Cyber Review - September 2024

National

Star Health sues Telegram after a hacker used app’s chatbot to leak data

Bharat’s insurance company— Star Health has sued Telegram application and an unknown hacker who was using chatbots on the messaging app to leak personal consumer data, including medical reports of policy holders. The Star Health has received a temporary injunction from a court Telegram and the hacker to block any chatbots or websites in Bharat that make available the data online, according to a copy of the order. Star has also sued the U.S.-listed software firm Cloudflare Inc. in the lawsuit, saying the leaked data on websites were hosted using its services.^[1]

Bharti Airtel network launched AI-enabled solution to combat Spam calls and SMS

In a statement, Bharti Airtel network informed that an AI-enabled solution to tackle spam calls and SMS will auto-activate for all Airtel customers without them raising service request or downloading an app. The solution will work on smartphones, and only VoLTE^[2] (Voice over Long-Term Evolution) calls. This takes place in the context of the Telecom Regulatory Authority of India (TRAI’s) strict instructions to telecom providers to reduce the increasing problems associated with unsolicited commercial communications, which have resulted in a dissatisfied consumer base and an increase in complaints.

“Designed as a dual-layer protection, the solution has two filters – one at the network layer and the second at the IT systems layer. Every call and SMS pass through this dual-layered AI shield. In 2 milliseconds our solution processes 1.5 billion messages and 2.5 billion calls every day. This is equivalent to processing 1 trillion records on a real time basis using the power of AI. Our solution has been able to successfully identify 100 million potential spam calls and 3 million spam SMSes originating every day. For us, keeping our customers secure is a burning priority,” said Gopal Vittal, MD and CEO, Bharti Airtel.^[3]

NSCS took charge of cyber security oversight in Bharat

On 27 September, as per notification released, government has assigned the National Security Council Secretariat (NSCS) as the nodal agency for dealing with the growing challenges of cyber security in Bharat. Prime Minister (PM)-led NSCS has been mandated “to provide overall coordination and strategic direction for cyber security” in addition to assisting the National Security Adviser (NSA). Until now, the job was the concern of the Cabinet Secretariat. As per the notification, the Home Ministry will handle cybercrime, the IT department will handle telecom network security, and the Telecom ministry will handle telecom network security. This allocation will result in more coordinated strategies and increased clarity when handling various elements of cyber security.^[4]

Lenovo Group Ltd started building AI Servers in Bharat

In its press release, on 17 September, Lenovo Group Ltd informed that the company initiated building Artificial Intelligence (AI) Servers in Pondicherry, moving beyond products such as laptops and smartphones. Lenovo, a Chinese company will also focus on establishing its facility out of Bangalore, including a research lab with a focus on AI. “This will be part of a broader shift as Lenovo positions itself for an anticipated boom in AI-empowered PCs and devices. The company will invest $ 1 billion globally over the next two years researching and developing AI platforms and hardware,” said Amar Babu, Lenovo’s Asia Pacific president. As Prime Minister Narendra Modi’s vision is to increase technological investment in the nation, Lenovo’s plan represent yet another victory for Bharat. Even if India’s tough relationship with China has deteriorated recently, international tech businesses still find it to be a desirable place to expand operations while Beijing and Washington are involved in a trade-tech war.^[5]

International

China hacked Verizon and AT&T networks and other major U.S. ISPs for months: WSJ Reports

According to the Wall Street Journal (WSJ) reports, China-supported hacking group— Salt Typhoon penetrated the networks several United States (U.S.) based Internet Service Providers (ISPs) and may have gained unauthorised access to systems used for court-authorised Wiretaps of communications networks. “For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful US requests for communications data, according to people familiar with the matter,” stated the WSJ reports. The Biden administration views China as its most significant strategic challenge, as it seeks to rival the United States economically, militarily and in terms of influence in the developing world. The U.S. intelligence community suspected involvement of China’s foreign intelligence service— the Ministry of State Security (MSS).^[6]

Singapore introduced a new Bill to counter deepfake and misinformation during elections

