Cyber Week in Review: August 22, 2024

Pakistan experiences major internet disruptions

Internet users in Pakistan have seen significant slowdowns in their internet connectivity over the past week, with internet speeds declining to half their usual amount at times. More than 110 million people in Pakistan use the internet daily, with many depending on it for their livelihoods; the Pakistan Software Houses Association (P@SHA), a trade association for Pakistan’s IT industry, said that the slowdown, which began earlier this week, has likely cost Pakistan’s economy more than $300 million in estimated growth. In the same statement, P@SHA accused Pakistan’s government of throttling the internet speeds by hastily implementing an internet firewall across the country. Usama Khilji, director of the Pakistan-based advocacy group Bolo Bhi, said that the government’s new firewall would allow it to monitor and block components of different mobile apps, including voice notes, videos, and photos. The government stated that the slow speeds were the result of a faulty submarine internet cable and that a firewall was not responsible for the slowdown. In June, several outlets reported that Pakistan’s government was in the process of installing a firewall to more closely monitor and control content on social media. The Pakistani government had previously throttled access to several social media platforms, including X/Twitter, around the country’s February elections, which saw widespread use of the platforms by the political opposition.

U.S. telecommunications company hit with $1 million fine over fake Biden robocall

Lingo Telecom agreed to pay $1 million to settle an enforcement action brought by the Federal Communications Commission (FCC). Lingo had relayed deepfake audio of President Biden to New Hampshire voters in January, urging them to skip the state’s Democratic primary vote. The deepfakes were created by political consultant Steve Kramer, and the FCC has sought to fine Kramer $6 million for his role in the scheme. Under the settlement, Lingo will also be required to adhere to stricter caller ID authentication rules and better verify the information it receives from customers and upstream providers. The FCC adopted stronger rules on deepfake robocalls in February, one month after the New Hampshire robocalls; the rules allow state attorneys general to prosecute and sue individuals who run robocall scams if they use AI to generate the voices in their calls, regardless of the potential scam they may be running.

TSMC breaks ground on first European microchip factory

Taiwan Semiconductor Manufacturing Company (TSMC) broke ground on its first microchip fabrication factory in Europe on Tuesday. The fab, which is in Dresden, Germany, will cost more than $11.1 billion to build and is closely tied to the German automotive industry; German auto parts manufacturer Bosch and automotive semiconductor company Infineon Technologies are both co-investors in the facility, along with Netherlands-based NXP Semiconductors. The German plant will manufacture chips between twelve and twenty eight nanometers with a focus on automotive and industrial applications. TSMC is uniquely capable of developing and manufacturing advanced semiconductors—the company is currently the only manufacturing facility capable of creating three nanometer chips. More than 90 percent of TSMC’s most advanced processes, including the production of three nanometer chips, are concentrated in Taiwan, although the company has attempted to expand production to other countries, including the United States.

U.S. investigating Americans who worked with Russian state-run TV networks

The U.S. Department of Justice is conducting an investigation into several Americans who have worked with Russia’s state-run television networks. As part of the investigation, FBI agents searched the homes of Scott Ritter and Dimitri Simes, both of whom have appeared frequently on Russian television. The investigation has largely focused on whether Ritter, Simes, and other Americans violated U.S. economic sanctions against Russia by working with the networks, and whether both violated the Foreign Agents Registration Act (FARA) by failing to register as lobbyists for a foreign government. The U.S. government said that the investigation was not targeted at individuals who watch Russian state-run media or post it online, but instead is focused on those who willingly participate in Russian information operations. Simes had previously worked for President Trump’s campaign in 2016, introducing Trump to Moscow’s then-ambassador to Washington; Simes also passed incriminating information on President Clinton to Jared Kushner, Trump’s son-in-law, which was likely sourced from the Russian government. Both Ritter and Simes denied the charges, with Simes saying that the investigation was an attempt to intimidate “anyone who goes against official policies and particularly against the deep state.”

Security researcher finds hardware backdoors in Chinese-made RFID key cards

Philippe Teuwen, a researcher at Quarkslab, published a paper that identified at least two hardware backdoors built into key card chips manufactured by the Chinese company Shanghai Fudan Microelectronics. The chips in which the vulnerability was found have been manufactured in some form since 1994 and are often used to create key cards and access badges for hotels, factories, banks, government facilities, and other buildings. Teuwen found universal backdoors in two editions of cards manufactured by Fudan; the backdoors would allow anyone who knew a specific master key code to clone existing cards and bypass any security controls in buildings that use Shanghai Fudan’s cards. The vulnerability may extend further, as Shanghai Fudan card models were licensed by a number of manufacturers, including European manufacturers Infineon and NXP, suggesting that their cards were also hard-coded with the vulnerability. The type of cards manufactured by Shanghai Fudan have widely been considered insecure for years, with security researchers finding many approaches to breaking their encryption. The presence of an intentional backdoor built into their hardware is likely to raise new security concerns around physical security.