Challenges the Future Holds for the Metaverse and Cybersecurity

The metaverse is increasingly likely to be the target of cyberattacks that pose a real risk, both to the companies that choose to be active in it and to the users who access it. The growth of the metaverse emphasises the need to address the cybersecurity challenges posed by this new multimedia environment.

The metaverse is estimated to account for a 1 % share of the global economy, reaching $8-13 trillion by 2030, according to investment bank Citi. Precisely because of this growth, the metaverse is increasingly likely to be targeted by cybercriminals.

As explained by the websites Ooda and Lexology, the metaverse refers to a digital universe resulting from multiple technological elements that include virtual reality and augmented reality. The idea is that users can access the metaverse through 3D viewers and have virtual experiences. In fact, it is possible to create realistic avatars, meet other users or perform all those actions that we carry out on the Internet on a single platform, even including things like building real estate or a marketplace.

Therefore, the metaverse requires the concurrent use of many technologies, where augmented reality, cloud technologies and artificial intelligence are combined to become functional. In this universe, there is also the possibility of creating a new economy through cryptocurrencies.

Given the technologies involved, the risk of becoming a victim of cyberattacks in the metaverse is very high. In addition, the simultaneous use of such different technologies, as well as the collection and storage of infinite amounts of both personal and non-personal data, and the use of blockchain, make traditional monitoring and preventing of cyberattacks a complex and demanding task. For instance, there are dozens of cases of counterfeit works or products being sold in the decentralised world.

Although it is assumed that phishing activities may increase significantly with the metaverse, the following are also possible:

  • Identity theft: cybercriminals, through information found online and in the metaverse, could partake in user identity theft, for example by stealing avatars.
  • Cryptocurrency theft: cybercriminals could take possession of users’ wallets and passwords in the metaverse and carry out criminal actions.

However, the main cybersecurity concern in the metaverse should focus on personal data (as in the real world), which will be cybercriminals’ main target of attack.

Biometric data released by users can be used to take control of devices that enable the transition from virtual reality to augmented reality, as these use the user’s biometric data to enable access within the metaverse.

Companies will need to take precautions to prevent this type of attack, and ensure that their security systems are safe and do not include any vulnerable aspects that can cause serious damage not only to the economy and their reputation, but also to users. However, in this regard, there is still a lack of regulatory regimes that should be put in place as soon as possible to ensure the protection of the metaverse and its users.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Remote control of touch screens – the new cyberattack

As explained in an article published on the website thehackernews.com, researchers have demonstrated what they call the first active contactless attack against all types of touch screens.

According to research by a group of academics from Zhejiang University and the Technical University of Darmstadt in a new research paper, GhostTouch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it.

The basic idea is to harness electromagnetic signals to execute basic touch events, such as taps and swipes to specific locations on the touch screen with the goal of taking over remote control and manipulating the underlying device.

The attack, which works from a distance of up to 40 mm, is based on the fact that touch screens are sensitive to EMI, which is exploited to inject electromagnetic signals into transparent electrodes that are incorporated into the touch screen to register them as touch events.

The experimental setup involves an electrostatic gun to generate a pulse signal that is then sent to an antenna to transmit an electromagnetic field on the phone’s touch screen, which causes electrodes, acting as antennas, to pick up the EMI.

This can be further adjusted by selecting the signal and antenna to induce a variety of touch behaviours, such as press and hold and swipe to select, depending on the device model.

In a real-world scenario, this could occur in a variety of ways, such as swiping up to unlock a phone, connecting to a Wi-Fi network, stealthily clicking on a malicious link containing malware, and even answering a phone call on the victim’s mobile phone.

In places such as a cafe, library, meeting room or conference lobbies, people should put the smartphone face down on the table, the researchers explained. However, an attacker can embed the attack equipment under the table and launch attacks remotely.

Up to nine different smartphone models have been found vulnerable to GhostTouch: Galaxy A10s, Huawei P30 Lite, Honor View 10, Galaxy S20 FE 5G, Nexus 5X, Redmi Note 9S, Nokia 7.2, Redmi 8 and an iPhone SE (2020), the last of which was used to establish a malicious Bluetooth connection.

