WASHINGTON – Chinese hackers compromised eight American telecommunications companies as part of a wide-ranging espionage effort to gather intelligence about prominent US citizens, Biden administration officials said on Dec 4. 

Ms Anne Neuberger, deputy assistant to the president and deputy national security advisor for cyber and emerging technologies, said that the Chinese group known as Salt Typhoon continues to linger inside some networks as security personnel work to eject the hackers. President Joe Biden has received multiple briefings on the matter as the US government seeks to investigate the matter, she said. 

The update comes after officials from the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency said on Dec 3 that it would be impossible for them to predict how long it would take to clear the intruders from compromised networks. 

The White House also has established a unified coordination group that meets on a daily basis to help address the threat, they said. 

Director of National Intelligence Avril Haines joined officials from the White House, FBI and other agencies to brief US senators in a classified closed-door meeting on Dec 4. BLOOMBERG

SINGAPORE – A group of Singapore Sports School students were caught and punished in November for creating and circulating deepfake nude images of their female schoolmates.

Their actions have ignited discussions about how the young – especially young girls – can best protect themselves from such online harms, and how they can respond if they are victimised by deepfakes.

This is, of course, a global issue.

In South Korea, for instance, a Telegram channel with more than 220,000 members was reportedly used to create and share AI-generated pornographic images.

In its 2023 Survey on Online Harms in Singapore, non-profit group SG Her Empowerment (SHE) reported that 9 per cent of the 1056 Singaporean residents older than 15 surveyed experienced image-based sexual abuse, including via altered images or videos.

Yet, SHE’s Safeguarding Online Spaces survey, also conducted in 2023, found that four in 10 young people reported low awareness of self-help tools for online harms, while five in 10 reported low awareness of legal recourse options.

If you are unsure where to go and what to do if you have been targeted by deepfakes, here are some answers by experts to pressing questions you might have.

Q: What’s the first thing to do if I become the target of deepfake nudes?

A: The most important first step is to document evidence, said experts interviewed.

Taking screenshots of posts or videos, recording links or URLs, and saving messages and timestamps all go a long way when reporting the incident to authorities or social media platforms.

Singapore University of Technology and Design Professor Roy Lee, who specialises in artificial intelligence, emphasised that while the knee-jerk reaction may be to report the image or video as soon as possible to have it removed, recording as much evidence as possible serves crucial purposes.

He said: “Harmful content can be deleted, altered or moved by the perpetrator, making it difficult to prove that the incident occurred. Screenshots act as a timestamped record, ensuring that the evidence is not lost.

“Platforms and authorities (also) often require concrete evidence when investigating cases of online harm. Having screenshots can strengthen the case and increase the likelihood of action being taken against the offender.”

But even if you don’t take a screenshot, all is not lost.

Centre head for SheCares@SCWO Support Centre Lorraine Lim said that “law enforcement will do their best to investigate using the information available” and “police may collaborate with platforms to retrieve relevant data if possible”.

A: Experts say you should report harmful content to the social media platform that is hosting it. Many platforms have policies against such content, and each has its own mechanisms for reporting.

Director of advocacy and research at the Association of Women for Action and Research (Aware) Sugidha Nithiananthan said: “Familiarising yourself with online platforms’ policies for reporting and removing harmful content beforehand can save precious time if you need to act quickly.”

For instance, Facebook and Instagram include a ‘Report’ link on nearly every post for users to report content that violates policy. WhatsApp only allows users to report other users and groups, but not individual messages. Conversely, Telegram users can only flag individual messages and images.

You should also make a police report if you have been targeted by deepfake nudes or have been the victim of online harms. A police spokesperson told The Straits Times that these harms may fall under a variety of offences including the Protection from Harassment Act (Poha) and sexual-and-voyeurism-related offences.

If there is no urgency, you are advised to visit the nearest police station or file a police report online if the matter does not require immediate police attention.

While in-person reporting at the police station allows officers to ask questions that provide helpful and relevant context, some victims may be too distressed to share their experience verbally, and typing an online report might be more comfortable for them.

Investigation officers will follow up on submitted reports to gather additional details when necessary.

Q: What are my next steps if I want to pursue legal action against the perpetrators?

A: There are laws within the Penal Code, Films Act and Poha that exist to protect victims of deepfake nudes and other forms of image-based sexual abuse.

Experts said that those who want to pursue immediate legal action should file a protection order under Poha – a court order that protects victims of harassment by prohibiting perpetrators from continuing harassment behaviour.

Director of Guardian Law Liane Yong explained that Poha protects victims by criminalising behaviour or communication that both intentionally and unintentionally “causes harassment, alarm or distress”.

To file a court order, one must be at least 21 years old; applications for all victims below 21 must be done through an older representative.

Before filing a court order, those targeted should complete a pre-filing assessment on the Community Justice and Tribunals System (CJTS) e-platform to determine the complexity of their cases. This will determine the e-platform (CTJS for simplified cases or eLitigation for more complex cases) that victims submit their applications to.

