Security

Russia tells UN it wants vast expansion of cybercrime offenses, plus network backdoors, online censorship

And said entirely with a straight face, too


Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime.

The proposal, titled "United Nations Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes," [PDF] calls for member states to develop domestic laws to punish a far broader set of offenses than current international rules recognize.

Russia, the ransomware hotbed whose cyber-spies were blamed for attacking US and allied networks, did not join the 2001 Budapest Convention on Cybercrime because it allowed cross-border operations, which it considers a threat to national sovereignty.

Russian media outlet Tass also said the 2001 rules are flawed because they only criminalize nine types of cyber offenses. The new draft convention from Russia, submitted last week, defines 23 cybercrimes for discussion.

Russia's proposed rule expansion, for example, calls for domestic laws to criminalize changing digital information without permission – "the intentional unauthorized interference with digital information by damaging, deleting, altering, blocking, modifying it, or copying of digital information."

The draft also directs members states to formulate domestic laws to disallow unsanctioned malware research – "the intentional creation, including adaptation, use and distribution of malicious software intended for the unauthorized destruction, blocking, modification, copying, dissemination of digital information, or neutralization of its security features, except for lawful research."

It would forbid "the creation and use of digital data to mislead the user," such as deep fakes – "the intentional unlawful creation and use of digital data capable of being mistaken for data already known and trusted by a user that causes substantial harm."

The proposal also contemplates a broader basis for extradition by stating that, where allowed by domestic law, the listed cybercrimes should not be considered "political offenses" (mostly exempt from extradition under current international conventions).

The United States looks forward to an open, transparent, and inclusive process for considering this new global treaty

The Biden administration has called for improved cybersecurity and, following the recent US-Russia Summit, may be inclined to engage with Russia at the UN to modify the language of the proposal so that it's compatible with US norms and policy goals.

“UN member states are beginning negotiations towards a new global treaty to combat cybercrime, which should take into account and preserve existing international agreements,” a US State Department spokesperson told The Register in an email.

“That process is still in a nascent stage and states only recently established the procedures and rules for treaty negotiations. The first negotiating session on the substance of a new treaty will take place in early 2022.”

“The United States looks forward to an open, transparent, and inclusive process for considering this new global treaty. This submission from the Russian Federation is one of many anticipated contributions by member states to this process.”

Via Twitter, Dr Lukasz Olejnik, independent cybersecurity researcher and consultant, noted that the draft convention disallows online communication calling for "subversive or armed activities directed towards the violent overthrow of the regime of another State," and requires service providers to provide "technical assistance," which generally means providing a backdoor for authorities.

"It's another attempt in the longer history of such projects attempted for submission by Russia," said Olejnik, a former cyberwarfare advisor at the International Committee of the Red Cross in Geneva.

Russia, he said, has been consistently submitting proposals of this sort for a while, pointing to a similar draft from 2011.

"This new proposal is particularly large, basically a complete proposal for a cybercrime or cybersecurity treaty," said Olejnik. "While it is clear that cybersecurity is among the top agenda items in domestic and international policy (think the recent Biden-Putin meeting in Geneva as a good example), the proposal has a number of contentious items that would be rather hard to swallow for many Western countries and societies, in particular clauses such as those that would potentially curb freedom of speech, expression or press."

Olejnik said the draft rules call for technical backdoors in network systems, network wiretapping capabilities, and potential technical censorship.

Where Western countries are concerned with "cybersecurity," he said, Eastern countries tend to focus on "information security," which often encompasses the press and social media.

"I don't think that the project stands a particularly significant chance, at least as of today, but with the political process of the UN, who knows what happens in a few months," said Olejnik. ®

Send us news
38 Comments

Forget that Loon's balloon burst, we just fired 700TB of laser broadband between two cities, says Google

Up to 20Gbps link sustained over the Congo in comms experiment

Engineers at Google’s technology moonshot lab X say they used lasers to beam 700TB of internet traffic between two cities separated by the Congo River.

