The European Council approves conclusions on the impact of the pandemic on internal security and terrorist threat

With regard to internal security, the conclusions acknowledge the unpredictable threats and challenges that the crisis posed to the internal security landscape.  Focusing on making better use of existing means of cooperation and building upon established structures, the Council:

– encourages member states to identify practical solutions to prevent difficulties in strategic operational and tactical cross-border law enforcement cooperation.

– underlines the need to prevent the infiltration of criminal networks in the implementation of the Next Generation EU.

– encourages CEPOL and the member states to develop scenario-based training and practical exercises to ensure preparedness and resilience for future pandemics and other crises.

– stresses the need for the Commission to support Europol and the innovation laboratory to set up a common, resilient and secure instrument for communications in the EU law enforcement cooperation framework.

– recommends to member states that they develop and promote awareness campaigns for their citizens to prevent the impact of cybercrime activities, as well as misinformation and hate speech.

– encourages member states to share best practices on strategies that improve reporting channels for victims of crimes, such as domestic violence and sexual abuse, during lockdown and crisis situations.

So far, the impact of the COVID-19 pandemic on the terrorist threat seems to have been limited. However, the protracted pandemic may increase member states’ vulnerabilities and the risks of radicalisation. The online presence of extremist groups is on the rise since the outbreak of the COVID-19 pandemic. Due to COVID-19, counter-terrorism authorities have had to increasingly rely on online capabilities, making their work more difficult.

In the medium to long term, the pandemic and its socio-economic consequences may prove to be a favourable breeding ground for extremist narratives. Some (violent) far-left, far-right and Islamist extremist groups have already incorporated COVID-19 into their narratives, and this might pose security challenges in the medium and long term. The conclusions, therefore:

– Call on member states to continuously contribute to the assessment of the online dimension of the terrorist threat by providing information to the relevant EU bodies. INTCEN (EU Intelligence and Situation Centre) and Europol should continue to deepen their assessment of the impact of the pandemic on terrorist operations.

– Invite member states to swiftly give effect to the regulation on terrorist content online, and the Commission and EU internet referral unit to provide support with their technical and operational expertise.

– Underline the influence of algorithms and their role in fostering radicalisation as another key point that deserves attention.

– Note the need to pay increased attention to emerging security risks, as well as opportunities, stemming from new technologies and underline the role of the EU innovation hub.

– Underline the utmost importance of continuing to develop secure VTC systems and channels for the exchange of classified information.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Europe seeks to limit the use of artificial intelligence in society

The use of facial recognition for surveillance, or algorithms that manipulate human behaviour, will be banned under proposed EU regulations on artificial intelligence.

The wide-ranging proposals, which were leaked ahead of their official publication, also promised tough new rules for what they deem high-risk AI. That includes algorithms used by the police and in recruitment.

Experts said the rules were vague and contained loopholes. The use of AI in the military is exempt, as are systems used by authorities in order to safeguard public security.

The suggested list of banned AI systems includes:

• Those designed or used in a manner that manipulates human behaviour, opinions or decisions, causing a person to behave, form an opinion or make a decision to their detriment.

• AI systems used for indiscriminate surveillance applied in a generalised manner.

• AI systems used for social scoring.

• Those that exploit information or predictions or a person or group of persons to target their vulnerabilities.

For AI deemed to be high risk, member states would have to apply far more oversight, including the need to appoint assessment bodies to test, certify and inspect these systems.

And any companies that develop prohibited services, or fail to supply correct information about them, could face fines of up to 4% of their global revenue.

High-risk examples of AI include:

• Systems which establish priority in the dispatching of emergency services

• Systems determining access to or assigning people to educational institutes

• Recruitment algorithms

• Those that evaluate creditworthiness

• Those for making individual risk assessments

Crime-predicting algorithms

As well as requiring that new AI systems have human oversight, the EC is also proposing that high-risk AI systems have a so-called switch, which could either be a stop button or some other procedure to instantly turn the system off if needed.

