Cyber Week in Review: February 12, 2021

Hacktivists Deface Sri Lankan Web Domains, Highlight Social Issues

On Saturday, an unnamed group of hacktivists compromised the domain space of multiple Sri Lankan websites, redirecting users to a webpage highlighting important social issues impacting the country. The affected websites were primarily those of local businesses and small news organizations, but more prominent domains like Google.lk and Oracle.lk were also compromised, ZDNet reports. The defaced webpages included messages underscoring government corruption, religious rights issues, racism, underpayment of tea workers, disappearance of journalists, militarization, and other political issues plaguing the country. In a statement on Saturday, the LK Domain Registry, which administers Sri Lanka’s national “.lk” domain space, confirmed the attack and announced the issue was resolved around 8:30 AM local time. The defacement took place two days after Sri Lanka’s National Independence Day, likely explaining the rhetorical “Really Freedom?” message headlining the since-restored webpages.

Hacker Attempts to Poison Water Supply in Florida City

An unidentified hacker remotely accessed a computer of a water treatment facility in Oldsmar, Florida and tried to increase the amount of sodium hydroxide in the town’s water supply to deadly levels, city officials say. The cyberattack, which took place last Friday, was quickly spotted by a facility operator who immediately reversed the changes. City officials reassured the public that Oldsmar’s water supply was unaffected thanks to infrastructural safeguards and protocols that prevent contaminated water from reaching the city’s population. No arrests have been made, according to Pinellas County Sheriff Bob Gualtieri, but his office, the FBI, and Secret Service are investigating the breach. “We don’t know where the hole is or how sophisticated these people are,” Gualtieri said in a statement. “Did this come from down the street or outside the country? No idea.” In a tweet, Florida Senator Marco Rubio stated that the attempted poisoning “should be treated as a matter of national security.” Following the attack, the treatment center uninstalled TeamViewer, the remote-access software compromised by the hacker, and alerted government organizations in the surrounding areas to review their own facility systems. 

Clubhouse Blocked in China

Clubhouse, an invitation-only social media platform that allows users to host and attend audio discussions, was blocked in China on Monday. The app, which saw a spike in popularity among Chinese users before the ban, was initially removed from Chinese app stores in October following its global launch in September. However, users who had the app pre-downloaded on their phone or changed their location settings were able to maintain access up until Monday. Given China’s strict internet regulations, many Clubhouse users were aware the discussion-based app wouldn’t last long. According to TechCrunch, political chatrooms, such as ones discussing the 1989 Tiananmen Square protests, reached upwards of five thousand participants on the day the app was blocked. Other prominent chatrooms discussed the app’s longevity and legality in China, as well as Taiwanese independence and Uighur detention camps. In a statement, a U.S. State Department spokeswoman criticized the ban, stating that “internet freedom is an important right and is key to ensuring an informed citizenry can share their ideas freely amongst themselves with their leaders.”

Forced Sale of TikTok to Oracle and Walmart Put on Hold

Plans to force the sale of TikTok’s U.S. operations to Oracle and Walmart have been placed on hold indefinitely. In a court filing on Wednesday, the Biden administration asked to delay the U.S. government’s appeal of a federal district court judge’s injunction against the Trump administration’s ban of the app. Later that day, White House Press Secretary Jen Psaki stated that President Biden’s team is “comprehensively evaluating the risks to U.S. data including from TikTok and will address them in a decisive and effective fashion.” Psaki did not, however, give a concrete timeline for such an inquiry, following up her statement by saying “if we have news to announce we will announce it.” President Trump’s aggressive legal battle against TikTok has seen little success in federal courts, and the company’s U.S. operations have continued unabated. Amid the legal drama, ByteDance, TikTok’s parent company, has continued to negotiate with the U.S. Committee on Foreign Investment to find potential pathways to ameliorate its national security concerns about the company.

Federal Election Agency Updates Voting Security Guidelines

On Wednesday, the Election Assistance Commission (EAC) voted to approve new guidelines that would improve voting security, privacy, and election equipment protocols nationwide. The new guidelines, which mark the first major overhaul of voting technology standards in over fifteen years, come after six years of deliberation among the EAC, technology experts, election officials, and members of the public. EAC Chairman Benjamin Hovland touted the new guidelines as much needed improvements, stating that they “include provisions to ensure that we have more efficient post-election audits,” among other reinforcements to election integrity. Others, however, have been more critical of the changes. In a tweet, the House Homeland Security Committee criticized the new guidelines for lacking stronger language condemning wireless connectivity in election equipment, arguing that it would “increase the vulnerabilities of the voting system and diminish voter confidence in the security of our elections.” The National Association of State Election Directors found issue with the lack of transparency regarding the unanimous vote by the EAC. While the new protocols are not mandatory for states to adopt, most states do refer to the EAC and their election guidelines as they work to ensure election security.