Biden administration cracks down on 3D-printed ‘ghost guns’

The Biden administration is taking new measures that would limit the spread of 3D-printed guns. The Justice Department has issued a final rule with multiple measures restricting the sale and distribution of “ghost guns,” including a requirement for federally licensed dealers and gunsmiths to serialize any unmarked firearm (such as a 3D-printed gun) before selling it to a customer. You couldn’t print a gun at home and sell it to a store without some ability to trace its origins.

The rule also includes several other restrictions that aren’t aimed at 3D-printed weapons, including an effective ban on unserialized “buy build shoot” kits by treating them as firearms subject to strict licensing and background check requirements. The DOJ will also treat guns with split receivers as subject to regulations, and demands that licensed dealers keep “key records” until they shut down, not just for 20 years.

The move is the latest in a back-and-forth fight over attempts to regulate 3D-printed guns. After a case over Defense Distributed’s 3D-printed pistol bounced through courts (including the Supreme Court), the Trump administration’s State Department reached a settlement that legally allowed these homemade weapons. States sued the administration over alleged constitutional and procedural violations, earning a ban on the technology (albeit one with a claimed loophole). A judge determined that the Defense Distributed settlement violated procedural law, but the Trump administration tried to override that by transferring regulation to the Commerce Department and making it difficult to implement substantial limits. State attorneys general sued over the rule change.

A rule like this won’t stop individuals or black market operators from making and trading 3D-printed guns. It might, however, discourage licensed dealers from letting those guns enter their shops. If nothing else, it signals a reversal from the previous administration’s stance — the current White House sees untraceable 3D-printed firearms as significant threats.

Google blocks Russian parliament YouTube channel

Google has blocked Russia’s Duma TV YouTube channel, according to Reuters. On Saturday, the company said it had “terminated” the channel, which airs meetings of Russia’s lower house of parliament, for a violation of the platform’s terms of service.

“If we find that an account violates our Terms of Service, we take appropriate action,” a Google spokesperson told the outlet. “Our teams are closely monitoring the situation for any updates and changes.” The company added it was committed to complying with sanctions imposed on Russia following its invasion of Ukraine in late February.

The suspension quickly drew the ire of Russian officials, with a spokesperson for the country’s foreign ministry warning YouTube had “signed its own warrant.” Russia’s Roskomnadzor telecom regulator condemned the move and ordered Google to restore Duma TV’s YouTube access immediately. “The American IT company adheres to a pronounced anti-Russian position in the information war unleashed by the West against our country,” the agency said.

The response from Russian authorities suggests YouTube could become the latest Western internet service to face restrictions within the country. Shortly after the war in Ukraine began on February 24th, Russia moved to block access to Twitter. In March, it then cut off Facebook and Instagram – but not WhatsApp due to the chat app’s popularity among Russian citizens. It subsequently found the Meta-owned services guilty of “extremist” activity after the company said it would temporarily allow calls of violence in Ukraine and a handful of other countries.

Microsoft blocked Russian cyberattacks targeting Ukraine

Microsoft said it has disrupted cyberattacks from a Russia-linked group called Strontium (aka APT28 and Fancy Bear) targeting Ukraine and the West. The software giant obtained a court order allowing it to take control of seven internet domains being used by Strontium to coordinate attacks. It announces the news shortly after the FBI said it disrupted botnets also run by the GRU. 

“On Wednesday, April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks,” said Microsoft security VP Tom Burt. “We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications.”

Organizations targeted included Ukrainian institutions and media organizations, along with foreign policy government bodies in the US and EU. “We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” Microsoft said. 

Its actions are part of a larger effort by businesses and government to thwart a wave of attacks directed at Ukraine. Microsoft has been taking legal and technical action to seize infrastructure used by APT28 as part of an “ongoing long-term investment started in 2016,” said Burt. “We have established a legal process that enables us to obtain rapid court decisions for this work.”