To counter the threat, the researchers recommend adding electromagnetic shielding to block EMI, improving the touchscreen detection algorithm, and asking users to enter the phone’s PIN or verify their faces or fingerprints before carrying out high-risk actions.

GhostTouch controls and shapes the near-field electromagnetic signal and injects touch events into the targeted area of the touchscreen without the need to physically touch or access the victim’s device, researchers explain.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Addressing the Threat of 3D Printed Firearms

Law enforcement professionals, ballistic experts, forensic scientists, policymakers and academia came together a few weeks ago in The Hague, the Netherlands, for one of the world’s largest meetings on the threat of 3D printed weapons.

 Some 120 participants from 20 countries gathered for the International Conference on 3D Printed Firearms, organised by Europol and the Dutch National Police (Politie) as part of EMPACT Firearms, to address the latest challenges that law enforcement face in their efforts to address this threat.

Fundamental processes for developing joint intervention strategies in this field were explored, including tactical and forensic research, software, scientific developments and legislation.

When opening the conference, Police Chief Gerda van Leeuwen of the Dutch National Police described the development of 3D printed firearms as a current and future threat. International cooperation is therefore considered crucial in order to retaliate.

Nowadays, 3D printed weapons are no longer reserved for works of fiction:

In 2019, two people were shot dead in Halle, Germany, by a perpetrator using a homemade gun partially manufactured with a 3D printer using a blueprint downloaded from the Internet.

In April 2021, the Spanish National Police raided and shut down an illegal workshop producing 3D printed weapons in the Canary Islands. The police seized two 3D printers, weapon components, a replica assault rifle and several manuals on urban guerrilla warfare and white supremacist literature. The owner of the workshop was arrested and charged with illegal possession of weapons.

A month later, two men and a woman were arrested in Keighley, UK, as part of a terrorism investigation. All three were charged with possessing 3D printed weapon parts.

Conclusions of the conference worth mentioning include:

  • Law enforcement and the industry/private sector must unite forces and collaborate in order to identify and control developments around 3D printed firearms.
  • An international network of 3D printed firearms experts will be created and assigned the task of keeping law enforcement up to date on the developments in the production of these homemade weapons.
  • A fact sheet will be drawn up from the participants’ key recommendations and other developments around 3D printed firearms, and distributed to partners and policymakers around the world.

Firearm trafficking is a priority for EU law enforcement. The European Multidisciplinary Platform Against Criminal Threats (EMPACT) has developed strategic and operational plans to address the threat as part of its Firearms Project. Within this sphere, Europol’s “Weapons and Explosives” analysis project leads 16 countries in their battle against the threat of 3D printed weapons.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Could a cybersecurity incident be predicted?

As published by Ooda Loop, if you think of three big companies such as, for example, Amazon, Google or Tesla, the first two words that would come to your mind are innovation and disruption. They broke into their respective industries by predicting the future correctly. Similarly, there has always been the question of whether the type of security incidents you can expect to find in your company could be predicted. If the answer is yes, you could save a lot of time and resources in building a threat detection framework. But, as is known, in real-world monitoring, detecting a real incident is like finding a needle in a haystack.

Usually, hackers perform reconnaissance work on a company to detect the strengths and weaknesses of this infrastructure. Based on the outcome of this activity, they design their payload to have a higher probability of success. In this scenario, if defenders can predict a hacker’s technique and create a detection model, then the chances of detecting and responding to such incidents quickly would be much greater.

To build this prediction framework, two essential data sets are needed to begin with. The first is the list of techniques that hackers use to jeopardise a company. Fortunately, the framework Mitre Att&ck already provides these techniques. The second is to map the use cases of the Security Information and Event Management (SIEM) with Mitre Att&ck techniques. This will help defenders understand the blind spot in their detections against the different methods used by hackers. For example, one of the techniques could be configuring a task as a defender: you would have to look for relevant use cases and appropriate logs available in your SIEM. In this scenario, the Windows event logs should be available in the SIEM platform, and the detection use case should look for the Windows event ID 4698.