With this legislation, the EC has had to walk a difficult line between ensuring AI is used as what it calls a ‘tool’ to increase human well-being, and also ensuring it doesn’t stop EU countries competing with the US and China over technological innovations.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Facial recognition tools and their usage in Spain

Dozens of academics, professionals and activists from various fields have called on the Spanish Government to ban the use of facial recognition tools in Spain until there is a law to regulate them. The request comes at a time when the technology is already being used in both public and private settings.

The petition’s signatories are calling for a moratorium on the use and marketing of facial recognition and analysis systems by public and private companies. They want the European legislative institutions to discuss which tools can be used, in what way, under what conditions, with which guarantees and for what purposes the use of such systems should be permitted.

The petitioners argue that the Government must consider regulating the technology before its usage continues to expand and become more prevalent. In short, if facial recognition does not fall under any current specific law to safeguard citizens’ rights, they fear it is the law that must adapt to existing practices.

The signatories refer to the fact that the technology represents an intrusion into people’s private lives without their explicit consent, calling into question fundamental issues linked to social justice, human dignity, equity, equal treatment and inclusion.

The use of facial analysis programmes can lead to civil rights issues. Specifically, they say that assimilating a person to a group based on their biometric traits or data is highly problematic because it perpetuates stereotypes, regardless of the field in which it is used. For example, assuming that a person may be dangerous or likely to default because others like her are is an unfair premise.

There is ample evidence to suggest that associating postures, gestures, facial features, skin colours, hairstyles, or clothing with possible problematic behaviours or intellectual and financial capabilities may result in racist, classist, or sexist classifications.

Furthermore, facial recognition has led to false positives and false negatives on many occasions because it predominantly relies on how the artificial intelligence is trained and with what type of images. If it is trained with lots of photographs of white men or with specific light conditions, to name two examples, the facial analysis will tend to be less accurate for black people or in different light conditions.

There are, therefore, multiple reasons – both technical and ethical – for creating a commission to investigate the need for a moratorium, which is considered essential and urgent. To conclude, it has also been suggested that this commission should be an independent body composed of scientists, jurists, experts in ethics and artificial intelligence and members of civil society, particularly from those groups most likely be affected by these systems.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Organised crime groups fuel a rise in violent crime in the EU

A new report by Europol warns that organised crime groups are increasingly employing violence in pursuit of their criminal objectives, and such violence represents a threat to public security in the EU.

Based on an analysis of contributions made by Member States to Europol in recent years, there has been a rise in the number of violent incidents associated with organised crime. Furthermore, the analysis points to an increasing willingness from criminal groups to resort to lethal violence.

In this report, Europol highlights the factors underpinning this trend and the challenges it poses to law enforcement and develops a set of recommendations.

The involvement in criminal gangs of younger and inexperienced hit men and the accessibility of firearms and explosives, together with violent incidents often perpetrated in crowded public places and broad daylight are considerable threats to public security.

Criminal groups are exploiting large EU ports as transit points, and the streets of the surrounding cities are particularly vulnerable to violence. International organised crime groups have established footholds in and around these ports, where the corruption and intimidation of workers critical to the unloading and storage of illicit commodities, and the competition for distribution are taking place.

The rise in violence in illicit markets can be linked to growing competition among criminal networks. Most drug-related fatal and serious incidences of violence have been reported in the cocaine and cannabis markets, which have recently attracted new players.

The report also points to an increased use of serious violence by organised crime groups to carry out their criminal activities. These violent crimes do not exclusively affect criminals; they target non-criminals including victims of human trafficking, violent robberies, law enforcement officers, lawyers, witnesses and informants, investigative journalists, or uncooperative dock workers.

On the basis of its analysis, Europol has drawn up a set of recommendations to support law enforcement authorities in countering organised crime:

• Proactively anticipate trends and shifts in criminal markets and network structures.

• Adopt a comprehensive step-by-step approach that includes detection and deterrence (including attacking criminal finances at an earlier stage).

• Focus on the processes and resources by which crimes are committed in order to identify points for intervention.

• Continue to promote cooperation at regional and international levels.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Nayib Bukele regards the 1992 Peace Accords in El Salvador as a farce

The President of El Salvador, Nayib Bukele, cancelled the commemoration of the Chapultepec Peace Accords successfully led by the UN in 1992, which put an end to a 12-year civil war that left more than 75,000 dead in the Central American country.

