

The new rules, which came into effect one year after the revised anti-espionage law expanded the definition of espionage activities, empower Chinese national security authorities to inspect data, including emails, pictures, and videos stored on electronic devices.

Such inspections can be conducted without warrants in emergencies. If officers are unable to examine electronic devices on-site, they are authorized to have those items brought to designated places, according to the regulations.

It remains unclear what qualifies as emergencies under the new rules. Foreign individuals and businesses are now expected to face increased surveillance by Chinese authorities as a result of these regulations.

A 33-year-old British teacher told Kyodo News at a Beijing airport Monday that she refrains from using smartphones for communications. A Japanese man in his 40s who visited the Chinese capital for a business trip said he will "try to avoid attracting attention" from security authorities in the country.

In June, China's State Security Ministry said the new regulations will target "individuals and organizations related to spy groups," and ordinary passengers will not have their smartphones inspected at airports. However, a diplomatic source in Beijing noted that authorities' explanations have not sufficiently clarified what qualifies as spying activities.

Last week, Taiwan's Mainland Affairs Council upgraded its travel warning for mainland China, advising against unnecessary trips due to Beijing's recent tightening of regulations aimed at safeguarding national security.

In May, China implemented a revised law on safeguarding state secrets, which includes measures to enhance the management of secrets at military facilities.