After the previous activity, it will be possible to learn about techniques where there is no coverage from the point of view of use. These techniques can be mapped using the Mitre mapping matrix to determine which antagonists will have a higher success rate against any given company. Once this activity is carried out, defenders can take a focused approach to building multiple threat search models to detect these antagonists. This approach also helps to improve an organisation’s log coverage across all its devices.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Alarming increase in ‘ghost guns’ interventions in the United States

The term ghost guns — derived from the fact that these firearms are not serialized, are difficult to trace, and are often invisible to the monitoring and regulation of traditionally manufactured firearms — refers to a wide range of home-made or improvised firearms.

Assembled from parts, including those developed using 3D printing technology, or from kits that include unfinished parts (usually assembled by the recipient), ghost guns require the buyer to be competent only in basic machining in order for the gun to work.

In the United States, current federal firearms regulations do not require manufacturers of such parts or unfinished parts or those who assemble them to include serial numbers, because unassembled parts are not considered firearms. Therefore, ghost gun parts and kits can be purchased online, without being subject to most firearms regulations. Ghost guns present unique challenges to law enforcement agencies and make traditional investigative techniques less effective.

Concerns about the public safety risks posed by ghost guns are on the rise. The ease of transforming parts and kits into functional firearms without having to go through background checks has made these weapons more accessible and probably more common. In addition, because these kits are not currently regulated by federal law, buyers are not required to undergo a check of the finished parts or firearm.Among other features, it is worth noting:

  • While ghost guns can be produced through a variety of methods, the most relevant to public safety are those produced using 3D printing.
  • Ghost guns can be assembled quickly and in large numbers, creating new avenues for networks and weapons trafficking schemes.
  • Ghost guns make it difficult or ineffective to investigate leads or track down firearms.
  • Ghost guns do not have serial numbers or other identifiers that are commonly used during the investigation process.
  • The number of ghost guns used in crimes increased substantially in 2020 for many U.S. law enforcement agencies. For example, between 2019 and 2020, ghost guns recovered by the Philadelphia and San Diego police departments increased by 163% and 172%, respectively. Likewise, the Prince George’s County Police Department saw a 252% increase in ghost guns recovered between 2019 and 2020.
  • Recovered ghost guns should be identified as such and should be processed as much as possible.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The European Council approves conclusions on the impact of the pandemic on internal security and terrorist threat

With regard to internal security, the conclusions acknowledge the unpredictable threats and challenges that the crisis posed to the internal security landscape.  Focusing on making better use of existing means of cooperation and building upon established structures, the Council:

– encourages member states to identify practical solutions to prevent difficulties in strategic operational and tactical cross-border law enforcement cooperation.

– underlines the need to prevent the infiltration of criminal networks in the implementation of the Next Generation EU.

– encourages CEPOL and the member states to develop scenario-based training and practical exercises to ensure preparedness and resilience for future pandemics and other crises.

– stresses the need for the Commission to support Europol and the innovation laboratory to set up a common, resilient and secure instrument for communications in the EU law enforcement cooperation framework.

– recommends to member states that they develop and promote awareness campaigns for their citizens to prevent the impact of cybercrime activities, as well as misinformation and hate speech.

– encourages member states to share best practices on strategies that improve reporting channels for victims of crimes, such as domestic violence and sexual abuse, during lockdown and crisis situations.

So far, the impact of the COVID-19 pandemic on the terrorist threat seems to have been limited. However, the protracted pandemic may increase member states’ vulnerabilities and the risks of radicalisation. The online presence of extremist groups is on the rise since the outbreak of the COVID-19 pandemic. Due to COVID-19, counter-terrorism authorities have had to increasingly rely on online capabilities, making their work more difficult.

In the medium to long term, the pandemic and its socio-economic consequences may prove to be a favourable breeding ground for extremist narratives. Some (violent) far-left, far-right and Islamist extremist groups have already incorporated COVID-19 into their narratives, and this might pose security challenges in the medium and long term. The conclusions, therefore:

– Call on member states to continuously contribute to the assessment of the online dimension of the terrorist threat by providing information to the relevant EU bodies. INTCEN (EU Intelligence and Situation Centre) and Europol should continue to deepen their assessment of the impact of the pandemic on terrorist operations.

