Friday, March 31, 2023
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines, broken down by region of the world:
In the Americas
Trump Indicted, Putting U.S. Legal and Political Systems in Uncharted Territory. A Manhattan grand jury voted to indict former U.S. President Donald Trump on Thursday afternoon, marking the first time in U.S. history that a former president has faced criminal charges. The felony indictment charging Mr. Trump for his role in paying hush money to a porn star in the days before the 2016 presidential election includes more than two dozen counts, according to two people with knowledge of the matter. The charges against him are likely to be fully unveiled when he is arraigned, which will probably occur on Tuesday. Mr. Trump remains defiant and continues to proclaim his innocence. Even if he is ultimately convicted, the state case is unlikely to have any legal bearing on Mr. Trump’s presidential candidacy; the U.S. Constitution imposes no requirement that candidates for the highest office have a clean record, and there is a legal consensus that states are barred from imposing their own restrictions on presidential candidates. After the indictment was filed yesterday, the New York Police Department raised its alert levels as part of enhanced security measures being put in place throughout the city. Trump said earlier this month during a Fox interview that he would broker a negotiation between Russian President Vladimir Putin and Ukrainian President Volodymr Zelensky in 24 hours if reelected, and that the “war has to stop now.” He also said during that interview that he would allow Russia to “take over” parts of Ukraine; comments that were edited out of the final broadcast. New York Times Wall Street Journal
U.S., Allies Call for Commercial Spyware Controls. Building on Monday’s U.S.’ executive order on commercial spyware controls and this week’s Summit for Democracy, on Thursday the U.S. and some of its partner countries called for domestic and international controls to counter the proliferation and misuse of commercial spyware. The countries – including Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, the United Kingdom, and the U.S. – issued a joint statement saying that they are committed to preventing the export of spyware technology and equipment to end-users who are likely to use them for malicious activities. They added that they would share information with each other on spyware proliferation and misuse, including to better identify these tools. Reuters NextGov
Tsai Says Taiwan, U.S. ‘Closer Than Ever.’ Taiwanese President Tsai Ing-wen said during an event in New York that the best way to avoid war “is to make ourselves stronger," and claimed her country’s ties with Washington were “closer than ever.” She arrived Wednesday on her way to Central America, and is expected to meet U.S. House Speaker Kevin McCarthy, a meeting that China has warned could lead to a "serious confrontation.” The last high-level meeting of a similar nature involved then-U.S. House Speaker Nancy Pelosi, who visited Taipei last year, prompting China to conduct major military drills. Reuters Deutsche Welle
Two U.S. Citizens Kidnapped in Haiti. The U.S. State Department said Thursday that two U.S. citizens were kidnapped in Haiti on March 18th and are being held for ransom. The relatives of the couple say they had traveled to Haiti to visit relatives and that the gangs that kidnapped them are demanding $200,000 in ransom. The U.S. said it is coordinating with Haitian officials to secure the couple’s release. The kidnapping comes amid continued instability in Haiti, which has been rocked by gang violence and political turmoil since the 2021 assassination of President Jovenel Moise. ABC News Reuters New York Times
Newly Obtained Declassified IC Report on Havana Syndrome Cites Energy Weapon as Plausible Explanation. Brian Karem is out with a new report for Salon that looks at newly declassified information related to the ‘Havana Syndrome’ investigation. Citing a recently obtained declassified report, provided to the James Madison Project following a Freedom of Information Request, Karem writes that the full report seems to contradict the public narrative from government officials that say a foreign adversary using a directed energy weapon is not likely the cause of the mysterious medical ailments that have reportedly affected hundreds of US officials. The report, which is highly redacted, was originally prepared by the Intelligence Community in September of 2022, and while it does not offer any specific conclusions, does in one section suggest that an unknown device using ‘pulsed electromagnetic energy’ remains a plausible explanation. The CIA reportedly did not respond to a request for comment. Attorney for the James Madison Project Mark Zaid, who was cited in the Salon report, says that he understands the difficult position the government is in, and that if a foreign actor is responsible, it is essentially an ‘act of war’. Zaid added, however, that “there's just no way to conclude, after seeing this declassified report, that the AHIs are anything but manmade.” Salon