The capitals of the Republic of the Congo and the Democratic Republic of Congo, Brazzaville and Kinshasa, respectively, are only 4.8 km (about three miles) apart. The denizens of Kinshasa have to pay five times more than their neighbors in Brazzaville for broadband connectivity, though. That's apparently because the fiber backbone to Kinshasa has to route more than 400 km (250 miles) around the river – no one wanted to put the cable through it.

There's a shorter route for data to take between the cities. Instead of transmitting the information as light through networks of cables, it can be directly beamed over the river by laser.

Continue reading

Apple's M1 MacBook screens are stunning – stunningly fragile and defective, that is, lawsuits allege

Latest laptops prone to cracking, distortions, owners complain

Aggrieved MacBook owners in two separate lawsuits claim Apple's latest laptops with its M1 chips have defective screens that break easily and malfunction.

The complaints, both filed on Wednesday in a federal district court in San Jose, California, are each seeking class certification in the hope that the law firms involved will get a judicial blessing to represent the presumed large group of affected customers and, if victorious, to share any settlement.

Each of the filings contends Apple's 2020-2021 MacBook line – consisting of the M1-based MacBook Air and M1-based 13" MacBook Pro – have screens that frequently fail. They say Apple knew about the alleged defect or should have known, based on its own extensive internal testing, reports from technicians, and feedback from customers.

Continue reading

Microsoft's Azure Virtual Desktop now works without Active Directory – but there are caveats

General availability of Azure AD-joined VMs

Microsoft has declared general availability for Azure Virtual Desktop with the VMs joined to Azure AD rather than Active Directory, but the initial release has many limitations.

Azure Virtual Desktop (AVD), once called Windows Virtual Desktop, is Microsoft's first-party VDI (Virtual Desktop Infrastructure) solution.

Although cloud-hosted, Azure Virtual Desktop is (or was) based on Microsoft's Remote Desktop Services tech which required domain-joined PCs and therefore a connection to full Windows Active Directory (AD), either in the form of on-premises AD over a VPN, or via Azure Active Directory Domain Services (AAD DS) which is a Microsoft-managed AD server automatically linked to Azure AD. In the case that on-premises AD is used, AD Connect is also required, introducing further complexity.

Continue reading

It's bizarre we're at a point where reports are written on how human rights trump AI rights

But that's what UN group has done

The protection of human rights should be front and centre of any decision to implement AI-based systems regardless of whether they're used as corporate tools such as recruitment or in areas such as law enforcement.

And unless sufficient safeguards are in place to protect human rights, there should be a moratorium on the sale of AI systems and those that fail to meet international human rights laws should be banned.

Those are just some of the conclusions from the Geneva-based Human Rights Council (HRC) in a report for the United Nations High Commissioner for Human Rights, Michelle Bachelet.

Continue reading

Aviation-themed phishing campaign pushed off-the-shelf RATs into inboxes for 5 years

Not all promises of international flight itineraries are real, warns Cisco Talos

A phishing campaign that mostly targeted the global aviation industry may be connected to Nigeria, according to Cisco Talos.

The malicious campaigns centred around phishing emails linking to "off-the-shelf malware" being sent to people around the world – even those with a marginal interest in commercial aviation.

Although Talos couldn't confirm the threat actor behind the campaign was actually based in Nigeria or associated with the Nigerian state, Cisco's infosec arm was able to say with confidence that the campaign had been running for at least three years.

Continue reading

RIP Sir Clive Sinclair: British home computer trailblazer dies aged 81

From pocket calculators to ZX Spectrum and beyond

Sir Clive Sinclair died on Thursday at home in London after a long illness, his family said today. He was 81.

The British entrepreneur is perhaps best known for launching the ZX range of cheap microcomputers, which helped bring computing, games, and programming into UK homes in the 1980s, at least.

