NewJeans filed an ex parte application in late March in the Northern District of California, where Google is headquartered, for an “order authorizing limited discovery” of the user’s data from the company “for use in a criminal matter in Korea,” the order granting the application states. The group alleges that the account, which according to court documents posts under the handle @Middle7, has posted as many as 33 defamatory videos that had been viewed nearly 14 million times as of their filing. Because the account is anonymous, however, the lawsuit cannot continue until the user has been identified.

Among the statements NewJeans claims are defamatory include calling one of the members the “eldest daughter of a Vietnamese farmer,” and a video titled "Reasons Why NewJeans Is A Crap Group."

Google also recently cut down its Legal Investigations team, which handles the company’s responses to subpoenas and law enforcement requests, by what a union representing some workers alleged was over a third of the less-than-100-person team, though a Google spokesperson later clarified that less than a dozen positions had been impacted.

Temu, a popular marketplace where consumers can buy direct from factories overseas at cheap prices, is drawing concerns from lawyers and privacy experts in North America who allege the shopping app can be “invasive” for unwitting users.

Temu is currently the subject of two proposed class-action lawsuits filed last year in district courts in New York and Illinois, which have not been certified. A third class action was filed in Quebec in March.

Many Canadians might first have been exposed to Temu during the Super Bowl this year or last, where the company took out multiple ads encouraging viewers to “shop like a billionaire.”

The app and online storefront sell cheap clothing, electronics, furniture and more from overseas manufacturers based largely in China. Temu’s website says the company was founded in Boston in 2022, but it’s a subsidiary of Shanghai-based PDD Holdings, a multinational commerce group established in 2015 in China.

PDD Holdings on Wednesday became the largest e-commerce player in China by market valuation, topping rival giant Alibaba, according to a CNBC report citing LSEG data.

The allegations about Temu’s deep reach into user data come as governments in both Canada and the United States grapple with privacy concerns around apps like TikTok, another Chinese-owned platform.

Temu has also earned comparisons to China’s ultra-fast-fashion giant Shein among industry observers for its factory-to-consumer business model.

As of May 31, Temu is the top free app on the Apple App Store and Google Play Store in Canada.

Class-action lawsuits filed in U.S., Quebec

Temu is currently the subject of two proposed class-action lawsuits filed last year in district courts in New York and Illinois.

A third class action was filed in Quebec in March, but is not yet certified and is reserved to residents of the province.

All suits filed cite various privacy complaints among users of the Temu app.

Jeff Orenstein, lawyer at the Consumer Law Group that filed the Quebec suit, says the permissions the Temu app asks for when you download it do not adequately detail how “invasive” the program can be.

The Consumer Law Group’s class-action complaint alleges that Temu’s app can access data via your phone’s camera, photos, messages, contacts and other apps.

“Some of the things that were picked up that the app is looking at are things that really have nothing to do with the functionality of the app,” he tells Global News.

Consumer Law Group alleges that these privacy violations are intentional on Temu’s part. The firm is seeking damages for violating individuals’ charter-protected rights to privacy and an injunction to prevent the app from taking the data in Quebec.

In response to these claims, a Temu spokesperson told Global News the app collects “the minimum information necessary” to deliver its services.

“We categorically deny the allegations in these lawsuits and intend to vigorously defend ourselves against them,” an emailed statement read.

Temu denies overreach

The spokesperson pointed Global News to the “permissions” section of the Temu website, which claims that access to contacts, calendars, microphones and Bluetooth are not requested via the app.

Temu says the camera may be used on iOS devices when using pictures to leave reviews or search via image for a product. Temu does not request full permissions to a smartphone’s photos app, the website says, but can use a device’s “built-in image picker” – an interface that allows users to choose from pictures on their device in-app – without giving complete access to the photo archive.

Temu also does not ask for location access in “most countries,” including Canada, according to the disclaimer. The listed exception is the Middle East, where Temu says location data helps users fill in shipping addresses.

Orenstein says much of the Consumer Law Group suit is based on a September 2023 report from Grizzly Research, a U.S.-based firm that identifies short-selling opportunities on equity markets.

Grizzly lambasted Temu as “the most dangerous app in wide circulation” in a report on its parent company, PDD Holdings.

Security issues in the Temu app amount to “spyware,” the report published last September argues. It claimed that the reach of the app goes far beyond what’s listed upfront in the company’s privacy policy, with the potential to access more of a phone’s file system than a user intended.

The Grizzly report is based on publicly available information and the firm says it engaged a team of unnamed cyber experts to back up its warnings. Grizzly said it stands by its research but also includes a disclaimer that the report is opinion only and should not be treated as a “statement of fact.”