Western Europe
Turkey Approves Finland Accession Into NATO. In a strategic loss for Russia, Turkey’s Parliament voted on Thursday to approve Finland's NATO membership bid. The long-anticipated move paves the way for Finland to finally join the military alliance, pending some final paperwork. Officials and experts say Finland’s accession into NATO will shift the balance of power in the region, adding one of Western Europe’s most capable militaries and additional intelligence and border-surveillance abilities tailored towards Russia to the alliance. Cipher Brief Expert Admiral James Stavridis (Ret.) said the addition of Finland also adds a “huge, difficult-to-defend border” with Russia that “complicates” Moscow’s defense calculus. Sweden’s NATO application is still in limbo as Turkey still has issues with Stockholm’s support of groups that Ankara views as terrorist organizations. BBC New York Times Reuters
NATO Bans TikTok on Official Devices. NATO has banned staffers from downloading TikTok on NATO-issued devices over security concerns. NATO sent a note about the ban early Friday, making it official. However, NATO officials note that TikTok was not really accessible on NATO devices anyways due to existing technology restrictions. The ban comes after Western countries imposed similar restrictions on the app for government-devices. CNN
Macron Trip to China a Delicate International Balancing Act Amid Worsening Domestic Crisis. Reuters reports that French President Emmanuel Macron is traveling to China next week where he will meet with Chinese President Xi Jinping. Macron’s trip, a rare visit to China for him, comes amid an intensifying domestic crisis at home due to the recent changes in France’s pension laws, a move that has sparked massive protests. Some analysts point to the recently canceled visit to France by Britain's King Charles, as evidence that Macron is in a difficult position that has weakened him politically. A French official says that Macron will likely press Xi on China’s relationship with Russia and use France’s role as nuclear power to influence Beijing to distance itself from Moscow’s recent decision to station nuclear weapons in Belarus. Analysts also point to a likely attempt by Xi to divide the west by attempts to ‘lure’ France away from the US. Reuters
Central and Eastern Europe
Russia Says Ukraine Ceasefire Not Currently Possible, Would Block Moscow’s Goals. Kremlin spokesman Dmitry Peskov said Friday that Russia believes a ceasefire in Ukraine will not allow Moscow to achieve its current goals. He added that Ukraine is unable to agree to a peace process anyways, referring to Russia’s claim that the West has instructed Kyiv not to agree to a ceasefire. Peskov’s comments suggest Russia will not stop its assault on Ukraine anytime soon. His remarks were also in response to, and rejected, Belarusian President Alexander Lukashenko’s call for an immediate, unconditional ceasefire in Ukraine and for Moscow and Kyiv to open peace negotiations. Peskov said Russia had taken note of Lukashenko’s comments and that President Vladimir Putin would discuss the matter with him in the next few weeks. Reuters
Russia to Assume Rotating U.N. Security Council Presidency Despite Its War in Ukraine. Russia will assume the U.N. Security Council presidency on Saturday for the first time since its invasion of Ukraine in February 2022. The largely ceremonial role, which rotates monthly among the Council’s 15 members, focuses largely on planning and chairing meetings and managing administrative work. Typically, each presidency uses the period to highlight global issues that it considers priorities, and high-level officials chair some of the marquee events. Russia plans to convene at least two meetings in April – one on the transfer of weapons to Ukraine, and one on multilateralism and the U.N. charter – in addition to a previously scheduled meeting on Israel and Palestine. Russian Foreign Minister Sergei Lavrov plans to travel to New York to chair some of the meetings. The White House called for Russia to conduct itself professionally, and U.S. officials emphasized that holding the rotating presidency gives no credence to Russia’s conspiracy theories. New York Times Reuters
