EU Rules Policing Digital Content Kick in Saturday

The DSA is a mammoth law that will force digital giants to aggressively police content online. CHANDAN KHANNA / AFP/File
The DSA is a mammoth law that will force digital giants to aggressively police content online. CHANDAN KHANNA / AFP/File
TT

EU Rules Policing Digital Content Kick in Saturday

The DSA is a mammoth law that will force digital giants to aggressively police content online. CHANDAN KHANNA / AFP/File
The DSA is a mammoth law that will force digital giants to aggressively police content online. CHANDAN KHANNA / AFP/File

Digital companies will have nowhere to hide after the EU's landmark content law enters into full force from Saturday, with the risk of heavy fines for any violations.
The new rules, known as the Digital Services Act (DSA), kicked in last year for the world's largest platforms, including Facebook and TikTok, but will now apply to all except the smallest companies, AFP said.
When the European Union proposed the law in 2020, the objective was simple: to tame the wild west online, where Brussels felt companies were not doing enough to block illegal content or acting sufficiently to protect consumers.
Brussels has already bared its teeth, showing the tech titans that it means business.
There have been a wave of probes launched by the European Commission to quiz the largest platforms on how they are addressing an array of concerns from consumer protection to children's activity online.
So far, the EU has launched formal infringement proceedings against tech billionaire Elon Musk's X, formerly Twitter, over "illegal content and disinformation".
Punishment for violations of the DSA will be harsh.
Those that breach the rules could be fined up to six percent of their global annual turnover, or even banned in the EU for serious and repeated violations.
The EU will officially be able to hit companies with sanctions, including fines, for any violations from Saturday.
But beyond the prospect of fines, Alexandre de Streel of the think tank Centre on Regulation in Europe (CERRE), said the law aimed ultimately to change the culture of digital firms.
"The DSA is a gradual system, everything is not going to change in one minute and not on February 17," he said. "The goal isn't to impose fines, it's that platforms change their practices."
Enforcement across the bloc
Keeping an eye on firms will be a duty split between the commission, with its team of more than 120 experts, and EU states.
As an example of their new obligations, platforms that offer shopping services must act swiftly to stop the sale of counterfeit products and block repeat fraudsters.
The EU also prohibits targeted advertising for children and seeks to make it easier for users to report illegal content, complain and seek compensation for rule breaches.
The commission will supervise the largest platforms but states will need to set up "digital services coordinators" to monitor the smaller firms.
Firms with fewer than 50 staff and a turnover of less than 10 million euros ($10.8 million) will be exempted from the most burdensome rules.
Challenges
The law entered into force in August for "very large" platforms owned by Google's Alphabet, Amazon, Apple, TikTok parent ByteDance, Facebook owner Meta and Microsoft.
The EU believes these platforms must do more since their size and reach means they have greater responsibilities to address the higher risks to users.
The 22 platforms facing more stringent rules include booking.com, Google Search, Instagram, Snapchat and X as well as three major porn platforms.
They are obliged to be more transparent, giving access to researchers to scrutinize the platforms as well as publishing yearly risk assessments at their own cost.
The new law has already seen its share of controversy.
The DSA has faced a slew of legal challenges from Amazon and Zalando over their designations as "very large" firms, and from Meta and TikTok over a fee to pay for enforcement.
Meta paid around 11 million euros while TikTok refused to say how much it paid.



North Korean Charged in Cyberattacks on US Hospitals, NASA and Military Bases

A man who allegedly carried out cybercrimes for a North Korean military intelligence agency has been indicted in a conspiracy to hack hospitals and health care providers in several US states. - The AP
A man who allegedly carried out cybercrimes for a North Korean military intelligence agency has been indicted in a conspiracy to hack hospitals and health care providers in several US states. - The AP
TT

North Korean Charged in Cyberattacks on US Hospitals, NASA and Military Bases

A man who allegedly carried out cybercrimes for a North Korean military intelligence agency has been indicted in a conspiracy to hack hospitals and health care providers in several US states. - The AP
A man who allegedly carried out cybercrimes for a North Korean military intelligence agency has been indicted in a conspiracy to hack hospitals and health care providers in several US states. - The AP

A North Korean military intelligence operative has been indicted in a conspiracy to hack into American health care providers, NASA, US military bases and international entities, stealing sensitive information and installing ransomware to fund more attacks, federal prosecutors announced Thursday.