In an email to Global News, Temu also denied allegations that its application amounts to spyware and dismissed the Grizzly report as unfactual. A spokesperson pointed to the app’s listings on Google’s Play Store and Apple’s App Store, which they said “rigorously screen apps for malware and spyware.”

Grizzly compares the app to TikTok, which has come under threat of ban in the U.S. unless its Chinese owners ByteDance Ltd. sell to an American firm, and is the subject of a national security review in Canada.

ByteDance has sued to prevent the U.S. ruling from coming into effect on Jan. 19, 2025, and has denied claims that TikTok poses a security risk.

The head of Canada’s national spy agency recently said TikTok is a “real threat” to users’ data security because of the app’s Chinese ties, a warning Prime Minister Justin Trudeau said Canadians ought to heed. TikTok has previously denied it provides data to the Chinese government in a statement to Global News.

But Temu is “demonstrably more dangerous than TikTok,” the Grizzly report argues, and should be removed from app stores as a result.

Global News reached out to both Apple and Google to ask whether Temu’s privacy policies satisfy their respective app stores and whether the platforms have taken action to address data security complaints. Neither company has responded with comment.

Why is this such a big deal?

Rob D’Ovidio, associate professor at Drexel University in Philadelphia, is one of the privacy experts sounding the alarm about Temu’s reach.

He says the risk from Temu is not necessarily in having access to a user’s most sensitive data, but to smaller tidbits that build up over time to build a profile of a shopper.

“You’ve got to start saying, buyer beware. You should look to an alternative marketplace,” he tells Global News.

Small pieces of information like purchases or a photo here and there might seem “innocent” to users, D’Ovidio says, “but when you combine multiple data elements, they start uncovering patterns of health, they start uncovering patterns of taste and likes and habits.”

"And that’s really where the concern here is. It’s not just a one-snapshot look at you. It’s a look over time,” he says.

The kinds of information collected via the Temu app is not unique to that marketplace, D’Ovidio says.

[Edit typo.]

Archived version

Abstract

Following change in Twitter’s ownership and subsequent changes to content moderation policies, many in academia looked to move their discourse elsewhere and migration to Mastodon was pursued by some. Our study looks at the dynamics of this migration. Utilizing publicly available user account data, we track the posting activity of academics on Mastodon over a one year period. Our analyses reveal significant challenges sustaining user engagement on Mastodon due to its decentralized structure as well as competition from other platforms such as Bluesky and Threads. The movement lost momentum after an initial surge of enthusiasm as most users did not maintain their activity levels, and those who did faced lower levels of engagement compared to Twitter. Our findings highlight the challenges involved in transitioning professional communities to decentralized platforms, emphasizing the need for focusing on migrating social connections for long-term user engagement.

Oh Spotify, when will you stop trying to push people to the high seas 🏴‍☠️

"...For Nvidia, after this latest run-up took it north of the $3T milestone, the company is being valued at more than $100M for each of its 29,600 employees (per its filing that counted up to the end of Jan 2024).

That’s more than 5x any of its big tech peers, and hundreds of times higher than more labor-intensive companies like Walmart and Amazon. It is worth noting that Nvidia has very likely done some hiring since the end of January — I think the company might be in growth mode — but even if the HR department has been working non-stop, Nvidia will still be a major outlier on this simple measure.

We are running out of ways to describe Nvidia’s recent run... but a nine-figure valuation per employee is a new one."

Archived link

Here is the report (pdf)

"Please Check”. More that 800 organisations, among which many media outlets have been flooded with emails and social media mentions urging them to verify dubious claims undermining Ukraine, France and Germany for the most part. The issue is that these solicitations are part of a massive pro-Russian operation, still ongoing at the time of writing.

The graffitis, videos or screenshots sent to newsrooms are fake and were fabricated for the purpose of diverting journalist’s ressources, or even try to have their narratives amplified by getting fact-checkers to publish debunks. Operation Overload, as we dubbed the action, is detailed in our latest report, led with the support of Reset.Tech and 20+ fact-checking entities, which shared content they had received.

This operation is remarkable for its scale, the elaborate tactics it employs and the quality of the fake content produced. We uncovered and traced coordinated action on Telegram and X to create artificial dissemination of fake content, as well as on a network of websites controlled by the perpetrators. This content amalgamation technique aims at creating a false sense of a wide online presence of fakes. The next step are the coordinated email campaigns, pointing fact-checkers and journalists at the manipulated images or videos through links to social media and the controlled websites.

