Comment on this story Comment Gift Article Share

Welcome to The Cybersecurity 202! As you read this, I will likely be reuniting with my wonderfully sweet kitty, Dr. Julius “Jules” Jonas Jonah Jameson. Red-eye flights. Ugh. Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp analysis in your inbox each morning. Wp Get the full experience. Choose your plan ArrowRight Below: A Ukrainian cyber official has doubts about Russian hacktivism, and hackers are finding ways around endpoint detection tools. First:

A U.N. panel is working on a cybercrime treaty. Here’s what it could look like.

SAN FRANCISCO — A U.N. panel recently completed the latest round of negotiations over a new cybercrime treaty. That process is now rapidly hurtling toward its end.

The thorny debate over the treaty has been marked by Russia pushing for a treaty that expands the definition of cybercrime in a way that worries the United States, human rights activists and civil liberties groups. The United States and its allies had been comfortable with a preexisting cybercrime treaty known as the Budapest Convention but have nonetheless engaged in the discussions.

Advertisement

Despite those very different aims, “we’re still optimistic we can reach consensus,” Jane J. Lee, a federal prosecutor who is a member of the U.S. delegation to the committee navigating the new treaty, said Thursday at the RSA Conference.

“Our objective in that process is a focused criminal justice instrument which is aimed at improving the investigation and prosecution of cybercrime,” she said. “We want that to be firmly grounded in human rights, fundamental freedoms and rule of law.”

Member states convened in Vienna from April 11 to April 21 under a road map the United Nations set forth back in 2019. U.S. delegates attended.

But deadlines are already creeping up on the negotiators. Until now, Lee said, negotiators had been sharing ideas and proposals, but a draft of the treaty text is due by around June 20. A finalized draft is due at the beginning of 2024.

How we got here and what’s at stake

In all, 68 countries are parties to the 2001 Budapest Convention, which sought to harmonize cybercrime laws and expand international cooperation. Russia objected to that treaty, however, contending that its authorization of cross-border operations violated Russia’s sovereignty.

Advertisement

So in 2017, Russia began pushing for a new treaty. It joined with Belarus, Cambodia, China, Iran, Myanmar, Nicaragua, Syria and Venezuela in 2019 to advance a resolution. The U.N. General Assembly approved it by a vote of 79-60 with 33 abstentions. (That didn’t amount to a majority of the United Nations’ 193 members, and the United States voted against the resolution.)

The Budapest Convention includes nine criminal offenses. What’s come out of the new process so far lists 34 offenses. Notably, the human rights group Article 19 observed, half a dozen of them are about their content, rather than being cyber-dependent — raising free speech concerns.

Furthermore, the 34 offenses include ones “that have not been previously implemented at an international level, and would create conflicts with international human rights obligations even without the use of a computer/digital technology,” Article 19 wrote. Those offenses “do not leave room for other mechanisms for redress such as civil or nonlegal remedies.”

Advertisement

One worry is whether a new pact might criminalize security research, an ambiguity even in U.S. law, Charley Snyder, head of security policy at Google, said at the conference.

The proposals to date “run the gamut from quite reasonable based on existing instruments to quite absurd,” John Hering, a senior government affairs manager for digital diplomacy at Microsoft, said at the same event.

“This is a process that’s been kicked off by countries that seem to be a bit revisionist, and I think there were some concerns that it could cater to authoritarian and undemocratic interests when it comes to policing our digital environment,” he said.

The Justice Department’s Lee said that “for the types of crimes that we’re talking about where there might be authoritarian regimes working to see greater control over information and speech, that’s something that the United States is carefully watching.”

Tech companies are invested in the outcome of the treaty negotiations because it might affect how they respond to government requests for information during cybercrime investigations, Snyder said.

Advertisement

Those companies need to be able to quickly evaluate requests without needing “to deeply investigate them to make sure they aren’t in furtherance of human rights abuses and things like that.” he said. Although it could backfire. “It’s actually going to have a perverse consequence,” he said. “It’s going to make these requests take longer.”

The United States is also arguing that any new treaty should not undermine existing agreements. If all goes well, the new treaty could lead to improvements. “We hope the U.N. treaty may enable cooperation for certain countries that don’t have other means of cooperation to combat cybercrime,” Lee said.

Where it’s going

It’s vital that nations arrive at consensus, Lee said.

“We hope that member states will work in good faith toward a consensus-based instrument,” she said. “Consensus is really what we believe will make this a helpful and productive instrument.”

