Risky Bulletin: Signal Threatens to Leave Sweden Over Backdoor Request

Hosted by Claire Aird | Released on February 26, 2025

1. Signal's Stand Against Swedish Surveillance Bill

Timestamp: [00:04]

In the episode's opening, Claire Aird delves into a significant development concerning the secure messaging platform, Signal. Meredith Whittaker, President of the Signal Foundation, has issued a stern warning: "Signal will leave Sweden if the government passes the new surveillance bill" (00:10). The proposed legislation mandates that communication providers grant police and security services access to message content, effectively introducing a backdoor into the platform. Whittaker emphasized the global implications, stating, "Such a backdoor would undermine Signal's entire network and its users worldwide" (00:25). This isn't the first instance of Signal taking a stand against governmental overreach; in 2023, the app also threatened to exit Sweden should backdoors become a requirement under the nation's Online Safety Act.

2. EU Sanctions North Korean General Lee Chang Ho

Timestamp: [00:45]

Turning to international espionage, the European Union has imposed sanctions on General Lee Chang Ho, commander of North Korea's intelligence service. Claire highlights that Lee is implicated in orchestrating cyber attacks, including those linked to notorious groups like Lazarus and Kim Suki APTs (00:50). The sanctions are part of the EU's broader strategy to counteract North Korea's involvement in the Ukraine conflict, positioning Lee among several North Korean officials targeted for their roles in cyber warfare.

3. Australia's Ban on Kaspersky Products

Timestamp: [01:15]

Australia has taken decisive action against cybersecurity threats by banning the use of Kaspersky products on all government IT systems. Claire reports, "Government agencies must uninstall existing Kaspersky software by April" (01:20). This move aligns with similar bans previously enacted by the US and UK in 2017, and Canada in 2023, citing risks of foreign interference and potential vulnerabilities introduced by the software.

4. Google's Transition to QR Codes for Gmail Authentication

Timestamp: [01:45]

In a bid to enhance security, Google plans to replace SMS-based two-factor authentication for Gmail with QR code scanning. As Claire explains, "Users will be prompted to scan a QR code with their phone when logging in or creating a new Gmail account" (01:50). This shift aims to mitigate threats like SIM swapping and SMS traffic pumping schemes, with the new feature expected to roll out in the upcoming months.

5. Meta Alerts Italian Priest of Government Spyware Attack

Timestamp: [02:15]

Meta has raised alarms regarding targeted spyware attacks on Father Mattia Ferrari, an Italian priest serving on a migrant rescue ship. Claire notes, "Earlier this month, Ferrari was among 90 victims targeted with SpyW, developed by Israel-based Paragon Solutions" (02:20). The revelation came after Meta's WhatsApp team uncovered the surveillance attempt, leading Paragon Solutions to sever ties with the Italian government amidst heightened concerns over privacy and data security.

6. Orange Telecommunications Suffers Security Breach

Timestamp: [02:45]

Claire reports a significant security breach at Orange, a major French telecommunications company. Hackers have published internal documents, user records, and employee data on an underground forum, primarily originating from Orange's Romanian subsidiary (02:50). The breach was executed by individuals affiliated with the Hellcat ransomware group, following a failed extortion attempt.

7. Ransomware Attacks Target Namibian Telcos

Timestamp: [03:15]

In Namibia, telecommunications provider Paritas has fallen victim to a ransomware attack by the Akira ransomware gang, which exfiltrated over 84 gigabytes of data (03:20). This incident marks the second recent telco-related breach in the country, with Telecom Namibia previously targeted by the Hunters International Group in December.

8. US Department of Housing and Urban Development Screen Hack

Timestamp: [03:45]

A peculiar cyber incident occurred at the U.S. Department of Housing and Urban Development, where TV screens were hijacked to display an AI-generated video of President Donald Trump kissing Elon Musk's feet (03:50). Claire describes the event as an unrelated prank coinciding with the end of the department's Work from Home program, leaving employees bewildered and scrambling to disconnect the looping video.

9. Mississippi Ruling on Law Enforcement's Use of Cell Tower Logs

Timestamp: [04:15]

A landmark decision in Mississippi prohibits law enforcement agencies from utilizing cell tower logs—a technique known as tower dumping—to identify nearby phones during criminal investigations (04:20). Claire highlights that this ruling comes six months after the 5th Circuit Court of Appeals declared broad geofence warrant searches unconstitutional, reinforcing privacy protections against intrusive surveillance methods.

10. FTC Settles with Avast Antivirus Over Data Misuse

Timestamp: [04:45]

The Federal Trade Commission (FTC) has reached a settlement with Avast antivirus, resulting in refunds of up to $16.5 million to 3.7 million customers (04:50). Claire notes, "US users have until June 5th to claim the refund," following revelations that Avast unlawfully sold personal data, prompting the legal action.

11. Cyberattacks on Ukrainian Notary Offices

Timestamp: [05:15]

Ukraine is witnessing a surge in cyberattacks targeting notary offices, with malicious groups infiltrating government databases to alter information (05:20). Claire explains that CertUkraine attributes these attacks to financially motivated entities selling services that modify official records, exacerbating vulnerabilities within the nation's legal infrastructure.

12. Botnet Launches Password Spraying on Microsoft 365 Accounts

Timestamp: [05:45]

A formidable botnet comprising over 130,000 devices is actively conducting password spraying attacks on Microsoft 365 accounts, leveraging Microsoft's basic authentication to bypass multi-factor authentication prompts (05:50). The botnet, derived from Mirai malware, utilizes stolen credentials and is linked by Security Scorecard to China-affiliated threat actors.

13. Malware Gang Exploits Vulnerable Drivers for Privilege Escalation

Timestamp: [06:15]

Researchers at Check Point have identified a malware campaign where gangs exploit outdated drivers to gain system privileges and disable security measures (06:20). Ironically, the compromised driver originates from Rogue Killer, a tool intended to eradicate malware, with the majority of victims situated in Asia, particularly China.

14. Closure of Israeli Cybersecurity Firm Skybox Security

Timestamp: [06:45]

In a surprising turn, Skybox Security, an Israeli company specializing in continuous exposure management, has ceased operations and laid off all 300 employees (06:50). Claire shares that the company, founded in 2002 and having raised $280 million, sold its platform to another Israeli cybersecurity firm, Toughen, before shutting down.

This episode of Risky Bulletin provided a comprehensive overview of recent cybersecurity developments, highlighting the persistent tensions between privacy and governmental surveillance, the ongoing battle against sophisticated cyber threats, and significant shifts within the cybersecurity industry itself.

For more insights and updates, listeners are encouraged to tune into future episodes of Risky Bulletin.