Human rights organisations, victims of the war, opposition groups, intellectuals and ex-guerrillas have taken a stand against the Salvadoran president’s recent remarks about the Peace Accords signed 29 years ago.

Outrage erupted in El Salvador on the 16th of January this year when, for the second year in a row, the president refused to commemorate the signing of the Peace Accords. Moreover, he declared the Peace Accords a farce, a work of the elites and a pact between the corrupt. For Bukele, the signing of the peace agreements did not represent any improvement for the population in their most basic rights but rather translated to a new a phase of increased corruption, social exclusion and fraudulent enrichment of the signatory sectors – referring to members of the government at the time and the Farabundo Marty National Liberation Front (FMLN).

Following his statement, a group of social organisations and victims of the armed confrontation called on Bukele to respect the accords and maintain the government’s commitment to human rights, while a hundred Salvadoran and foreign academics published a letter rejecting the president’s statements and demanding respect for the truth and historical memory.

Bukele had already created a political storm in El Salvador by preventing the unblocking of military files related to the El Mozote Massacre in direct contravention of a court order to inspect the files as part of the judicial process intended to shed light on the massacre that took place there.

Former guerilla members of the People’s Revolutionary Army (ERP), one of the groups close to the FMLN, have also criticised Bukele. Very few families in this country escaped without being injured, directly involved or in some way touched by the drawn-out confrontation. By making these denialist statements, the president is again creating division in the country, when the Peace Accords are the achievement of the entire Salvadoran society, not just the political parties.

But Bukele’s attempts to erase others have worked for his political career in the past, and he has stated he intends to win at the legislative and municipal elections in February. That is his goal, as it was the goal of all the politicians that preceded him. Politicians who no longer applaud him but are a burden to him, and his strategy is to erase them at the ballot box and from the memory of all Salvadorans.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Council calls for strengthening resilience and countering hybrid threats

The Council has adopted a series of conclusions which call for further enhanced responses at EU level to counter hybrid threats, including disinformation, and strengthening resilience. The Council notes that new technologies and crises, such as the ongoing COVID-19 pandemic, offer opportunities for hostile actors to expand their interference activities. These pose an additional challenge for the member states and the EU institutions, beyond the crisis itself.

The Council acknowledges that the COVID-19 pandemic makes the EU and its member states more vulnerable to hybrid threats. Such threats include the increased spread of disinformation and manipulative interference. Addressing these threats, particularly malicious cyber activities, disinformation and threats to economic security, requires a comprehensive approach involving effective cooperation and coordination.

In this context, the Council acknowledges that the EU approach to addressing disinformation is multidisciplinary and involves multiple stakeholders. The Council invites the Commission and the High Representative to further enhance responses at EU level, taking into account the economic and societal damage, as well as the possible damage to public health, caused by disinformation and the malign use of newly emerging technologies, including artificial intelligence.

The Council also urges continued efforts to strengthen the Task Forces and develop the Rapid Alert System with a view to developing a comprehensive platform for member states and EU institutions.

It also invites the Commission to develop and eventually implement additional transparency requirements for online platforms. The aim of such requirements would be to promote a digital public sphere, develop greater accountability and enhance transparency in addressing disinformation.

The Council notes that diplomatic engagement and measures are an effective European tool. This is in addition to enhancing resilience, which remains one of the most important tasks and is at the heart of European efforts to counter hybrid threats.

Lastly, the Council invites the Commission and the High Representative to play an active role in addressing pan-European vulnerabilities. This should include ensuring the security and resilience of supply chains to guarantee economic security, and proposing initiatives designed to strengthen resilience and improve responses as appropriate with due consideration of emerging technologies.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Artificial intelligence threats

According to a new report from Europol published in November, criminals leverage artificial intelligence for malicious use. The document draws attention to the potential benefits of the technology, such as greater efficiency, automation and autonomy, but also warns of the growing risks that come with it. Cybercriminals have always been early adopters of the latest technology, and AI is no different.