This investigation was triggered by the publication of AFP and Antibot4Navalny’s coverage of the operation Martryoshka, reporting about a part of this campaign that unfolded on X. Matryoshka ended up to be only the tip of the iceberg. As Amaury L., CTO of CheckFirst, puts it: “Overload is ‘Matryoshka’ on steroids”. Indeed, the numbers are staggering. Our research shows that more than 800 organisations have been targeted by nearly 2400 tweets. 200+ targeted emails were sent to newsrooms across Europe and beyond. The undertaking achieved its goals in its first months, since we found 250+ articles of fact-checks or debunks mentioning the fake assets created for Operation Overload.

Operatives seek to create divisions between societies. Four countries are the main targets: France, Germany, Italy and Ukraine. The perpetrators time their efforts to coincide with major events, such as the Paris Olympics. The tactics employed clearly attempt to overload the global disinformation research and fact-checking community, causing experts to work extra hours to verify and debunk false content that has been created and distributed specifically to target them. As we show in the report, another stated goal is to attempt to use these professionals to amplify the operation’s false claims and reach a wider audience.

“The actors aim to introduce their narratives to European audiences using innovative methods. They target fact-checkers and media organisations, prompting them to publish debunks or news stories about these narratives. They create an alternate reality, claiming, for instance, that photos of fake graffiti are gaining viral traction on X, or featuring “a video published by DW” and appearing on “many websites,” when in truth, all such content is fabricated by the same actor.” - Guillaume Kuster Co-Founder of Check First

The investigation aims to dismantle the fake news environment created by the perpetrators. In this report, we focus on the emails used to target fact-checkers, researchers and newsrooms. We also examine the techniques used to create a false sense of omnipresence of this manipulated content online. The final part of the report analyses the impact of the campaign on the fact-checking community as a whole.

Even though there are already a couple of other threads about this Schweinerei, there wasn't a good place to insert this into the discussion, and for those unfamiliar, this video's a good starting point.

Young voters in key election battlegrounds are being recommended fake AI-generated videos featuring party leaders, misinformation, and clips littered with abusive comments, the BBC has found.

With TikTok emerging as a new social media battleground in this election, the political parties have begun a war of memes on the app in a bid to reach its audience of young voters.

But a BBC project to investigate the content promoted by social media algorithms has found - alongside funny montages - young people on TikTok are being exposed to misleading and divisive content. It is being shared by everyone from students and political activists to comedians and anonymous bot-like accounts.

Videos which have racked up hundreds of thousands of views have promoted unfounded rumours that a major scandal prompted Rishi Sunak to call an early election and the baseless claim that Sir Keir Starmer was responsible for the failure to prosecute serial paedophile Jimmy Savile.

Satirical, fake AI-generated clips show Rishi Sunak declaring, “Please don’t vote us out, we would be proper gutted!” and making unevidenced claims about how the Conservative leader is spending public money - including how he will send his “mates loads of dosh”.

Other AI-generated videos share misleading claims about his national service pledge for 18-year-olds, suggesting young people would be sent to current war zones in Ukraine and Gaza.

Some of these are described as satire or parody in captions, but the comments suggest some users are confused about which claims are factual.

TikTok told the BBC it had increased its investment in countering misinformation for the UK general election, including adding a fact-checking expert to existing resources and employing AI-labelling technology.

The videos were spotted as part of the BBC's Undercover Voters project, which has created profiles for 24 fictional people on all the major social media sites, based on data and analysis by the National Centre for Social Research (Natcen).

The fictional profiles represent a range of voters in battleground constituencies across the UK, giving an insight into what content is promoted to different types of people. The profiles are private, with no friends. They just like, follow and watch content relevant to their character traits informed by the Natcen research.

I examined the feeds of the profiles of three of these fictional voters in the former “red wall” constituency of Bishop Auckland, a target for Labour which is currently held by the Conservatives - and where our Undercover Voters are younger.

Their social media feeds revealed that, while other sites have also experienced a flurry of political content, TikTok had the most lively conversation, particularly among younger voters.

TikTok has boomed since the last election. According to media regulator Ofcom, it was the fastest-growing source of news in the UK for the second year in a row in 2023 - used by 10% of adults in this way. One in 10 teenagers say it is their most important news source.

TikTok is engaging a new generation in the democratic process. Whether you use the social media app or not, what is unfolding on its site could shape narratives about the election and its candidates - including in ways that may be unfounded.