Senior Ukrainian Commander Says Russian Military is Running Out of Men in Bakhmut. The commander of Ukraine’s ground forces, Colonel-General Oleksander Syrsky said on Telegram that Russian forces are running out of manpower and losing the ability to continue advancing in areas around Bakhmut. Syrsky says Ukraine’s forces are continuing to defend Bakhmut and inflict heavy losses on the Russians and added that the Russian soldiers are ‘noticeably’ nervous in some areas. Syrsky’s comments follow a March 28 assessment by the Institute for the Study of War (ISW) which said that in the last 7 days, Russia has only been able to capture an additional 5% of ground. ISW believes that Russia currently occupies about 65% of the city, but says that Ukraine’s military is well positioned to launch counter-offensives across multiple sections of the front line. US Chairman of the Joint Chiefs of Staff General Mark Milley told US lawmakers earlier this week that the Ukrainians were doing a very good job at conducting the defense of Bakhmut and called it a “slaughter fest’ for Russian forces. Kyiv Post Kyiv Independent
Russia Offering Food to North Korea for Weapons. In another sign that Russia’s military is being strained by the Ukraine war, the White House said Thursday that U.S. intelligence suggests Russia will offer food to North Korea in exchange for munitions. U.S. national security spokesperson John Kirby announced the development, saying Russia is sending a delegation to North Korea to discuss the alleged deal and that the U.S. will be watching the matter closely. On a related note, the U.S. Treasury blacklisted a Slovakian man for acting as a broker between Moscow and Pyongyang earlier Thursday. The U.S. has accused North Korea of supplying Russia’s Wagner Group with weapons, which Pyongyang has denied. If the new food-for-arms deal is true, it may suggest Russia is needing to look to alternate military suppliers as its sanction-saddled defense industry struggles to support Russian forces in Ukraine. BBC Reuters
Asia
China Stages Combat Patrols in Taiwan Strait Amid Tsai Trip. Taiwan’s defense ministry reports that nine Chinese military aircraft crossed the Taiwan Strait’s median line while conducting combat readiness patrols early Friday. The ministry said the Chinese warplanes crossed points in the north, center and south of the unofficial median line. It also said that Taiwanese aircraft and naval vessels monitored the incurring Chinese plans in response. Officials also noted that no Chinese warships made irregular movements in the area. The move appears to be a follow up to Beijing’s threat of retaliation if President Tsai Ing-wen meets U.S. House Speaker Kevin McCarthy later in her Americas tour. Reuters
Japan Restricts Chip-Making Equipment Exports, Aligning with U.S. Efforts to Curb China. Japan announced Friday that it is restricting exports of 23 types of Japanese semiconductor manufacturing equipment, aligning with U.S. export controls targeting China’s semiconductor industry. Tokyo did not specify that the controls are aimed at China, saying export of the covered technology needs to be reviewed and approved for all regions. Japan trade officials added that it is imposing these export controls to ensure its technology is not used for military purposes. The move will greatly support U.S. measures to curb China’s access to chip making equipment, as chip industry leaders Japan and the Netherlands are needed to ensure U.S. efforts are effective. CNN Financial Times Nikkei Asia Reuters
Elon Musk Reportedly Planning China Visit. Tesla CEO Elon Musk is reportedly planning a trip to China and is seeking a meeting with China’s Premier Li Qiang. Sources say Musk is planning the visit as early as April but added that the trip is subject to Li’s availability. Musk’s visit to China would come as Tesla seeks to bolster its boost production and as Beijing seeks to attract foreign investment to help its post-Covid economic recovery. China is Tesla’s second-largest market, and the company has its largest factory in Shanghai. Forbes Reuters
Japanese Foreign Minister to Visit China. On Friday, Japanese Foreign Minister Yoshimasa Hayashi affirmed plans to meet Chinese Foreign Minister Qin Gang in Beijing on Saturday. Hayashi said the meeting will focus on several matters, particularly the incarceration of a Japanese employee of Astellas Pharma Inc. in China. This announcement comes amid increased tensions between the two countries, which are likely to escalate following Japan’s new export controls on semiconductor manufacturing equipment. This will limit China’s capability to create sophisticated chips. Reuters