The indictment of Rim Jong Hyok by a grand jury in Kansas City, Kansas, accuses him of laundering the money through a Chinese bank and then using it to buy computer servers and fund more cyberattacks on defense, technology and government entities around the world.

The hacks on American hospitals and other health care providers disrupted the treatment of patients, officials said. He's accused of targeting 17 entities across 11 US states, including NASA and US military bases, as well as defense and energy companies in China, Taiwan and South Korea, according to The AP.

For more than three months, Rim and other members of the Andariel Unit of North Korea's Reconnaissance General Bureau had access to NASA’s computer system, extracting over 17 gigabytes of unclassified data, the indictment says. They also reached inside computer systems for defense companies in Michigan and California, as well as Randolph Air Force base in Texas and Robins Air Force base in Georgia, authorities say.

The malware enabled the state-sponsored Andariel group to send stolen information to North Korean military intelligence, furthering the country’s military and nuclear aspirations, federal prosecutors said. They've gone after details of fighter aircraft, missile defense systems, satellite communications and radar systems, a senior FBI official said.

“While North Korea uses these types of cyber crimes to circumvent international sanctions and fund its political and military ambitions, the impact of these wanton acts have a direct impact on the citizens of Kansas,” said Stephen A. Cyrus, an FBI agent based in Kansas City.

Online court records do not list an attorney for Rim, who has lived in North Korea and worked at the military intelligence agency’s offices in both Pyongyang and Sinuiju, according to court records. A reward of up to $10 million has been offered for information that could lead to him or other foreign government operatives who target critical US infrastructure.

The Justice Department has prosecuted multiple cases related to North Korean hacking, often alleging a profit-driven motive that sets the nation's cybercriminals apart from hackers in Russia and China. In 2021, for instance, the department charged three North Korean computer programmers in a broad range of hacks including a destructive attack targeting an American movie studio and the attempted theft and extortion of more than $1.3 billion from banks and companies around the world.

In this case, the FBI was alerted by a Kansas medical center that was hit in May 2021. Hackers had encrypted its files and servers, blocking access to patient files, laboratory test results and computers needed to operate hospital equipment. A Colorado health care provider was affected by the same Maui ransomware variant.

A ransom note sent to the Kansas hospital demanded Bitcoin payments valued then at about $100,000, to be sent to a cryptocurrency address.

“Otherwise all of your files will be posted in the Internet which may lead you to loss of reputation and cause the troubles for your business,” the note reads. “Please do not waste your time! You have 48 hours only! After that the Main server will double your price.”

Federal investigators said they traced blockchains to follow the money: An unnamed co-conspirator transferred the Bitcoin to a virtual currency address belonging to two Hong Kong residents before it was converted into Chinese currency and transferred to a Chinese bank. The money was then accessed from an ATM in China next to the Sino-Korean Friendship Bridge connecting China and North Korea, according to court records.

In 2022, the Justice Department said the FBI seized approximately $500,000 in ransom payments from the money laundering accounts, including the entire ransom payment from the hospital.

An arrest of Rim is unlikely, so the biggest outcome of the indictment is that it may lead to sanctions that could cripple the ability of North Korea to collect ransoms this way, which could in turn remove the motivation to conduct cyber attacks on entities like hospitals in the future, according to Allan Liska, an analyst with the cybersecurity firm Recorded Future.

“Now, unfortunately, that will force them to do more cryptocurrency theft. So it’s not going to stop their activity. But the hope is that we won’t have hospitals disrupted by ransomware attacks because they’ll know that they can’t get paid,” Liska said.

He also noted that a Chinese entity was among the victims and questioned what the country, which is an ally of North Korea, thinks of being targeted.

“China can’t be too thrilled about that,” he said.