– Invite member states to swiftly give effect to the regulation on terrorist content online, and the Commission and EU internet referral unit to provide support with their technical and operational expertise.

– Underline the influence of algorithms and their role in fostering radicalisation as another key point that deserves attention.

– Note the need to pay increased attention to emerging security risks, as well as opportunities, stemming from new technologies and underline the role of the EU innovation hub.

– Underline the utmost importance of continuing to develop secure VTC systems and channels for the exchange of classified information.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Europe seeks to limit the use of artificial intelligence in society

The use of facial recognition for surveillance, or algorithms that manipulate human behaviour, will be banned under proposed EU regulations on artificial intelligence.

The wide-ranging proposals, which were leaked ahead of their official publication, also promised tough new rules for what they deem high-risk AI. That includes algorithms used by the police and in recruitment.

Experts said the rules were vague and contained loopholes. The use of AI in the military is exempt, as are systems used by authorities in order to safeguard public security.

The suggested list of banned AI systems includes:

• Those designed or used in a manner that manipulates human behaviour, opinions or decisions, causing a person to behave, form an opinion or make a decision to their detriment.

• AI systems used for indiscriminate surveillance applied in a generalised manner.

• AI systems used for social scoring.

• Those that exploit information or predictions or a person or group of persons to target their vulnerabilities.

For AI deemed to be high risk, member states would have to apply far more oversight, including the need to appoint assessment bodies to test, certify and inspect these systems.

And any companies that develop prohibited services, or fail to supply correct information about them, could face fines of up to 4% of their global revenue.

High-risk examples of AI include:

• Systems which establish priority in the dispatching of emergency services

• Systems determining access to or assigning people to educational institutes

• Recruitment algorithms

• Those that evaluate creditworthiness

• Those for making individual risk assessments

Crime-predicting algorithms

As well as requiring that new AI systems have human oversight, the EC is also proposing that high-risk AI systems have a so-called switch, which could either be a stop button or some other procedure to instantly turn the system off if needed.

With this legislation, the EC has had to walk a difficult line between ensuring AI is used as what it calls a ‘tool’ to increase human well-being, and also ensuring it doesn’t stop EU countries competing with the US and China over technological innovations.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Facial recognition tools and their usage in Spain

Dozens of academics, professionals and activists from various fields have called on the Spanish Government to ban the use of facial recognition tools in Spain until there is a law to regulate them. The request comes at a time when the technology is already being used in both public and private settings.

The petition’s signatories are calling for a moratorium on the use and marketing of facial recognition and analysis systems by public and private companies. They want the European legislative institutions to discuss which tools can be used, in what way, under what conditions, with which guarantees and for what purposes the use of such systems should be permitted.

The petitioners argue that the Government must consider regulating the technology before its usage continues to expand and become more prevalent. In short, if facial recognition does not fall under any current specific law to safeguard citizens’ rights, they fear it is the law that must adapt to existing practices.

The signatories refer to the fact that the technology represents an intrusion into people’s private lives without their explicit consent, calling into question fundamental issues linked to social justice, human dignity, equity, equal treatment and inclusion.

The use of facial analysis programmes can lead to civil rights issues. Specifically, they say that assimilating a person to a group based on their biometric traits or data is highly problematic because it perpetuates stereotypes, regardless of the field in which it is used. For example, assuming that a person may be dangerous or likely to default because others like her are is an unfair premise.

There is ample evidence to suggest that associating postures, gestures, facial features, skin colours, hairstyles, or clothing with possible problematic behaviours or intellectual and financial capabilities may result in racist, classist, or sexist classifications.

Furthermore, facial recognition has led to false positives and false negatives on many occasions because it predominantly relies on how the artificial intelligence is trained and with what type of images. If it is trained with lots of photographs of white men or with specific light conditions, to name two examples, the facial analysis will tend to be less accurate for black people or in different light conditions.