The FBI announced yesterday that it had silently removed Russian malware that allowed the country’s GRU military intelligence arm to create botnets using infected computer networks. Strontium has reportedly operated since the mid-2000s and has been linked to attacks against US government agencies, EU elections, NGOs, non-profits and other agencies. 

Facebook may crack down on Russian government accounts to fight disinformation

Facebook says it’s eyeing new ways to limit the influence of official Russian government accounts as it sees a surge in cyber espionage and “covert influence operations” tied to “government-linked actors” from Russia and Belarus.

Facebook’s security researchers shared the update as part of the company’s first quarterly adversarial threat report, which detailed its latest efforts to prevent its platform from being exploited amid Russia’s invasion of Ukraine.

During a call with reporters, Meta’s President of Public Policy Nick Clegg said that the company has seen an uptick in state-backed disinformation and other efforts to sow misinformation. “Since Russia’s invasion of Ukraine, we’ve seen attacks on internet freedom and access to information intensified,” Clegg said. “It’s manifested itself in two ways: One focus is on pushing state propaganda through state-run media, influence operations and espionage campaigns. And the other aimed at closing down the flow of credible information.”

Clegg added that the company is considering new steps to prevent official government accounts from spreading disinformation, but didn’t elaborate. Though Facebook has been demoting Russian state media outlets since March, the company hasn’t had a clear strategy for addressing misinformation and lies about the war from official government accounts. Up to know, it’s taken one-off actions against specific posts, like when an account belonging to Russia’s UK embassy falsely claimed a photo of a hospital bombing was staged.

Now Facebook is apparently considering how it can better prevent these accounts from spreading misinformation, said Clegg, who has previously been a vocal defender of Facebook’s policy against fact-checking politicians. “We are actively now reviewing additional steps to address misinformation and hoaxes coming from Russian government pages,” Clegg said.

Official pages are just one area of concern for Facebook though. In its report, Facebook security researchers detailed several influence operations and other campaigns to manipulate its platform in favor of pro-Russian interests and disinformation.

“For example, we detected and disrupted recidivist CIB [coordinated inauthentic behavior] activity linked to the Belarusian KGB who suddenly began posting in Polish and English about Ukrainian troops surrendering without a fight and the nation’s leaders fleeing the country on February 24, the day Russia began the war,” they wrote in the report. “On March 14, they pivoted back to Poland and created an event in Warsaw calling for a protest against the Polish government. We disabled the account and event that same day.”

The company also said it saw renewed activity from Ghostwriter, an entity that uses phishing attacks on email accounts to take over its targets’ social media accounts. Facebook previously said Ghostwriter targeted a handful of Ukrainian journalists, military officials and other public figures at the start of the war. This time, Ghostwriter “attempted to hack into the Facebook accounts of dozens of Ukrainian military personnel,” Facebook wrote. “In a handful of cases, they posted videos calling on the Army to surrender as if these posts were coming from the legitimate account owners. We blocked these videos from being shared.”

Facebook also spotted renewed activity from Russia’s Internet Research Agency, the troll farm behind Russia’s 2016 election interference campaign that’s made repeated attempts to get back on Facebook in recent years. Facebook said their attempts to make new accounts on the platform were “unsuccessful” and appeared to be trying to drive traffic to a separate website that “blamed Russia’s attack on NATO and the West and accused Ukrainian forces of targeting civilians.”

Finally, Facebook also said it has removed “tens of thousands’ ‘ of accounts, pages and groups for using spammy and misleading tactics in an attempt to profit off the war in Ukraine. These efforts included meme pages posing as on-the-ground reports from Ukraine as well as spammers trying to sell merch or lure people to outside websites for ad revenue.

The FBI silently removed Russian malware to thwart global cyberattacks

Attorney General Merrick B. Garland has revealed that the United States secretly removed malware from computer networks around the world over the past few weeks to pre-empt Russian cyberattacks. As The New York Times reports, Garland’s announcement comes shortly after the White House warned companies that Russia could attack critical infrastructure in the country, such as financial institutions and the electric grid. Apparently, the malware the US removed enabled the intelligence arm of the Russian military called the GRU to create botnets out of the infected computer networks. 