If no consensus is reached on a treaty before it’s put before the U.N. General Assembly for consideration and adoption, there is a voting process. “We don’t think it’s in anyone’s interest to go to votes, because an international instrument is only as effective as how much participation you have,” she said.

“We’re working with a broad group of member countries toward our shared objective for this treaty,” Lee said. “Once we start negotiating texts, that will be a pivotal moment.”

Even if an unfavorable treaty emerges from the process, it will only govern the countries that sign it. “Even in a worst-case scenario, maybe it just doesn’t get a lot of traction,” Hering said.

The keys

Pro-Russian hacktivists are all backed by Russian government, Ukraine cyber official says

Most pro-Russian hacktivist groups serve as fronts for Russian government hacking operations, according to a senior Ukrainian cybersecurity official, AJ Vicens reports for CyberScoop.

Advertisement

“More than 90% of all cyberattacks targeting Ukraine are either conducted by special services or by state sponsored groups,” Illia Vitiuk, who leads the Security Service of Ukraine’s cyber information security department, said at the RSA Conference.

Many of these groups either serve as fronts for the Kremlin, or they are coerced to carry out Russia’s hacking demands.

Vitiuk pointed to Moscow’s reported crackdown of cybercriminals in the wake of Russia’s invasion of Ukraine, calling it a ploy.

“This was an attempt to intimidate them and others to show that you need to work for us,” he said. “And now you need to work against Ukraine.”

Most of those groups have carried out distributed denial-of-service (DDoS) attacks against Ukraine, though Ukrainian officials have downplayed their effect. “Most of the activists conduct DDoS and say, ‘Oh, we attacked Ukraine,’ and we don’t even feel it,” Vitiuk said.

Second firm hired by Trump campaign found no claims of election fraud

The head of a second firm hired by the Trump campaign found that allegations and theories of voter fraud by former president Donald Trump were “all false,” our colleague Josh Dawsey reports.

Advertisement

“No substantive voter fraud was uncovered in my investigations looking for it, nor was I able to confirm any of the outside claims of voter fraud that I was asked to look at,” Ken Block told The Post. “Every fraud claim I was asked to investigate was false.”

The Trump 2020 campaign paid Block’s firm, Simpatico Software Systems, more than $750,000 in six payments, the first of which came three days after the election. The payment records were labeled “Recount” according to federal records, Josh writes.

Block got a subpoena from special counsel Jack Smith and met with federal prosecutors in Washington, though he declined to discuss the interactions, according to the report.

Another Trump-paid firm, Berkeley Research Group, wrote a report that also undermined many of Trump’s claims, The Post previously reported

A Berkeley Research Group lawyer and a spokesman for the special counsel both declined to comment. A Trump spokesman didn’t directly respond to questions about Block, Berkeley Research Group or the special counsel’s actions.

“This is nothing more than a targeted, politically motivated witch hunt against President Trump concocted to try and prevent the American people from returning him to the White House,” spokesman Steven Cheung said. “Just like all the other fake hoaxes thrown at President Trump, this corrupt effort will also fail.”

Hackers finding new ways to navigate around advanced endpoint detection and response tools

Hackers are becoming increasingly better at getting around endpoint detection and response (EDR) tools supplied by major tech and cybersecurity companies like CrowdStrike and Microsoft, Jordan Robertson reports for Bloomberg News.

Advertisement

Sources told Bloomberg News that hackers have started developing workarounds for the tools, which provide early-warning signs of potential cyberattacks by monitoring system processes for suspicious activity.

“Hacking security protection tools is nothing new,” said cybersecurity entrepreneur Mark Curphey, who added “the prize, if successful, is access to all of the systems using them, by definition systems worth protecting.”

Robertson writes that “Investigators from multiple cybersecurity firms said the number of attacks where EDR is disabled or bypassed is small but growing, and that hackers are getting more resourceful in finding ways to circumvent the stronger protections it provide.,”

The report shows how implementing robust cyber protections is still no easy feat as ransomware attacks proliferate.

Government scan

Hill happenings

National security watch

Global cyberspace

Cyber insecurity

Encryption wars

Secure log off

It’s take your kid to work day at the White House, where the @PressSec wonders whether she can guess who each kid’s parents are pic.twitter.com/7OstsckaE9 — Christopher Cadelago (@ccadelago) April 27, 2023

Thanks for reading. See you next week.

GiftOutline Gift Article