The jointly developed new report from Europol, the United Nations Interregional Crime and Justice Research Institute (UNICRI) and Trend Micro, looks into current and predicted criminal uses of artificial intelligence (AI). The document provides law enforcers, policymakers and other organisations with information on existing and potential attacks leveraging AI and recommendations on how to mitigate these risks.

The report concludes that cybercriminals will leverage AI as an attack surface. Deepfakes are currently the best-known use of AI as an attack vector. However, the report warns that new screening technology will be needed in the future to mitigate the risk of disinformation campaigns and extortion, as well as threats that target AI data sets.

For example, AI could be used to support:

• Convincing social engineering attacks at scale.

• Document-scraping malware to make attacks more efficient.

• Evasion of image recognition and voice biometrics.

• Ransomware attacks, through intelligent targeting and evasion.

• Data pollution, by identifying blind spots in detection rules.

The paper also warns that AI systems are being developed to enhance the effectiveness of malware and to disrupt anti-malware and facial recognition systems.

To conclude the report, the three organisations make several recommendations:

• Harness the potential of AI technology as a crime-fighting tool to protect the cybersecurity industry and facilitate its policing.

• Continue research to stimulate the development of defensive technology.

• Promote and develop secure AI design frameworks.

• Leverage public-private partnerships and establish multidisciplinary expert groups.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The effects of the coronavirus on organised crime in Latin America

354.- imagesThe coronavirus pandemic has forced criminal organisations in Latin America to make various internal changes. These adjustments stem from a desire to maintain their illicit operations despite the inconveniences: the trafficking of drugs and contraband, extortion and controlling the passage of migrants across borders. Their activities have been complicated by increased police checks and a lack of human activity.

As a result, organised crime gangs are having to move into previously unexplored territories, such as cybercrime or stealing medical supplies, for example. Some of the diverse dynamics being adopted by organised crime groups in Latin America are outlined below:

More social capital for criminals. Gangs such as MS13 and Barrio18 in El Salvador or the Jalisco cartel in Mexico, have created a situation whereby the criminals have supplanted the role of the State. The lockdown has afforded them a chance to consolidate control, win-over citizens and cultivate support.

The emergence of a new black market for medical equipment and medicines. Several countries on the continent already suffered from an active black market in medicines, and the pandemic has brought about an increase in thefts of medical supplies such as masks, hand sanitisers and even coronavirus detection kits.

The pandemic has exposed a severe lack of supply chain control in the medical field, which allows for products to be easily stolen.

More corruption. Healthcare systems have long been a target for corruption. Corrupt civil servants are taking advantage of the pandemic and using it as an opportunity to line their pockets.

More cybercrime. Criminals and hackers are taking advantage of increased online activity from citizens, businesses and government bodies. Brazil, Mexico and Colombia are the top three countries in Latin America for malware attacks.

In addition, organised crime groups are increasingly laundering money through cryptocurrency.

Less human trafficking. The tightening of border controls in response to the pandemic’s arrival in Latin America has forced organised crime gangs to scale back their activity in this field. Furthermore, the prices charged by the people smugglers, known as “coyotes”, have increased as crossing the various borders has become more difficult. They’re unlikely to lower these charges in the short-term.

Less illicit drugs, higher Prices. Drugs gangs have had to contend with transportation restrictions and increased patrols to enforce quarantines. As many borders have been closed, and police are monitoring vehicles, traffickers are finding it harder to move their product.

The impact has even been felt in US cities, where drug prices have spiked.

Inicio

_____

Aquest apunt en català / Esta entrada en español / Post en français

COVID-19 causes a surge in firearms sales in the USA

353.- baixaThe arrival of the coronavirus pandemic in the United Stated prompted increased sales of all types of arms, even leading to queues outside some shops.[1] Many of the buyers say they need to feel safe during the lockdown, which is forcing them to stay at home, sometimes alone. The demand for weapons has been largely non-specific. Customers want almost any type of weapon they can use to defend themselves; this in itself is unusual because, typically, people who buy arms have a specific kind of weapon in mind.