Content promoted to Undercover Voter character Jack, a disaffected 31-year-old, include TikToks misrepresenting remarks made by Labour politicians in speech bubbles. These include comments about immigration, transgender rights, Brexit - and false claims that the shadow international development secretary called to “abolish the Army”.

Several other videos repeated the unfounded allegations about Sir Keir and Jimmy Savile.

Other videos Jack was served on his feed included clips with threats in the comments about “euthanizing” Rishi Sunak and racist remarks about him.

Messages such as “vote Reform UK” were shared repeatedly in the comments of many videos, much more than those I saw in support of any other party. TikTok users have begun to notice the comments, with many calling the posters “Reform bots”, suggesting they could be fake, automated accounts.

I contacted some of the commenters who had photos and names on their profiles, and they told me they were real people based in the UK with no official affiliation to Reform UK and with no encouragement or instruction from the party. But others were anonymous with no profile image and numerical usernames - common hallmarks of fake accounts - and they did not respond to my messages.

Whether they are real people or not, their comments can create the impression that their preferred party has greater support.

Another Undercover Voter character based in Bishop Auckland, 25-year-old Chloe, was created to have no prior interest in politics. But about one in 10 posts on her TikTok feed was a political meme or funny video, including official content coming from the Labour Party, Conservatives, Liberal Democrats and Reform UK.

These include Rishi Sunak’s first TikTok on the Conservatives’ new account about national service, clarifying that he is not forcing all 18-year-olds to join the army.

They also include a video of Cilla Black singing Surprise Surprise from the official Labour profile - with a caption saying “POV: Rishi Sunak turning up on your 18th birthday to send you to war”.

A third Undercover Voter named Louise - in her 50s and politically undecided - was pushed more TikToks targeting political leaders with abusive comments, as well as satirical montages and parody videos about policy announcements such as national service.

I tracked down some of the people behind the videos and posts shown to our Undercover Voters.

One 16-year-old from the south of England, who made a satirical edit of that first Rishi Sunak TikTok about national service, said she was surprised how quickly her content took off.

“I didn’t specifically create this account for the election and the reason I made the TikTok initially was just for a joke - I didn’t expect to get over 400k bloody views,” she said, adding that she is not affiliated with any party and has not received any money for creating the TikTok.

“Social media really is the only platform for young people to have a voice nowadays in my opinion.”

She said she knows satirical content can be “controversial” and she understands how her video “could mislead people” but would hope people could tell it was supposed to be a bit of fun.

Alongside the video, some users had posted threatening comments towards Mr Sunak, but the 16-year-old said she did not think anyone would actually want to harm a politician.

Dozens of other users I messaged who are creating this content are also in their late teens or early 20s, and want to get involved in creating political videos to engage other people their age in the election.

They all tell me that while they may support a political party, they have not been paid for their posts and are not officially affiliated with any of the campaigns.

One politics student tells me they “don’t worry about misleading people because the parties mislead others with their opinions about other parties”.

Another person based in Coventry, who shares his videos about Reform UK, tells me he hopes to “boost their popularity in an unofficial way” and says he set up his account back in February. He say he is a member of the party and has not received any money for making his TikToks.

He is concerned that satirical content - including his own - might unintentionally mislead people on TikTok. His account was restricted by TikTok for posting spam.

A spokesperson for TikTok told the BBC that it had increased its investment “in efforts to ensure reliable information can be found on TikTok”, launching a “UK Election Centre with a fact-checking expert” and adopting an “industry-leading AI labelling technology”.

It also said it was introducing “more policies to aggressively counter foreign election interference” and that it removed 97% of videos with misinformation about elections and civic issues before anyone had viewed them.

Last Christmas Eve, NewsBreak, a free app with roots in China that is the most downloaded news app in the United States, published an alarming piece about a small town shooting. It was headlined "Christmas Day Tragedy Strikes Bridgeton, New Jersey Amid Rising Gun Violence in Small Towns."

The problem was, no such shooting took place. The Bridgeton, New Jersey police department posted a statement on Facebook on December 27 dismissing the article - produced using AI technology - as "entirely false".

"Nothing even similar to this story occurred on or around Christmas, or even in recent memory for the area they described," the post said. "It seems this 'news' outlet's AI writes fiction they have no problem publishing to readers."

NewsBreak, which is headquartered in Mountain View, California and has offices in Beijing and Shanghai, told Reuters it removed the article on December 28, four days after publication.

The company said "the inaccurate information originated from the content source," and provided a link to the website, adding: "When NewsBreak identifies any inaccurate content or any violation of our community standards, we take prompt action to remove that content."

The operators of the website, findplace.xyz, did not respond to a request from Reuters for comment. The police declined to provide further comment.

