A group of activist-hackers in Belarus has infiltrated almost every part of the the country's authoritarian government in a bid to overthrow the Lukashenko regime, according to MIT's Technology Review and Bloomberg. The hackers, known as Belarus Cyber Partisans, have been leaking information they found on sensitive police and government networks. They first started defacing government websites as an act of protest in September 2020 following the country's disputed election, in which Alexander Lukashenko's win was widely considered as fraudulent. But they also publish the information they get on Telegram, where they have 77,000 subscribers.

The group told the publications that it's made up of 15 IT and cybersecurity experts working in the country's tech sector. None of them are "professional hackers," a spokesperson told Tech Review, with only four out of 15 doing the actual "ethical hacking." 

The Partisans' most recent attacks gave them access to drone footage from the government's crackdowns on protests last year and the Ministry of Interior Affairs' mobile phone surveillance database. They also apparently got access to emergency services' audio recordings, as well as video feeds from road speed and isolation cell surveillance cameras. The data the group released over the past weeks include lists of alleged police informants, personal information about top government officials and spies, police drone and detention center footage and secret recordings captured by the government's wiretapping system.

If the Cyber Partisans have been effective in their efforts to infiltrate the government's networks, it's thanks to the help they get from another group called BYPOL. They reportedly reached out to BYPOL in December 2020 for guidance — after all, the group is made up of former Lukashenko officials who defected from the government and current ones working to topple the regime from the inside. 

BYPOL provides them information on how to infiltrate government organizations and on the structure of the administration's databases. In return, the Cyber Partisans provide the group with information it can use to investigate the regime's crimes. BYPOL publishes information on its own Telegram channel and creates documentaries, one of which was cited at a congressional hearing that led to the US imposing sanctions against the Lukashenko regime.

The Cyber Partisan spokesperson told Tech Review that they're using cyberattacks to "paralyze as much as possible of the regime's security forces, to sabotage the regime's weak points in the infrastructure and to provide protection for protesters." Their ultimate goal is "to stop the violence and repression from the terroristic regime in Belarus and to bring the country back to democratic principles and rule of law."

Since the January 6th attack on the US Capitol, a "Select Committee" has been formed in the House of Representatives to investigate the circumstances that led to a mob breaching the country's seat of government. Part of that wide-ranging investigation will apparently involve a close look at the biggest social media companies in the world. The committee today announced that it was requesting records relating to the attack from 15 companies, who were asked to respond in the next two weeks.

It's a who's who of the biggest players on the internet, including Google, YouTube, Twitter, Facebook, Reddit, Snap, Twitch, Telegram and TikTok. On the list are a number of smaller, pro-Trump sites that have sprung up in recent years, including Gab and Parler, as well as known cesspools 4chan and 8kun (formerly 8chan). 

Specifically, the Select Committee wants records relating to the spread of misinformation, efforts to overthrow the results of the 2020 election, efforts to prevent certification of the election, foreign influence attempt in the election, and domestic violent extremism. Additionally, the Committee is also looking for materials from these companies relating to any policy changes that were considered or adopted to address misinformation, violent extremism and foreign malicious influence. 

Notably, the Committee wants to hear both about policy changes that were put into place as well as things that the companies "failed to adopt." One example of a change that came about in response to the attack happened recently at Facebook, where the company adopted a recommendation from its Oversight Board. The company walked back its policy that allowed politicians to circumvent some of its rules under the guise of “newsworthiness,” though politicians still do get special treatment around other rules, like fact-checking.

It's been clear since the Select Committee came together that it was going to take the time to gather a huge amount of information to properly investigate the events of January 6th, and that extends to its requests to these companies. Now, the ball is in their respective courts.

Facebook is considering forming a commission to advise on thorny issues related to global elections, according to a report Wednesday from The New York Times. The company has begun to approach academics and policy experts, who The Times says could potentially weigh in on issues ranging from political ads to election misinformation. What's more, it is not just US elections where a commission could find itself weighing complicated election issues; the commission would also likely have a mandate to weigh in on closely watched elections in Hungary, Germany, Brazil and the Philippines.

Engadget has asked Facebook for comment.

