FBI spends millions on social media tracking software.

The US Federal Bureau of Investigation (FBI) has signed a $27 million contract for five thousand licenses to use social media tracking software Babel X. The software, developed by US tech firm Babel Street, is intended to aid the FBI in searching social media sites for indicators of possible threats of national security, and the contract calls for translation abilities in at least seven foreign languages, geofencing sentiment analysis to help “determine likely attitudes of the targets, and even emoji searches, “predictive analytics,” and bot detection. Jack Poulson, head of research advocacy group Tech Inquiry, told the Washington Post the contract is the largest Babel Street contract he’s encountered. The FBI stated, “The FBI uses social media tools to search publicly available information pertinent to predicated investigations in order to identify and respond to threats of violence, acts of terrorism, and potential federal violations within the scope of the FBI’s mission.”

Civil liberties advocates and lawmakers on both sides of the aisle are concerned that such widespread social media tracking could be a threat to privacy. Greg Nojeim, a senior counsel and co-director at the Center for Democracy and Technology’s Security and Surveillance Project, says such sweeping searches could easily result in misinterpretation. “The risk of misinterpretation is high. So is the risk that an FBI agent who misinterpreted what you said on social media will come knocking on your door,” he stated. Representative Jim Jordan, the House Judiciary Committee’s top Republican, has asked the FBI for a briefing to address “real concerns based on the [FBI’s] history and based on the fact that we don’t know how they’re using it and who they’re going after.”

Paul Bischoff, privacy advocate with Comparitech, stated:

“I can foresee several issues with the FBI monitoring social media. First, it will surely have a chilling effect on free speech. People behave differently when they know they’re being watched, leading to self-censorship. Second, this is bulk surveillance, which means the vast majority of people whom the FBI is monitoring are not suspected of any crime. Third, sentiment analysis is about as reliable as astrology. The odds of misinterpretation are very high. Fourth, it sets a dangerous precedent. Dictators in autocratic countries could contract with Babel X or a similar company to spy on dissidents, activists, journalists, and others who speak out. Last, it’s notable that the FBI is using a third-party vendor instead of working with the social networks themselves. This is probably because the social networks would never agree to let the FBI directly monitor their users, even though the FBI says it only wants public info. That could mean Babel X scrapes info from social networks using bots, a practice that Facebook and other social media have prohibited in their terms of service and actively fought against to little avail.”

Chris Hauk, consumer privacy champion at Pixel Privacy, commented:

“Unfortunately, the FBI and other federal, state, and local law enforcement agencies will happily use “attacks” like the January 6th event to violate the privacy of American citizens. While the monitoring of social platforms can help law enforcement to plan for possible incidents, my fear is that it may eventually lead to a “Minority Report” type situation where the FBI and other agencies may arrest or otherwise detain citizens that haven’t actually violated any laws. I also don’t think we can count on the FBI to use the software only for its stated purpose. If there is a way to misuse a tool, you can rely on government agencies to do so.”

https://thecyberwire.com/newsletters/privacy-briefing/4/66

The United States said on Wednesday that it had secretly removed malware from computer networks around the world in recent weeks, a step to pre-empt Russian cyberattacks and send a message to President Vladimir V. Putin of Russia.

The move, made public by Attorney General Merrick B. Garland, comes as U.S. officials warn that Russia could try to strike American critical infrastructure — including financial firms, pipelines and the electric grid — in response to the crushing sanctions that the United States has imposed on Moscow over the war in Ukraine.

Full article: https://www.nytimes.com/2022/04/06/us/politics/us-russia-malware-cyberattacks.html

Senior House Democrats and Republicans disagree on legislation Rep. John Katko, R-N.Y., has proposed that calls on the Department of Homeland Security to identify “systemically important critical infrastructure”—SICI—for prioritizing the government’s efforts to improve the nation’s cybersecurity.

Full article: https://www.nextgov.com/cybersecurity/2022/04/partisan-rift-stalls-efforts-secure-critical-infrastructure-cyberattack/364120/

The Department is pleased to announce that the Bureau of Cyberspace and Digital Policy (CDP) began operations today. A key piece of Secretary Blinken’s modernization agenda, the CDP bureau will address the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy.

The CDP bureau includes three policy units: International Cyberspace Security, International Information and Communications Policy, and Digital Freedom. Ultimately, the bureau will be led by a Senate-confirmed Ambassador-at-Large. Starting today, Jennifer Bachus, a career member of the Senior Foreign Service, is serving as Principal Deputy Assistant Secretary for the CDP bureau. PDAS Bachus will serve as Senior Bureau Official until an Ambassador-at-Large is confirmed. Michele Markoff is serving as Acting Deputy Assistant Secretary for International Cyberspace Security, Stephen Anderson is serving as Acting Deputy Assistant Secretary for International Information and Communications Policy, and Blake Peterson is serving as Acting Digital Freedom Coordinator.

The Department appreciates the service and collaboration of all who will work with and within the CDP bureau in the coming months and years to empower it to achieve its vital mission.

https://www.state.gov/establishment-of-the-bureau-of-cyberspace-and-digital-policy/

From Fedscoop: The White House is calling for an 11% overall increase in federal IT spending for fiscal 2023 in addition to nearly $11 billion proposed to bolster federal cybersecurity. President Biden’s 2023 budget proposal, released Monday, requests a total of $65.8 billion for civilian IT spending, a significant increase over the estimated $58.4 billion spent in the current fiscal year. According to White House data on IT spending, the 11% boost is the biggest in the past dozen years. The budget does not group defense IT funding or civilian grant spending with these numbers.

News Insights:

Mark Manglicmot, VP of Security Services, Arctic Wolf:

“In the wake of critical infrastructure concerns stemming from the conflict in Russia – paired with the ongoing risk of nation state attacks – it’s clear that the administration is concerned with ensuring the forward progress of collective cybersecurity efforts. There have been consistent motions from the Biden administration for organizations to focus on strengthening their cyber ecosystems – from internal initiatives to the recent memorandum holding federal contractors accountable for their efforts, too.

To improve their defenses, organizations must, at a minimum, improve their cybersecurity budgets. In fact, 50% of surveyed security teams don’t have the budget to feel adequately equipped to thwart threats. Inadequate budgets impact important avenues for improving security postures, including tools, talent acquisition and retention and robust and consistent awareness training for employees. Spending the funds efficiently enables organizations to shore up gaps in technical controls, remediate known vulnerabilities, and add talent to address 24×7 coverage deficits.

Additional budget can continue to advance both defensive and offensive cybersecurity operations. It can also expand the resources to continue the recent progress made in bringing both private and public sector leaders together to fight adversarial attacks. With this motion to put more resources behind our nation’s security, both sectors are in a better position to collectively defend against attackers that are most certainly resource backed.”

Biden calls for 11% boost in federal IT budget, $10.9B for cyber

A Ukrainian researcher revealed the operations of Trickbot, one of the most powerful cybercriminal enterprises with its Conti ransomware, after the group defended Russia; chats range from hospital attack plan to hackers grousing about vacation

Full article: https://www.wsj.com/articles/trickbot-pro-russia-hacking-gang-documents-ukrainian-leaker-conti-11648480564