As local news outlets across America have shuttered in recent years, NewsBreak has filled the void.

Billing itself as "the go-to source for all things local," Newsbreak says it has over 50 million monthly users. It publishes licensed content from major media outlets, including Reuters, Fox, AP and CNN as well as some information obtained by scraping the internet for local news or press releases which it rewrites with the help of AI. It is only available in the U.S.

But in at least 40 instances since 2021, the app's use of AI tools affected the communities it strives to serve, with Newsbreak publishing erroneous stories; creating 10 stories from local news sites under fictitious bylines; and lifting content from its competitors, according to a Reuters review of previously unreported court documents related to copyright infringement, cease-and-desist emails and a 2022 company memo registering concerns about "AI-generated stories."

Reuters spoke to seven former NewsBreak employees, including five who said most of the engineering work behind the app's algorithm is carried out in its China-based offices. The former employees requested anonymity, citing confidentiality agreements with NewsBreak.

Two local community programmes assisting disadvantaged people told Reuters they were impacted by erroneous stories produced by NewsBreak's AI.

On three occasions in January, February and March, Food to Power, a Colorado-based food bank, said it had to turn people away because NewsBreak stated incorrect times of food distributions. The charity complained to NewsBreak in a January 30 email to NewsBreak's general customer support email address, which Reuters has reviewed. The charity said it received no response.

Harvest912, a charity in Erie, Pennsylvania, emailed NewsBreak about two inaccurate, AI-based news stories which said it was holding a 24-hour foot-care clinic for homeless people, asking the outlet to "cease and desist" erroneous coverage.

"You are doing HARM by publishing this misinformation - homeless people will walk to these venues to attend a clinic that is not happening," Harvest912 told NewsBreak, in a January 12 email seen by Reuters.

In response to Reuters' questions, NewsBreak said it removed all five articles about the charities after learning they were erroneous and that the articles were based on incorrect information on some of the charities' web pages.

Without providing a reason to Reuters, NewsBreak added a disclaimer to its homepage in early March, warning that its content "may not always be error-free". Newsbreak generates revenue by showing ads to its users, who are predominantly female, above the age of 45, without college degrees, and live in suburban or rural parts of the U.S., according to the seven former employees and a 2021 company presentation reviewed by Reuters.

The company launched in the U.S. in 2015 as a subsidiary of Yidian, a Chinese news aggregation app. Both companies were founded by Jeff Zheng, the CEO of Newsbreak, and the companies share a U.S. patent registered in 2015 for an "Interest Engine" algorithm, which recommends news content based on a user's interests and location.

NewsBreak told Reuters that the patent was assigned by Zheng to both companies because "some of the concepts were developed from Jeff's time at Yidian" and that NewsBreak is "U.S.-based" and "U.S.-invested". The shared patent has "absolutely no bearing on the company and its operations", NewsBreak said in written responses to Reuters, describing the technology referenced in the patent as "outdated".

Company memo

A May 2022 company memo from a NewsBreak consultant to Zheng, reviewed by Reuters, raised concerns about NewsBreak's use of AI tools to re-publish stories from local news sites under five fictitious bylines.

"I cannot think of a faster way to destroy the NewsBreak brand," Norm Pearlstine, former Executive Editor at the Wall Street Journal and the Los Angeles Times who was working at the time as a consultant to NewsBreak, wrote in the memo to Zheng.

In an interview after NewsBreak gave him permission to speak with Reuters, Pearlstine said he learned of the practice from a NewsBreak colleague.

"I question the legality of creating fake accounts using content publishers put behind their paywalls. If I had learned about the practice while at the LA Times, I would have instructed our lawyer to seek a restraining order and sue for damages," wrote Pearlstine, whose six-month consulting role at NewsBreak in 2022 consisted of advising the company about U.S. editorial businesses.

Pearlstine, who confirmed the memo was authentic, attributed the lapse to a lack of journalistic experience. "A fair number of people on the staff were either new to journalism or new to the U.S. market. That was part of the reason I felt I had to be very direct and very explicit in explaining why I thought this was important," he told Reuters.

NewsBreak said the news stories referenced in Pearlstine's memo were a "limited experiment in three U.S. counties" to aggregate third-party content, and that the effort was disbanded after producing ten articles. The company denied going behind paywalls and said it used "snippets" of articles that were publicly visible to produce complete news stories using OpenAI.

NewsBreak also pointed Reuters towards Zheng's emailed response to Pearlstine, saying he recognized the problem and asked his team to fix it.