On its face, the commission sounds a lot like Facebook's Oversight Board, an independent panel of journalists, academics and activists often described as a "Supreme Court" that's tasked with reviewing Facebook's policies. The Oversight Board is perhaps best known for upholding Facebook's decision to ban Donald Trump, though since its formation last year it has also agreed to weigh in on doxing; hate speech; how politicians at large should be treated; content moderation in coup-torn Myanmar; moderation by algorithms; and the appropriate treatment of satire content.

But though the makeup of the election commission sounds like the Oversight Board — and could similarly let Facebook side-step ownership of controversial decisions — there could be an important difference, according to The Times. Whereas the Oversight Board weighs in on decisions that Facebook has already made (much like the Supreme Court considers contested court rulings), the election commission would have the latitude to proactively offer advice, even on matters where Facebook had not yet taken a public stance.

If Facebook goes ahead with outsourcing election-related decisions to an advisory committee, it would be a departure from its previous attempts to counter election misinformation, which have been largely reactive, and almost always imperfect. Even after a temporary ban on political ads ahead of the 2020 US election, some ads were still showing as active in Facebook's ad library. Facebook last year also endeavored to label ads from politically connected publications, and earlier this year moved to show users less political content altogether.

Though Facebook reportedly hopes to launch the commission ahead of the 2022 midterm elections, The Times also describes the outreach as preliminary, with no guarantee that Facebook will move forward on this.

The US has suffered a flurry of major cyberattacks targeting everyone from federal prosecutors through to meat suppliers, and the White House hopes some discussions with key companies will produce some long-term security solutions. The Washington Postreports that President Biden, certain cabinet members and relevant security officials are holding talks on August 25th with tech giants ADP, Amazon, Apple, Google, IBM and Microsoft to see how they can help bolster cybersecurity.

While the spate of ransomware attacks will be on the agenda, a senior Biden administration official said the White House wanted to tackle the "root causes" of cybersecurity issues. This included addressing a wide range of vulnerabilities, instituting "good operational practices" and hiring more security workers.

The conversations will also involve financial and insurance giants (including JPMorgan Chase, Bank of America and Travelers) as well as educational organizations like Code.org and Girls Who Code. While the Biden meeting is at the center of the discussions, the chats with cabinet members and officials are billed as "informal" sessions that will help establish definitive solutions.

The White House said the meetups were a recognition that the US needed a "whole-of-nation" cybersecurity strategy involving both the government and private sector. It also promised this wouldn't be the "last engagement" with companies on security issues. This comes soon after Biden took multiple steps in a bid to improve digital security for vital infrastructure, such as issuing an executive order meant to bolster federal security standards and coordination.

The question, as always, is whether or not the discussions will lead to meaningful action. The meeting with tech firms might help with top-down decision-making, but that won't matter much unless the other talks also lead to tangible strategy changes. This could be little more than a public relations exercise if the companies don't (or can't) commit to specific cybersecurity improvements.

The FCC has proposed the largest fine yet under the Telephone Consumer Protection Act, and the subjects are two robocallers Law & Crime describes as "hard-right hoaxers." John M. Burkman and Jacob Alexander Wohl are facing a $5,134,500 fine for allegedly making 1,141 unlawful pre-recorded calls to mobile phones without the recipients' prior consent. The calls' content? Fake information designed to discourage people from voting by mail. 

According to the commission's Enforcement Bureau, the calls were made on August 26th and September 14th, 2020, prior to last year's Presidential elections in the US. The robocalls told potential voters that if they vote by mail, their personal information will be added to a public database law enforcement can use to track down old warrants. Credit card companies will also be able to access the database to collect outstanding debts, the calls said, and the CDC can issue mandatory vaccines on the people in the list. Law & Crime says the calls primarily targeted Black and Latino populations in New York, Ohio and Michigan.

The FCC started investigating the calls after receiving complaints from consumers and a non-profit organization. Its Enforcement Bureau then worked with the Ohio Attorney General's Office to identify the dialing service providers Burkman and Wojl used. The providers turned over subpoenaed call records to identify Burkman and Wohl by name, along with information on the zip codes they wanted to target. Both individuals also admitted under oath that they were involved in the creation and distribution of those particular robocalls.

In addition to facing a $5 million fine from the FCC, the pair also face a $2.75 million lawsuit from the New York Attorney General's office. Back in May, a federal judge gave the NY AG the go-ahead to join a lawsuit accusing the pair of violating the Ku Klux Klan Act, which protects Americans from political intimidation. As for the FCC fine, Burkman and Wohl will be given an opportunity to submit evidence and legal arguments before the commission takes any more step towards a resolution.