According to the Justice Department, the malware was designed to infect firewalls and made the compromised networks part of a botnet called Cyclops Blink. It’s controlled by Sandworm, a notorious group that the US government had previously connected to the GRU. Cyclops Blink is Sandworm’s latest known botnet, and it only came to light back in February. It’s still unclear what Russia was planning to do with the hijacked computers, but botnets are typically used to perform large-scale Distributed Denial of Service (DDoS) attacks, as well as to send spam and to compromise sensitive information. 

In its press release, the DOJ said the FBI notified owners of infected devices in the US before Cyclops Blink was identified in February 23rd. It also notified companies outside the country through local law enforcement partners. However, US authorities didn’t want to wait to find out what the botnet would be used for. 

The Justice Department and the FBI obtained secret court orders in the US and secured the help of governments worldwide to quietly remove the malware from infected devices. Those court orders even gave them the power to remotely remove the malware from American companies’ networks without their knowledge. After the feds disinfected the compromised machines, they also closed the external management ports Sandworm was using for access.

Over the past months, the Biden administration has been exposing as much intelligence on Russia as possible without giving away its actions to catch Putin off guard. This disclosure is just its latest effort to send a message to the Russian president. The fact that Sandworm infiltrated networks around the world to create a botnet just shows, however, that there’s a cyber warfare going on that might end up affecting countries other than Ukraine. If you’ll recall, a major cyberattack took down Ukraine’s government websites before the Russian invasion of the country began. Ukraine’s government, as well as US and UK authorities, blamed the attacks on the GRU.

Canada considers law requiring Facebook, Google to pay news publishers

Canada may soon echo Australia in making internet companies pay news publishers to use their content. CBC Newsreports Canada’s ruling Liberal Party has introduced legislation requiring that Facebook, Google and other online firms compensate news outlets for either reproducing or easing access to content. The money would help foster the “sustainability” of Canadian news, according to the government.

Companies that don’t pay publishers would be subject to binding arbitration led by Canada’s telecom regulator, the Canadian Radio-television and Telecommunications Commission. The CRTC will also decide which news sources qualify for compensation.

Officials saw this as a matter of necessity. Heritage Minister Pablo Rodriguez claimed the news industry was “in crisis” and that publishers couldn’t rely on ad revenue like they had in the past. This merely addressed a “market imbalance,” he said.

We’ve asked Google and Facebook parent Meta for comment. In the past, they’ve maintained that publishers benefited from the traffic driven to their websites through search results and social media posts. They’ve also threatened to disable services rather than pay publishers, although Google ultimately caved in Australia and struck deals to avoid an arbitration battle. In a statement to CBC News, Google said it was “carefully reviewing” the legislation and “fully support[ed]” access to news.

The legislation may well pass. Although the Liberals don’t have a majority in Canada’s House of Commons, they recently reached an agreement with the New Democratic Party to advance bills reflecting shared interests. Whether or not it works as promised is another concern. As University of Ottawa internet research chair Michael Geist warned, there’s a concern that the CRTC’s role will lead to just a “handful” of major companies profiting at the expense of smaller outfits. If so, it might not prevent further damage to the country’s news industry.

Update 4/6 11:40AM ET: Google Canada spokesperson Lauren Skelly has shared the company’s full statement with Engadget. You can read the response below. Also, Meta Public Policy Manager Rachel Curran said her company was “currently reviewing” the legislation and would do more once it “fully understand[s]” the nature of the bill.

“We are carefully reviewing the legislation to understand its implications.  We fully support ensuring Canadians have access to authoritative news and we look forward to working with the government to strengthen the news industry in Canada.”

Twitter won’t let government-affiliated accounts tweet photos of POWs

Twitter is once again tightening its rules to address how its platform is handling the war in Ukraine. The company said Tuesday that it will no longer allow official government or government-affiliated accounts to tweet photos of prisoners of war “in the context of the war in Ukraine.”