OpenAI told Reuters its policies prohibited using its technology to mislead people. In 2022, Patch Media, which operates digital local news feeds in every U.S. state, reached a $1.75 million settlement in a lawsuit against NewsBreak for copyright infringement, according to court documents reviewed by Reuters, which alleged that NewsBreak republished Patch's news stories without permission or credit. Patch did not respond to a request for comment. NewsBreak said the settlement was not an admission of wrongdoing.

Emmerich Newspapers, which operates newspapers in Mississippi, Arkansas and Louisiana, reached a 2021 settlement with NewsBreak in a lawsuit alleging copyright infringement related to NewsBreak's use of Emmerich's content without permission. NewsBreak said the settlement was "amicable."

Another copyright lawsuit is ongoing. The two parties are "embroiled in additional lawsuits which we are vigorously defending against," NewsBreak said.

Wyatt Emmerich, the company's president, said the lawsuit against NewsBreak involved "verbatim copying of content". He added: "What worries me in the future is that news aggregators could use artificial intelligence to slightly rewrite our stories which would make proving copyright infringement much more difficult. I have witnessed instances of this happening already on news aggregation sites."

China roots

NewsBreak is a privately held start-up, whose primary backers are private equity firms San Francisco-based Francisco Partners, and Beijing-based IDG Capital, NewsBreak told Reuters.

NewsBreak presents itself as U.S.-based and U.S. invested, but was initially created as the subsidiary of a popular Chinese news aggregation app which was part-owned by a Chinese state-linked media entity.

Francisco Partners declined to answer questions about its investment in NewsBreak. IDG did not respond to repeated emailed requests for comment.

In February, IDG Capital was added to a list of dozens of Chinese companies the Pentagon said were allegedly working with Beijing's military. IDG Capital told Bloomberg in February that it has no association with the Chinese military and does not belong on that list. NewsBreak did not comment on the finding.

Yidian, the Chinese aggregation company, divested from NewsBreak in 2019 because "its management team at the time did not understand the U.S. market", Zheng said. Until then, Li Ya, the president of Phoenix New Media, a Chinese state-linked media firm which held a 46.9% stake in Yidian, had been a director at NewsBreak, according to corporate records.

Yidian continued to describe NewsBreak as its U.S. version on its website until 2021, according toThe Wire China.

Yidian in 2017 received praise from ruling Communist Party officials for its efficiency in disseminating government propaganda. Reuters found no evidence that NewsBreak censored or produced news that was favourable to the Chinese government.

A NewsBreak spokesperson said there was no ongoing commercial relationship with Yidian. Yidian, Phoenix New Media and Li Ya did not respond to requests from Reuters for comment.

About half of NewsBreak's 200 employees are China-based where they are engaged in R&D, the company said.

A 2022 company roster reviewed by Reuters showed that 100 of NewsBreak's 137 engineers at the time were based in China.

Five of the former NewsBreak employees said CEO Zheng divides his time between China and the United States.

Zheng, who was born in China, is a permanent resident of the United States and his family relocated to the U.S. early last year, the company said.

Reuters found five job advertisements NewsBreak posted on Chinese job sites seeking data analysts or engineers for its Beijing and Shanghai-based offices capable of "in-depth mining" of "massive user behaviour data" from the app's U.S. users.

A Republican aide to the U.S. House of Representatives Foreign Affairs Committee told Reuters the use of Chinese-based engineers by Newsbreak raised possible concerns that American user data can be accessed in China. The aide declined to be identified because they were not authorised to speak to the media.

In a recent high-profile case, U.S. officials warned that TikTok, whose parent company is the Chinese firm ByteDance, could be compelled by the Chinese government to use its algorithm to control what kind of news is viewed by Americans and hand over their data.

TikTok, the most downloaded short video app globally, with 170 million U.S. users, now faces a forced sale or a U.S. ban.

In response to Reuters questions, TikTok said it was planning to offer third parties more access to examine its code and verify the app functions as intended. Zheng told Reuters that NewsBreak complies with U.S. data and privacy laws and is maintained on U.S.-based Amazon (AWS) servers. "Staff in China only access anonymous data stored on AWS servers in the U.S.," he said. Amazon declined to comment.

NewsBreak also said that as a U.S.-based business it was not subjected to Chinese data laws.

Pearlstine, the former NewsBreak consultant, said NewsBreak's ability to demonstrate it is a U.S. company was critical.

"The long term health of NewsBreak was dependent on its being perceived as a California company and that the more the leadership was in Mountain View, the better it would be for the company," he said.

New accessibility feature coming to Firefox, an "AI powered" alt-text generator.