Victims must then submit applications to the respective e-platforms. Applications generally include details about the harassment, relevant evidence and information about the types of remedies sought. Application fees range from $30 to upwards of $100 based on the platform and type of claim.

A: You can reach out to trusted adults – parents and teachers – for support. Many non-profit organisations also provide emotional, legal and technical support for victims of such online harm.

The SheCares@SCWO support centre is Singapore’s first support centre for online harms. It provides free legal advice through clinics with volunteer lawyers, free counselling support and even accompanies victims down to the police station to file police reports if need be.

Similarly, the Aware Sexual Assault Care Centre provides support for victims, including a free legal clinic, assistance with gathering evidence, filing police reports or Magistrate’s complaints, and applying for Poha court orders.

Q: How do I avoid becoming a victim of deepfake nudes and other online harms?

A: “With advanced technology such as AI tools becoming widely available and easier to use, anyone with an online presence is vulnerable, so it’s important to exercise caution when navigating the online world,” said Ms Lim.

She advised limiting who can see posts through privacy settings and avoiding sharing highly personal information such as full names or addresses. She also warned young people to be wary of unfamiliar follower requests and suspicious behaviour on social media.

Ms Lim said: “Be aware of overly-friendly accounts, or accounts that are quick to offer gifts or offers that are too good to be true.”

“Love-bombing tactics – providing excessive attention, making grand gestures or offering exorbitant gifts, pushing for commitment or exhibiting controlling behaviour – are a sign that something is wrong.”

But while these steps may help reduce your chances of becoming a victim, it always remains a possibility.

Ms Nithiananthan said: “There is very little a person can do to entirely protect themselves from violence and harm, both online and offline.

“When we place too much emphasis on the victim protecting herself, we imply that it is her duty to avoid this abuse. It is this type of thinking that downplays the accountability of perpetrators and wrongly shifts focus to the victim’s actions.”

Experts agreed that over-focusing on what an individual can do to protect themselves may make victims believe that what they experienced was their fault, and stand in the way of them making official reports.

Prof Lee said one of the best ways to reduce deepfakes and online harms is the act of reporting harmful content itself.

“Reporting… contributes to preventing harm to the next potential victim.

“I encourage victims to take action – for themselves and for the community. Together, we can improve online safety if each of us stands up against malicious content.”

PETALING JAYA – The National Cyber Security Agency (Nacsa) says it is currently investigating reports alleging that the MyKad, or Malaysian identity card, data of 17 million Malaysians has been leaked and is being sold on the dark web.

“We understand this is a concerning issue for the public and want to assure you that we are taking it very seriously,” said a spokesperson in a statement issued Dec 4 to LifestyleTech.

“Our experts are investigating the situation thoroughly to verify the authenticity of these claims and assess the extent of any potential compromise.

“Nacsa is committed to safeguarding personal data and will take necessary action based on our findings.”

Dark web threat intelligence firm StealthMole first highlighted the issue on Dec 3 on X, stating that threat actors claim to be in possession of MyKad data belonging to 17 million Malaysians and are offering it up for sale on the dark web.

“As proof, they have publicly shared samples of Malaysian ID cards on the dark web,” the company wrote in the post.

“This massive data breach raises concerns as it could lead to serious crimes like identity theft and financial fraud.”

Nacsa said it will provide updates as more information becomes available while also urging the public to “avoid spreading unconfirmed reports and only refer to verified information from the authorities”.

It further advises monitoring bank accounts and credit reports for suspicious activity, remaining cautious of unsolicited communications, refraining from clicking on links or opening attachments from unknown senders, using strong passwords, keeping software up to date, and practising good cyber hygiene. THE STAR/ASIA NEWS NETWORK

Australia’s ban on children under 16 using social media has sparked global conversations about online safety and youth development (Australia’s world-first social media ban for kids under 16 attracts mixed reaction, Nov 29).

While the intentions behind this policy – protecting children from cyber bullying, exploitation and harmful content – are commendable, it raises critical questions about balance, enforcement and unintended consequences.

As a 14-year-old teenager who does not use social media, I can see both sides of the argument.

On the one hand, platforms like Instagram, TikTok and Discord can be overwhelming, exposing young users to unhealthy comparisons, misinformation and even predatory behaviour.

Many parents and educators worry about the long-term effects of excessive screen time, often spent on social media platforms, on mental health and academic performance.  

On the other hand, outright bans overlook the positive aspects of social media. For many teens, these platforms are a lifeline for creative expression, activism and staying connected, especially in an increasingly digital world.

Moreover, enforcing such a law could be challenging, as children are often tech-savvy enough to find workarounds.  

Rather than outright bans, a better solution might involve empowering young users through digital literacy education. Teaching children how to navigate online spaces safely, recognise misinformation and manage screen time could address the root problems without cutting children off from valuable opportunities.

Singapore can learn from Australia’s debate as we navigate our own challenges with digitalisation. Instead of waiting for government intervention, schools, families and tech companies should work together to create a safer online environment while respecting the voice and agency of young people.  