The policy will apply to photos published “on or after April 5th,” according to an update in Twitter’s rules. Government accounts sharing such images will be required to delete them, said Yoel Roth, Twitter’s Head of Site Integrity. “Beginning today, we will require the removal of Tweets posted by government or state-affiliated media accounts which share media that depict prisoners of war in the context of the war in Ukraine,” Roth said.

“We’re doing so in line with international humanitarian law, and in consultation with international human rights groups. To protect essential reporting on the war, some exceptions apply under this guidance where there is a compelling public interest or newsworthy POW content.”

In a blog post, the company added that in cases in which there is a “compelling public interest” for a government account to share photos of prisoners of war, it would add interstitial warnings to the images.

While the new rules apply to official government and government-affiliated accounts, Twitter noted that it will take down POW photos shared by anyone with “with abusive intent, such as insults, calls for retaliation, mocking/taking pleasure in suffering of PoWs, or for any other behavior that violates the Twitter rules.”

Additionally, Twitter is taking new steps to limit the reach of Russian government accounts on its platform. Under a new policy, the company will no longer “amplify or recommend government accounts belonging to states that limit access to free information and are engaged in armed interstate conflict,” Roth said. “This measure drastically reduces the chance that people on Twitter see Tweets from these accounts unless they follow them.”

It’s not yet clear if or how Twitter plans to enforce this policy for contexts other than the war in Ukraine. In a blog post, the company left open the possibility that it would apply the rules to situations “beyond interstate armed conflict” but didn’t elaborate.

“Attempts by states to limit or block access to free information within their borders are uniquely harmful, and run counter to Twitter’s belief in healthy and open public conversation,” the company wrote. “We’re committed to treating conversations about global conflicts more equitably, and we’ll continue to evaluate whether this policy may be applied in other contexts, beyond interstate armed conflict.”

The changes are the latest way Russia’s invasion of Ukraine has forced Twitter to adapt its content moderation rules as tries to suppress Russia-backed disinformation. The company has already taken steps to limit the visibility of Russian state media outlets and turned off advertising and recommendations in both Russia and Ukraine. Russia has blocked Twitter since March 4th.

State Department’s new bureau makes cybersecurity a part of foreign policy

The Department of State has cut the ribbon on the Bureau of Cyberspace and Digital Policy (CDP), which is now in operation. The move makes cybersecurity a more formal area of focus for US foreign policy following a swathe of attacks linked to Russia and China.

Secretary of State Antony Blinken announced the CDP in October. The bureau comprises three policy units: International Cyberspace Security, International Information and Communications Policy and Digital Freedom.

The office will eventually be led by an Ambassador-at-Large, who will require Senate confirmation. Jennifer Bachus, a career member of the Senior Foreign Service, is running the bureau on an acting basis as senior official and principal deputy assistant secretary.

The bureau could help the US address cybersecurity threats both by itself and through partnerships with allies. A spate of major hacks have been attributed to state-linked actors from Russia and China over the last several years, including several Microsoft Exchange cyberattacks (for which the Biden administration pinned the blame on China). Others include the SolarWinds attack, over which the US has sanctioned multiple Russian companies, individuals and entities.

In February, FBI Director Christopher Wray said the agency had more than 2,000 active investigations related to thefts of US tech or information that were allegedly carried out by China. He claimed the country had a “massive, sophisticated hacking program that is bigger than those of every other major nation combined.” Shortly before Russia invaded the country in February, Ukraine’s government blamed it for a cyberattack against its websites.

President Biden signed an executive order last May that sought to bolster the country’s cybersecurity infrastructure. He followed that up in January with an EO that contained more concrete directives concerning the Defense Department, the intelligence community and national security systems.

Russia won’t cooperate on the International Space Station until sanctions are lifted

Russia’s Roscosmos will stop working with NASA and other western space agencies on the International Space Station. On early Saturday morning, Roscosmos director Dmitry Rogozin slammed international sanctions against Russia and said normal cooperation …