Middle East and Northern Africa
U.S. Troops Injured By Recent Attacks in Syria. The Pentagon said on Thursday that six U.S. troops in Syria suffered from traumatic brain injuries after two attacks last week by Iran-backed militants. The injuries came from a drone attack on a U.S. base near the Syrian city of Hasaka and an attack on mission support site Green Village. A total of 12 U.S. troops have been wounded, and an American contractor killed, in strikes and counterstrikes in Syria in the past week. The Pentagon added that eight militants, believed to be linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), were killed during retaliatory U.S. airstrikes against two Iran-linked facilities in Syria. CNN New York Times Reuters
World Court Rules U.S. Illegally Froze Some Iranian Assets. The International Court of Justice (ICJ) ruled on Thursday that the U.S. illegally allowed courts to freeze assets of some Iranian companies. However, the ICJ said it does not have jurisdiction over the $1.75 billion in frozen assets from Iran’s central bank held by the U.S. since the bank is not a commercial enterprise. Despite this, Iran’s foreign ministry claimed the ICJ ruling as a victory, saying it shows Tehran’s “righteousness and the violations by the U.S. government.” U.S. officials dismissed this, noting that the main part of Iran’s case regarding the central bank assets was rejected. Iran had initially brought the sanctions case to the ICJ in 2016, accusing the U.S. of breaching a friendship treaty with the asset freezes. Associated Press Reuters
Sub Saharan Africa
Sudan Government Talks Stall over Security Sector Reform. Disagreements over restructuring the military have halted talks in Khartoum aimed at reaching an agreement to name a civilian government next month and pave the way for elections. The disagreement largely revolves around the timeline for integrating the powerful paramilitary Rapid Support Forces (RSF), which historically has operated independently and at times at the direction of the ruling political party, into the military. Integration of the RSF and placing the military under civilian authority are core demands of the protest movement that helped topple autocrat Omar al-Bashir four years ago. Army, police, and intelligence withdrew from the talks yesterday in protest against the lack of a timetable for integration; the army prefers a two-year timeline for integration, while the RSF proposed ten years. International facilitators have suggested five years. Lack of resolution on this issue may put the timetable for transition to a civilian government at risk; a more formal constitutional declaration is meant to be signed on April 6, with a civilian government to be named on April 11. Reuters
Cyber & Tech
The Vulkan Files: Russian Document Leak Exposes Moscow’s Cyberwar Operations. A rare leak of over 5,000 Russian military documents, dubbed the Vulkan Files, is shedding light on Moscow’s cyberwarfare operations. The documents, which were given to a German reporter from an anonymous source, detail how Russian intelligence agencies worked with Moscow-based defense contractor NTC Vulkan to strengthen the cyber capabilities of Russian hackers, including the government-backed Sandworm hacking group. According to the documents, Vulkan supported Russia’s cyber goals by providing needed hardware and software, engaging in social media disinformation, and helping train hackers and plan attacks. The documents also show that Vulkan planned to use U.S. hardware-software systems for Russia’s security and intelligence services. The files did not have details on specific targets or what programs have been deployed, but they do reveal Russia’s approach to conducting cyberattacks, especially regarding the vital role of contractor expertise. Both the Kremlin and Vulkan did not comment on the leak. Vulkan says on its website that it has ties with several Western companies, having done business in the past with tech giants like IBM, Boeing and Dell. Several of Vulkan’s former employees are also reportedly now working at Western firms. Washington Post
Hackers Compromise Installation Software for Supply Chain Cyberattack. Several cybersecurity companies – including Sophos, CrowdStrike and SentinelOne – identified a novel supply chain attack possibly linked to a North Korean hacking unit. According to the security researchers, the hackers are using a compromised version of a Voice Over Internet Protocol (VoIP) installation software from software company 3CX in the attack. This trojanized version of the software downloads malware on targeted systems, which allows hackers to steal credentials and other sensitive information. 3CX’s VoIP software serves around 12 million customers globally and is used by major companies including Toyota, McDonalds, Pepsi and Chevron. Analysis of the hacking campaign against 3CX suggests it may have started as far back as February 2022. SentinelLabs and Sophos could not attribute the attack to a group with high confidence, while CrowdStrike said North Korea’s Labyrinth Collima, or Lazarus Group, was behind the attack. Investigations and cyber response efforts are ongoing. BleepingComputer CrowdStrike CyberScoop TechRadar