"Starting in Firefox 130, we will automatically generate an alt text and let the user validate it. So every time an image is added, we get an array of pixels we pass to the ML engine and a few seconds after, we get a string corresponding to a description of this image (see the code).

...

Our alt text generator is far from perfect, but we want to take an iterative approach and improve it in the open.

...

We are currently working on improving the image-to-text datasets and model with what we’ve described in this blog post..."

Archived link

Here is the report (pdf)

(archived report)

- An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace.

- The name of the government organization was not disclosed, but the company said the country is known to have repeated conflict with China over territory in the South China Sea, raising the possibility that it may be the Philippines.

- China's cyber threat activity outpaces other nation-state cyber threats in volume, sophistication and the breadth of targeting, accordi.g to experts, calling out their use of compromised small office and home office (SOHO) routers and living-off-the-land techniques to conduct cyber threat activity and avoid detection.--

"The overall goal behind the campaign was to maintain access to the target network for cyberespionage in support of Chinese state interests," Sophos researchers Paul Jaramillo, Morgan Demboski, Sean Gallagher, and Mark Parsons said in a report shared with The Hacker News.

"This includes accessing critical IT systems, performing reconnaissance of specific users, collecting sensitive military and technical information, and deploying various malware implants for command-and-control (C2) communications."

The name of the government organization was not disclosed, but the company said the country is known to have repeated conflict with China over territory in the South China Sea, raising the possibility that it may be the Philippines, which has been targeted by Chinese state-sponsored groups like Mustang Panda in the past.

Crimson Palace comprises three intrusion clusters, some of which share the same tactics, although there is evidence of older activity dating back to March 2022 -

• Cluster Alpha (March 2023 - August 2023), which exhibits some degree of similarity with actors tracked as BackdoorDiplomacy, REF5961, Worok, and TA428
• Cluster Bravo (March 2023), which has commonalities with Unfading Sea Haze, and
• Cluster Charlie (March 2023 - April 2024), which has overlaps with Earth Longzhi, a subgroup within APT41

Sophos assessed that these overlapping activity clusters were likely part of a coordinated campaign orchestrated under the direction of a single organization.

The attack is notable for the use of undocumented malware like PocoProxy as well as an updated version of EAGERBEE, alongside other known malware families like NUPAKAGE, PowHeartBeat, RUDEBIRD, DOWNTOWN (PhantomNet), and EtherealGh0st (aka CCoreDoor).

Other hallmarks of the campaign include the extensive use of DLL side-loading and unusual tactics to stay under the radar.

"The threat actors leveraged many novel evasion techniques, such as overwriting DLL in memory to unhook the Sophos AV agent process from the kernel, abusing AV software for sideloading, and using various techniques to test the most efficient and evasive methods of executing their payloads," the researchers said.

Further investigation has revealed that Cluster Alpha focused towards mapping server subnets, enumerating administrator accounts, and conducting reconnaissance on Active Directory infrastructure, with Cluster Bravo prioritizing the use of valid accounts for lateral movement and dropping EtherealGh0st.

Activity associated with Cluster Charlie, which took place for the longest period, entailed the use of PocoProxy to establish persistence on compromised systems and the deployment of HUI Loader, a custom loader used by several China-nexus actors, to deliver Cobalt Strike.

"The observed clusters reflect the operations of two or more distinct actors working in tandem with shared objectives," the researchers noted. "The observed clusters reflect the work of a single group with a large array of tools, diverse infrastructure, and multiple operators."

The disclosure comes as cybersecurity firm Yoroi detailed attacks orchestrated by the APT41 actor (aka Brass Typhoon, HOODOO, and Winnti) targeting organizations in Italy with a variant of the PlugX (aka Destroy RAT and Korplug) malware known as KEYPLUG.

"Written in C++ and active since at least June 2021, KEYPLUG has variants for both Windows and Linux platforms," Yoroi said. "It supports multiple network protocols for command and control (C2) traffic, including HTTP, TCP, KCP over UDP, and WSS, making it a potent tool in APT41's cyber-attack arsenal."

It also follows an advisory from the Canadian Centre for Cyber Security warning of increasing attacks from Chinese state-backed hacking aimed at infiltrating government, critical infrastructure, and research and development sectors.

"[People's Republic of China] cyber threat activity outpaces other nation-state cyber threats in volume, sophistication and the breadth of targeting," the agency said, calling out their use of compromised small office and home office (SOHO) routers and living-off-the-land techniques to conduct cyber threat activity and avoid detection.