There are, therefore, multiple reasons – both technical and ethical – for creating a commission to investigate the need for a moratorium, which is considered essential and urgent. To conclude, it has also been suggested that this commission should be an independent body composed of scientists, jurists, experts in ethics and artificial intelligence and members of civil society, particularly from those groups most likely be affected by these systems.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Organised crime groups fuel a rise in violent crime in the EU

A new report by Europol warns that organised crime groups are increasingly employing violence in pursuit of their criminal objectives, and such violence represents a threat to public security in the EU.

Based on an analysis of contributions made by Member States to Europol in recent years, there has been a rise in the number of violent incidents associated with organised crime. Furthermore, the analysis points to an increasing willingness from criminal groups to resort to lethal violence.

In this report, Europol highlights the factors underpinning this trend and the challenges it poses to law enforcement and develops a set of recommendations.

The involvement in criminal gangs of younger and inexperienced hit men and the accessibility of firearms and explosives, together with violent incidents often perpetrated in crowded public places and broad daylight are considerable threats to public security.

Criminal groups are exploiting large EU ports as transit points, and the streets of the surrounding cities are particularly vulnerable to violence. International organised crime groups have established footholds in and around these ports, where the corruption and intimidation of workers critical to the unloading and storage of illicit commodities, and the competition for distribution are taking place.

The rise in violence in illicit markets can be linked to growing competition among criminal networks. Most drug-related fatal and serious incidences of violence have been reported in the cocaine and cannabis markets, which have recently attracted new players.

The report also points to an increased use of serious violence by organised crime groups to carry out their criminal activities. These violent crimes do not exclusively affect criminals; they target non-criminals including victims of human trafficking, violent robberies, law enforcement officers, lawyers, witnesses and informants, investigative journalists, or uncooperative dock workers.

On the basis of its analysis, Europol has drawn up a set of recommendations to support law enforcement authorities in countering organised crime:

• Proactively anticipate trends and shifts in criminal markets and network structures.

• Adopt a comprehensive step-by-step approach that includes detection and deterrence (including attacking criminal finances at an earlier stage).

• Focus on the processes and resources by which crimes are committed in order to identify points for intervention.

• Continue to promote cooperation at regional and international levels.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Nayib Bukele regards the 1992 Peace Accords in El Salvador as a farce

The President of El Salvador, Nayib Bukele, cancelled the commemoration of the Chapultepec Peace Accords successfully led by the UN in 1992, which put an end to a 12-year civil war that left more than 75,000 dead in the Central American country.

Human rights organisations, victims of the war, opposition groups, intellectuals and ex-guerrillas have taken a stand against the Salvadoran president’s recent remarks about the Peace Accords signed 29 years ago.

Outrage erupted in El Salvador on the 16th of January this year when, for the second year in a row, the president refused to commemorate the signing of the Peace Accords. Moreover, he declared the Peace Accords a farce, a work of the elites and a pact between the corrupt. For Bukele, the signing of the peace agreements did not represent any improvement for the population in their most basic rights but rather translated to a new a phase of increased corruption, social exclusion and fraudulent enrichment of the signatory sectors – referring to members of the government at the time and the Farabundo Marty National Liberation Front (FMLN).

Following his statement, a group of social organisations and victims of the armed confrontation called on Bukele to respect the accords and maintain the government’s commitment to human rights, while a hundred Salvadoran and foreign academics published a letter rejecting the president’s statements and demanding respect for the truth and historical memory.

Bukele had already created a political storm in El Salvador by preventing the unblocking of military files related to the El Mozote Massacre in direct contravention of a court order to inspect the files as part of the judicial process intended to shed light on the massacre that took place there.

Former guerilla members of the People’s Revolutionary Army (ERP), one of the groups close to the FMLN, have also criticised Bukele. Very few families in this country escaped without being injured, directly involved or in some way touched by the drawn-out confrontation. By making these denialist statements, the president is again creating division in the country, when the Peace Accords are the achievement of the entire Salvadoran society, not just the political parties.

But Bukele’s attempts to erase others have worked for his political career in the past, and he has stated he intends to win at the legislative and municipal elections in February. That is his goal, as it was the goal of all the politicians that preceded him. Politicians who no longer applaud him but are a burden to him, and his strategy is to erase them at the ballot box and from the memory of all Salvadorans.

_____

Aquest apunt en català / Esta entrada en español / Post en français