U.S. Pledges $25 Million in Costa Rica Cybersecurity Support. The U.S. is committing $25 million in cybersecurity aid for Costa Rica. A senior U.S. official said the aid will go towards building a new Costa Rican cybersecurity operations center and funding hardware and software, as well as cyber training and planning efforts. The official also added that Costa Rican President Rodrigo Chaves made a “direct request” for the assistance, which was announced at the second Summit for Democracy. The funding comes after the Russia-linked Conti ransomware group and Hive ransomware group crippled Costa Rica’s government in separate attacks last year. CyberScoop Wall Street Journal
Tech Firms Axing A.I. Ethicists. Despite mounting concerns about the negative sides of rapidly developing artificial intelligence (A.I.), major technology firms are laying off workers focused on the ethical use of A.I. Twitch, Twitter and Microsoft are among the companies which have cut in-house ethicists in recent layoffs. Experts are raising the alarm that the short-term financial gains from losing A.I. ethics experts will be severely trumped by the long-term costs of allowing conditions for irresponsible A.I. Washington Post
Microsoft Fixes Bing Flaw that Put User Emails, Data At Risk. Microsoft says it patched a security flaw in Bing last month days before introducing new artificial intelligence-powered capabilities to the search engine. The flaw, which was first discovered by security firm Wiz Inc., created a misconfiguration error that could be exploited to both alter search results on Bing and allow access to emails and data of Bing users. Microsoft said it fixed the problem in early February and launched generative-A.I. capabilities on Bing just five days after. The flaw underscored the risks associated with the rapid introduction of A.I. into existing systems and technologies. Wall Street Journal
TikTok Inconsistent Disinformation Labeling Benefits Russian Propaganda. An analysis conducted on TikTok’s labeling of Russian state propaganda agencies revealed that the company’s policy has been inconsistent, ignoring dozens of accounts with millions of followers. Researchers at the Alliance for Securing Democracy, a bipartisan, transatlantic nonprofit operated by the German Marshall Fund that studies authoritarian disinformation, published the finding on Thursday. Such accounts have been used in the disinformation campaign Russia is waging. “US to hold biggest satanic gathering in history,” claims one of the videos on Sputnik.Brasil, a Russian media account currently unlabeled on TikTok. That sort of labeling surfaced during last week’s congressional hearing in which TikTok’s CEO was grilled about the platform’s ties to China. Associated Press
Cyber Experts Warn of Heightened Ransomware Risks in 2023. The Cybersecurity 202 Network from The Washington Post is predicting an escalation in ransomware risks. Amongst the Network, 67 percent of experts said ransomware threats in 2023 will increase compared to 2022. Only 10 percent of experts said the threats will decrease. The latter batch of experts said strengthened cyber defenses and cryptocurrency market volatility will hamper ransomware gangs. In contrast, the larger group of experts raising the alarm said ransomware groups will continue to hit softer targets, like schools and hospitals, and could possibly utilize artificial intelligence to launch more significant attacks. Much of the Network also noted the disconnect in reported payments and incident reporting. Washington Post
Phishing Emails Harder to Detect Due to A.I. Chatbots. Cyber experts are warning that artificial intelligence chatbots will make detecting phishing email scams more difficult. Specifically, experts say these chatbots will allow hackers to correct misspellings and poor grammar in their fraudulent emails. Without this poor language, both users and spam filters may find it harder to flag phishing emails. Again, this threat underscores risks behind the ongoing A.I. boom. The Guardian
Read deeply-experienced, expert-driven national security news, analysis and opinion inThe Cipher Brief