A California judge has ruled that Proposition 22, the measure that allows companies like Uber and Lyft to keep classifying app-based drivers in the state as independent contractors, is unenforceable and unconstitutional. According to the San Francisco Chronicle, Alameda County Superior Court judge Frank Roesch found that Prop 22 illegally "limits the power of a future legislature to define app-based drivers as workers subject to workers' compensation law."

Proposition 22 passed by a wide margin in the state when most people voted in favor of it in last year's November elections. Companies were legally obligated to classify gig workers as full-time employees under Assembly Bill 5 A (AB5), which was passed in 2019, but some (like the aforementioned ride-sharing firms) continued to treat them as contractors. Uber, Lyft, Instacart and DoorDash poured over $220 million into campaigning for Prop 22 in order to overturn AB5, and the move clearly worked. 

The measure requires gig companies to provide their contractors with healthcare subsidies and a wage floor, but it also exempts them from having to classify their workers as employees with appropriate benefits and protections. While those in favor of the proposition argue that it would allow workers to keep their independence while enjoying benefits they didn't have before, not everyone's happy with the development. A group that includes the Service Employees International Union and the SEIU California State Council sued California earlier this year to overturn the proposition. 

In his ruling, Roesch specifically singled out Section 7451 of the measure, which states that any future law related to collective bargaining for app drivers must comply with the rest of the proposition. "It appears only to protect the economic interest of the network companies in having a divided, ununionized workforce, which is not a stated goal of the legislation," he wrote in his decision. He also found it unconstitutional that any amendment to the measure requires a seven-eighths vote of approval to pass in the state Legislature.

If the ruling stands, gig companies like Uber and Lyft may have to spend hundreds of millions paying for healthcare and other additional benefits for their drivers. At the moment, though, Prop 22 is still in effect, and gig companies are already planning to appeal. An Uber spokesperson told The Chronicle:

"This ruling ignores the will of the overwhelming majority of California voters and defies both logic and the law. We will appeal and we expect to win. Meanwhile, Prop. 22 remains in effect, including all of the protections and benefits it provides independent workers across the state."

The US crackdown on flavored e-cigarettes might soon reach the federal government. A New York-led coalition of 31 states and territories is pressuring the Food and Drug Administration to regulate flavored e-cigarettes. The group wants to not only ban e-cigs with "youth-appealing" flavors like candy, mint and menthol, but to limit nicotine levels and restrict marketing efforts aimed at kids.

The coalition is hoping to thwart what it calls a "youth nicotine epidemic." About 19.6 percent of high school students from 2020 said they'd used e-cigarettes at least once in the past 30 days, according to a study published in the National Library of Medicine. The alliance also pointed to the effects of nicotine on kids' brains, including higher chances of addiction as well as mental health issues and poisoning.

The pressure campaign follows high-profile action against e-cigarettes at the state level, particularly in New York. The state not only banned flavored cigarettes in late 2019, but sued Juul (owned by tobacco giant Altria) for "deceptive and misleading" marketing that contributed to a youth vaping crisis. We've asked Juul for comment on this latest action.

There's a chance the states could get more than they were hoping for when the FDA will decide whether or not to ban e-cigs and oral nicotine starting on September 9th. Even if this doesn't lead to an extensive ban, though, the coalition's sought-after measures could significantly limit the reach of e-cig technology across the US.

While Facebook and Twitter are already struggling to handle vaccine misinformation and extremism, there's an increased focus on how social networks are handling Taliban-related content, following America's sudden withdrawal from Afghanistan. The militant group has swiftly overtaken Afghanistan's civilian government, taking control of the capital Kabul in only a few days, far sooner than intelligence analysts expected. Just like every modern organization, the Taliban relies heavily on social media to spread its messaging and communicate with followers, which puts the onus on technology companies to secure their platforms. 

“The Taliban is sanctioned as a terrorist organization under US law and we have banned them from our services under our Dangerous Organization policies," a Facebook spokesperson said in a statement. "This means we remove accounts maintained by or on behalf of the Taliban and prohibit praise, support, and representation of them." They went on to note that the company will be following the situation closely with the help of native Dari and Pashto speakers, who serve as local experts. Facebook isn't making any additions to its existing policies, which cover its core app, Instagram and WhatsApp, but it's clear that it's making the Taliban's uprising a priority.