Archived link

France, Germany, Poland facing ‘permanent’ Russian disinformation attacks, warns EU

https://www.euractiv.com/section/elections/news/france-germany-poland-facing-permanent-russian-disinformation-attacks-eu

France, Germany and Poland have become “permanent” targets for Russian disinformation attacks in the run-up to European Parliament elections this week, a senior EU official said Tuesday (4 June).

The European Union has repeatedly warned heading towards the 6-9 June vote that Russia would ramp up disinformation campaigns in the 27-country bloc.

“There are three big countries under permanent attack (from Russia). And it’s France, it’s Germany, and it’s Poland,” said EU commissioner Věra Jourová, pointing to work by the European Digital Media Observatory, of which AFP is part.

There are “more massive disinformation attacks on specific topics”, said Jourová, the commissioner for values and transparency. For example, in France they are focused on this summer’s Olympic Games in Paris.

In Germany, she said, they exploit concerns over migration and security, while in Poland, a narrative has appeared online that Ukrainian refugees are a “burden”.

She pointed to a false story on the Polish state news agency last week stating that Poles would be mobilised to fight in Ukraine, which authorities said was likely a Russian cyberattack.

"Russian propaganda is done with… very good knowledge of which country has some sensitivities, which country can absorb better the narratives,” Jourová said.

The propaganda was also spread through the Telegram messaging app in countries such as Slovakia, Bulgaria and the Baltic states, she said.

Telegram does not have to comply with the strictest rules for “very large” platforms with at least 45 million monthly active users under the EU’s landmark content moderation law, known as the Digital Services Act (DSA).

“Telegram is not under our competence yet, but we are now counting the users of Telegram because they announced to us that (they) have 42 million users,” she said.

‘Maximum vigilance’

Jourová was speaking to journalists in Brussels after a visit to the United States to meet with executives of the world’s biggest tech companies, including X and YouTube.

She said she urged “maximum vigilance in these last days”, warning the risk remained.

She said she also reminded the companies of their stringent obligations under the DSA.

Jourová’s comments come a day after similar findings by Microsoft in a new report.

The US tech giant’s Threat Analysis Center said Russia was waging an intense disinformation campaign aimed at tarnishing the reputation of the International Olympic Committee and stoking fears of violence at the Games.

Microsoft President Brad Smith, who was in Brussels to meet EU officials including Jourová, echoed her concerns about Russian influence operations.

“The number one abusive AI case that people are worried about is the risk of deepfakes influencing elections, especially deepfakes that come from foreign governments,” Smith said,

“And we’ve definitely seen the Russian government investing in that capability.”

A recent cyberattack on Palau, a small island nation with close ties to the United States, underscores the growing vulnerability of island nations and the potential for China to use cyber intrusions for political purposes.

The March attack exposed sensitive government documents, including details of U.S. military installations in Palau. While a ransomware group, DragonForce, claimed responsibility, Palau officials suspect China’s involvement, a claim China denies.

Island Nations Face Growing Cyber Threats

This incident highlights the increasing risk of cyberattacks faced by Pacific island nations. Their limited resources and cybersecurity infrastructure make them attractive targets. The leaked documents could be used for future attacks or to embarrass Palau’s diplomatic partners.

Minister of Finance reported last Thursday that Palau’s Automated System for Customs Data (ASYCUDA) was also attacked. “Fortunately, they found the attacks before anything was damaged,” said Min. Udui emphasizing the important of cybersecurity.

China’s Potential Role in Cyber Warfare

While there’s no concrete evidence linking China to the attack, the timing and targets raise suspicions. Palau’s close ties with Taiwan, which China claims as its territory, could be a motive. The use of a ransomware group, though unusual for state actors, might be an attempt to deflect blame.

Cybersecurity Concerns for U.S. Allies

The attack exposes the vulnerability of U.S. allies in the Indo-Pacific region. The stolen information could be used to target U.S. military installations or other strategic assets. This incident highlights the need for stronger cybersecurity measures throughout the region.

Palau Accuses China of Interference

Palau’s president alleges China’s pre-election interference, pressuring them to sever ties with Taiwan. This accusation, though unsupported by the attack itself, suggests broader tensions.

Need for International Cooperation

The Palau attack underscores the urgent need for international cooperation on cybersecurity. Pacific island nations require assistance in building robust cyber defenses. Additionally, clear communication and information sharing are crucial to counter cyber threats and hold perpetrators accountable.

This incident serves as a wake-up call for the Pacific region. Strengthening cybersecurity and fostering international cooperation are essential to ensure the stability and security of the Indo-Pacific.