This included the ZX80, said to be the UK's first mass-market home computer for under £100, the ZX81, and the trusty ZX Spectrum. And then there was the Sinclair QL, which was Sir Clive's big shot at business.

Continue reading

The age of the Service Pack is over. The time of the Modern Servicing Model has come

It's CUs and GDRs here on out for Microsoft's SQL Server

It's the end of an era. Microsoft has finally released its very last SQL Server service pack.

Microsoft first warned the end was nigh some years ago, but the reality is here: SP3 for SQL Server 2016 is to be the last, the service pack beloved by administrators around the world killed off in favour of a "Modern Servicing Model."

The successors to SQL Server 2016 have already moved on from service packs, according to Microsoft, with only Cumulative Updates (CU) and General Distribution Releases (GDR) filling the void.

Continue reading

CityFibre scores extra £1bn+ of funding to plumb in up to eight million British homes by 2025

Ikea parent Interogo Holding among the investors

Full-fibre network operator CityFibre has grabbed £1.125bn in financing to help support its plan to wire up to eight million homes in the UK.

The funding is made up of £825m of equity from new investors – Abu Dhabi sovereign wealth fund, Mubadala Investment Co, and Interogo Holding, a private equity investor best known for owning flat-packed furniture maker Ikea.

CityFibre’s coffers are swelled still further with a £300 million extension to its banking facilities.

Continue reading

Hack yourself before someone else does it for you

Breach and attack simulation tools help you raise your game, Keysight says

Sponsored Stop me if you’ve heard this before, but something appears to be amiss with cybersecurity. The spectacular success of ransomware is only the latest and worst example, a phenomenon in which small groups of often barely technically literate attackers ransack some of the biggest and best resourced companies on earth for easy money.

Tens of millions of dollars head out the door every day in this dystopia and yet it is becoming a quickly forgotten blur. Most industries would have folded with this record of failure and yet, on the contrary, cybersecurity is booming. Ironically, as the attack earlier in 2021 on FireEye shows, even security companies full of elite white hats can’t stop the bad people.

Is it that the cybersecurity kit doesn’t work or that the people deploying it inside organizations don’t know how to use it? Either explanation is plausible but there’s a third possibility – networks are inherently complex, getting more so, and change so much every day that things that were working yesterday end up being fumbled.

Continue reading

Bepanted shovel-toting farmer wins privacy payout from France TV

Unwitting star of #Slipgate viral images awarded reduced damages, tempts Streisand effect

A French farmer who was filmed setting about bird conservationists with a shovel while in his underpants has won damages from a TV company that filmed the incident for violating his privacy.

The set-to originally occurred back in 2015, when a French bird conservation group called the Ligue pour la Protection des Oiseaux (LPO, or Bird Protection League in English) invited a group of journalists to accompany them as they investigated a farm in Audon in southwestern France for bird traps.

Bird trapping, in which songbirds are trapped using various techniques and later eaten, is mostly forbidden in France, but it is still practised in many regions either illegally or via legal exemptions issued for supposed small-scale trapping.

Continue reading

OpenSilver throws Microsoft Silverlight devs a lifeline as end of support looms – or you could forget it ever happened

Open-source project migrates deprecated apps to WebAssembly

Microsoft Silverlight, now only supported in the legacy Internet Explorer, goes completely end of life on 12 October – but an open-source project called OpenSilver has appeared to convert Silverlight projects to WebAssembly.

Silverlight is a plugin developed by Microsoft in what now seems like an alternative universe, when Adobe Flash looked like it might become the de facto platform for multimedia and a strong contender for cross-platform client applications.

The first version of Silverlight appeared in 2007 as a multimedia player, but was soon followed by versions that included a cut-down .NET runtime and could run both in the browser and on the desktop, on Windows and Mac (Linux support was claimed but never fully delivered). Silverlight content and applications were defined in XAML, a slimline version of Windows Presentation Foundation. Silverlight also became the runtime for applications on Windows Phone.

Continue reading