Singapore government, on 11 September, introduced a new Bill to combat the challenge of digitally manipulated content during elections, including misinformation generated using AI (Artificial Intelligence). The proposed safeguards under the Elections (Integrity of Online Advertising) (Amendment) Bill will be applicable to all digital content, audio/video, that realistically depicts a candidate saying or doing something that s/he did not, including contents made using non-AI tools such as Photoshop, dubbing, and splicing. Candidates will have the option to request that the Returning Officer (RO) examine any material that has inaccurately represented them if the Bill is approved. It is unlawful to falsely declare such misrepresentation, and doing so may result in a fine or the loss of an electoral seat. It is forbidden to post such stuff from the moment the Writ of Election is issued until the end of polling. Other people may also request to evaluate such content. Singapore’s general election is scheduled for November 2025.^[7]

The United States accused Iranian agents of hacking into Donald Trump’s presidential campaign

In the United States (U.S.) government’s efforts to address Iran’s attempts to interfere in the U.S. Presidential election, three Iranian operatives were charged with hacking Donald Trump’s presidential campaign. The three accused hackers were employed by Iran’s paramilitary Revolutionary Guard (IRGC), which the U.S. government has designated as a foreign terrorist organisation. Since 2020, their operation has sought to compromise e-mail accounts of several targets, which in addition to the Trump campaign also includes a former ambassador to Israel, a former CIA deputy director, officials at the State and Defense departments, a former U.S. homeland security adviser and journalists, according to the indictment.^[8]

Scottish government released strategic plans for its Cyber Coordination Centre

On 02 September, the Scottish government published its strategic plans for the Scottish Cyber Coordination Centre (SC3) covering up to 2027. Defined as a focal point for Scotland’s cyber security and digital resilience in the public sector, the plan will provide services to help protecting against and respond to cyber-attacks. According to the new three-year strategic plan, a “cyber-observatory” will be established, serving as a platform for the processing and storage of cyber security indicators from all public sector organisations in Scotland. Additionally, a “Cyber Resilience Early Warning” system will be established, which will promptly provide operational information to designated public sector organisations so that proactive cyber protection can be implemented.^[9]

Endnotes

^[1]Vengattil, Munsif and Aditya Kalra, “India’s Star Health sues Telegram after hacker uses app’s chatbots to leak data”, Reuters, 27 September 2024, available from: https://www.reuters.com/technology/cybersecurity/indias-star-health-sues-telegram-after-hacker-uses-apps-chatbots-leak-data-2024-09-26/ [2]
^[2]Note: VoLTE is a wireless communication standard for voice calls and SMS over mobile networks. VoLTE uses LTE radio access technology to provide high-quality voice and data services.
^[3]“Airtel cracks down on SPAM, launches India’s first AI-powered network solution for SPAM detection”, Bharti Airtel, 25 September 2024, available from: https://www.airtel.in/press-release/09-2024/airtel-cracks-down-on-spam-launches-indias-first-ai-powered-network-solution-for-spam-detection [3]
^[4]Dash, Dipak K. “NSCS takes charge of cybersecurity oversight in India”, Economic Times Telecom, 29 September 2024, available from: https://telecom.economictimes.indiatimes.com/news/internet/nscs-takes-charge-of-cybersecurity-oversight-in-india/113779821 [4]
^[5]Rai, Saritha. “Lenovo makes AI Servers in India as local tech push expands”, Bloomberg, 17 September 2024, available from: https://www.bloomberg.com/news/articles/2024-09-17/lenovo-to-make-ai-servers-in-india-as-nation-s-tech-push-deepens [5]
^[6]Nakashima, Ellen. “China hacked major U.S. telecom firms in apparent counterspy operation”, The Washington Post, available from: https://www.washingtonpost.com/national-security/2024/10/06/salt-typhoon-china-espionage-telecom/ [6]
^[7]Fang, Chin Soo. “Bill to combat digitally manipulated content, deepfakes during elections tabled in Parliament”, The Strait Times, 11 September 2024, available from: https://www.straitstimes.com/singapore/politics/bill-to-combat-digitally-manipulated-content-deepfakes-during-elections-tabled-in-parliament [7]
^[8]Tucker, Eric. “Iranian operatives charged in the US with hacking Donald Trump’s presidential campaign”, Associated Press, 28 September 2024, available from: https://apnews.com/article/trump-hacking-iran-justice-department-1d7d83ccdc6c879be2802142f1c47191 [8]
^[9]Quinn, Tom. “Strategic Plans Published for Scottish Cyber Coordination Centre”, Digit News, 04 September 2024, available from: https://www.digit.fyi/strategic-plans-published-for-scottish-cyber-coordination-centre/ [9]