Still, that statement doesn't mean much if Facebook can't actually see what's happening on its platforms. Vice reports that the Taliban has been spreading its message on WhatsApp, which uses end-to-end encryption to secure conversations. The company could technically ban specific accounts, but it won't be able to easily search and remove content like it can on Facebook proper and Instagram.

Twitter, meanwhile, wouldn't say if it would ban notable Taliban accounts like spokesperson Suhail Shaheen's. CNN reported yesterday that he had 347,000 followers on the platform, but now he's amassed over 361,000, a clear sign of growing influence. Twitter noted that people were using its service to seek help in Afghanistan, and that it would continue to enforce its existing rules around things like the glorification of violence and hateful conduct. The company also introduced the ability to report misleading tweets yesterday.

While Twitter is shying away from any definitive stances against the Taliban, a spokesperson noted: "Our enforcement approach is agile and we will remain transparent about our work as it continues to evolve to address these increasingly complex issues." Basically, the rules could change at any moment.

Moving forward, it's unclear how social media companies will recognize the Taliban as it takes control of Afghanistan. As the Washington Post reports, it's up to social media firms to determine who maintains official state accounts like the Afghanistan President's Twitter, which now has over 926,000 followers.

The FBI received a tip off about suspicious activity ahead of the Capitol Riot on January 6th from a surprising source. Elliot Carter, a recreational mapmaker, contacted law enforcement after his site about Washington, D.C.'s underground infrastructure witnessed a spike in activity from suspicious websites. His warning eventually made it to the highest ranks of the Capitol Police, according to a new investigation by News4 I.

Normally a mecca for local history buffs, the Washington Tunnels website Carter oversees was flooded with nationwide visitors in the days before the insurrection. A deeper review of the traffic analytics revealed that many of the clicks were coming from hyperlinks shared on anonymous message boards, sites and forums named after militias or firearms, or using Donald Trump’s name. Though the initial interest originated from the deepest and darkest recesses of the web, it eventually transitioned onto popular social media sites, including Twitter.

The Washington Tunnels website itself was a labor of love. Back in 2018, Carter set to work building his online resource of the District's subway and freight rail tunnels, pedestrian passageways, underground steam tunnels and sewage and water pipelines. But, even then he was rebuffed by some government agencies concerned by the security and terrorism risks that could arise from publishing such information online.

Carter's "online tip" to the FBI was mentioned in the US Senate Rules and Homeland Security committees' June 2021 review of the US Capitol insurrection. In a statement to News 4 I, the US Capitol Police said its leadership had been alerted "to the spike in website traffic regarding maps" ahead of the insurrection. But, added that its wider intelligence gathering "didn't reveal [that the expected] large-scale demonstration would become a large-scale attack on the Capitol Building."

The FBI’s Terrorist Screening Center (TSC) may have exposed the records of nearly 2 million individuals and left them accessible online for three weeks. Security researcher Bob Diachenko says he discovered a terrorist watchlist on July 19th that included information like the name, date of birth and passport number of those listed in the database. The cluster also included “no-fly” indicators.

According to Diachenko, the watchlist wasn’t password protected. Moreover, it was quickly indexed by search engines like Censys and ZoomEye before the Department of Homeland Security took the server offline on August 9th. It’s unclear who may have accessed the data.

“I immediately reported it to Department of Homeland Security officials, who acknowledged the incident and thanked me for my work,” Diachenko said in a LinkedIn post spotted by Bleeping Computer. “The DHS did not provide any further official comment, though.” We’ve reached out to the Department of Homeland Security.

Among the watchlists the TSC maintains is America’s no-fly list. Federal agencies like Transportation Security Administration (TSA) use the database to identify known or suspected terrorists attempting to enter the country. Suffice to say, the information included in the exposed watchlist was highly sensitive.

A recent bipartisan Senate report recently warned of glaring cybersecurity holes at several federal agencies, including the Department of Homeland Security. It said many of the bodies it audited had failed to implement even basic cybersecurity practices like multi-factor authentication and warned national security information was open to theft as a result.