The first days of the pandemic in the US quickly led to cases of deaths by firearm involving suicides or issues related to the social distancing rules implemented to curb the coronavirus. In Detroit, for example, armed demonstrators protested against the stay-at-home order and the closure of gun shops.[2]

Faced with the need to decide which businesses could remain open, the vast majority of governors opted to categorise gun shops as suppliers of essential products, basic necessities, and as such, have been allowed to continue trading as usual.[3] Only five states categorised gun shops as non-essential businesses, forcing them to close as a result: New York, New Mexico, Washington, Massachusetts and Michigan. To comply with social distancing rules, federally-licensed vendors can even sell guns on the street or to customers in their cars. It is worth noting that in Virginia, while not forcing gun stores to close due to lockdown, they have recently passed a law limiting the sale and possession of firearms.[4]

The National Rifle Association, which has been in dire financial straits for some time due to costly internal battles, among other things, and laid off staff immediately before the pandemic arrived is actively fighting the governors who have forced gun shops to close. It has even gone as far as to sue, as a minimum, the governors of New Mexico and Massachusetts.

Research on the subject is unequivocal:

  • People are more likely to sustain injuries after threatening the attackers with a gun than if they call the police or run away.
  • Having a firearm in the home increases the chance that members of that household will be injured or killed.
  • Only one in every 40 firearm homicides are a legitimate act of self-defence.
  • The more firearms in circulation, the more accidental shootings and homicides.

As a result, it seems evident that the increased number of weapons in homes during the lockdown increases the chance of domestic conflicts becoming life-threatening situations. As journalist Melinda Wenner Moyer concludes in a recently published article: “The more guns we have, and the closer we keep them to us, the more danger we will be in during this pandemic”.[5] By contrast, in a country where public opinion considers the possession of a weapon a fundamental right, guaranteed by the second amendment of the Constitution, only a few governors have dared to face the uproar that can be caused by the closure of gun shops.

[1] https://www.thetrace.org/2020/04/the-coronavirus-has-gun-sales-soaring-his-fear-is-selling-to-the-wrong-person/

[2] https://www.thetrace.org/rounds/daily-bulletin-armed-protesters-stay-at-home-order-michigan/

[3] https://www.thetrace.org/2020/03/coronavirus-gun-store-closures-state-map/

[4] https://www.thetrace.org/2020/01/virginia-lawmakers-advance-historic-gun-reform-package-heres-what-it-means/

[5] https://www.thetrace.org/2020/04/gun-safety-research-coronavirus-gun-sales/

_____

Aquest apunt en català / Esta entrada en español / Post en français

New ransomware attacks target NAS storage devices

RANSOMWARE AL NASRansomware attacks targeting network-attached storage devices (NAS) have exponentially increased in recent months.

NAS systems, available for business purposes and home setup, are devices connected to a network to provide centralised storage capacity and backup data.

The number of ransomware strains targeting NAS and backup storage devices is growing, with users as yet still unprepared for the threat.

Ransomware has many different guises. The malware variant is popular with cybercriminals who use it to attack businesses, critical services – including hospitals and utilities – and individuals.

Once deployed on a system, the malware will usually encrypt files or full drives, issue its victim with a ransom note, and demand payment in return for a way to decrypt and restore access to the locked content.

There’s no guarantee that paying will result in decryption, but many will do so rather than lose their files; and when critical systems such as those at government bodies or healthcare providers are locked, there’s additional pressure to return to normal operations as quickly as possible.

The average consumer will often come across ransomware deployed through phishing campaigns and fraudulent messages or bundled within illegitimate or compromised software. However, researchers say that network-attached storage devices (NAS) are now also under direct threat from malware operators.

The devices may be accessed directly through a network or may have a web interface. The problem is that user authentication can sometimes be bypassed due to integrated software in NAS systems that have vulnerabilities.

To begin an attack chain, operators will first scan a range of IP addresses to locate internet-accessible NAS devices. Next, they will attempt to exploit its vulnerabilities and, if successful, deploy Trojans and begin encrypting the data of all the devices connected to the NAS unit.

Researchers cite WannaCry as the most popular type of ransomware used by cybercriminals, followed by Phny and Gandcrypt.

https://www.ooda.com/

_____

Aquest apunt en català / Esta entrada en español / Post en français