The internet isn’t going anywhere, and neither are we. Let us try to work together to ensure we can use it wisely.  

Avishi Gurnani, 14
Secondary 2

SEATTLE – Starbucks said the aftermath of a ransomware attack on a software supplier has been affecting its ability to pay baristas and manage their schedules, the company’s spokesperson said on Nov 25.

The coffee giant said that an outage at a third-party vendor has disrupted a back-end Starbucks process that enables employee scheduling and time tracking.

The outage is not impacting its customer service, and the company was working to ensure its employees were fully paid for their hours worked with limited disruption or discrepancy, according to a Starbucks’ spokesperson.

UK-based Blue Yonder, which provides supply chain software to Starbucks and other retailers, according to the Wall Street Journal, said on Thursday that it has experienced disruptions due to a ransomware attack and it is working to fix the issue. REUTERS

A child in California has become the first in the United States to test positive for bird flu infection, authorities said on Nov 22, as health officials offered checks and preventive treatment to exposed contacts at the child’s day-care centre.

The child, from Alameda County in the San Francisco Bay area, had mild symptoms and was said to be recovering at home following treatment with flu antivirals, according to the US Centres for Disease Control and Prevention (CDC) and the California Department of Public Health (CDPH).

As a precaution, close family members of the child were tested, with all results coming back negative.

Local officials have also contacted caregivers and families at the day-care facility, where the child showed mild symptoms before testing positive.

READ MORE HERE

Chinese hackers preparing for conflict, says US cyber official

Chinese hackers are positioning themselves in US critical infrastructure IT networks for a potential clash with the United States, a top American cybersecurity official said on Nov 22.

Ms Morgan Adamski, executive director of US Cyber Command, said Chinese-linked cyber operations are aimed at gaining an advantage in case of a major conflict with the US.

Officials have warned that China-linked hackers have compromised IT networks and taken steps to carrying out disruptive attacks in the event of a conflict.

READ MORE HERE

Ukraine to step up air defence development after missile ‘test’

President Volodymyr Zelensky said on Nov 22 that Ukraine was working on developing new types of air defence to counter “new risks” following Russia’s deployment of a new medium-range missile in the 33-month war.

Mr Zelensky, in his nightly video address, said testing a new weapon for purposes of terror in another country was an “international crime” and issued a new call for a world-wide “serious response” to keep Russia from expanding the war.

He was speaking a day after Russia fired a new intermediate-range weapon – called Oreshnik (hazel tree) – into Ukraine for the first time. Ukraine said the missile reached a top speed of more than 13,000kmh and took about 15 minutes to reach its target from its launch.

READ MORE HERE

Americans say you need a $364,000 salary to be ‘successful’

The price of success? About US$270,000 (S$364,000) a year.

That is the annual salary it takes to be considered financially successful, according to a survey released on Nov 22 by financial services company Empower. The hurdle for net worth is US$5.3 million, according to respondents.

Those numbers are well beyond the reach of most Americans.

READ MORE HERE

New Ultimate Championship will be athletics ‘gamechanger’

World Athletics president Sebastian Coe said on Nov 22 the new Ultimate Championship team event, officially unveiled by the sport’s governing body, would be a “gamechanger” for track and field.

The inaugural event will be held in Budapest on Sept 11-13, 2026, and it will be staged every two years to fulfil World Athletics’ ambition of holding a global championship every year.

The federation said the event would provide “a spectacular conclusion to the summer athletics season, in the years where there is no World Athletics Championships”.

READ MORE HERE

WASHINGTON – Chinese hackers are positioning themselves in US critical infrastructure in the event of a clash with the United States, a top American cybersecurity official said on Nov 22.

Ms Morgan Adamski, the executive director of US Cyber Command, said ongoing Chinese-linked cyber operations are aimed at gaining “an advantage in the event of a major crisis or conflict with the US.”

Ms Adamski made the comments to researchers at the Cyberwarcon security conference in Arlington, Virginia.

On Nov 21, US Senator Mark Warner told the Washington Post that a suspected China-linked hack on US telecommunications firms was “the worst telecom hack in our nation’s history – by far.”

That cyberespionage operation, dubbed “Salt Typhoon,” has included stolen call records data, the compromise of communications of top officials of both major US presidential campaigns before the Nov 5 election, and telecommunications information related to US law enforcement requests, the FBI said, in a recent statement.

Beijing routinely denies cyber operations targeting US entities.

The Chinese Embassy in Washington did not immediately respond to a request for comment. REUTERS

A breach of telecoms companies that the United States said was linked to China was the “worst telecom hack in our nation’s history – by far”, the chairman of the Senate Intelligence Committee told the Washington Post on Thursday.

Earlier this month, U.S. authorities said China-linked hackers had intercepted surveillance data intended for American law enforcement agencies after breaking into an unspecified number of telecom companies.

The hackers compromised the networks of “multiple telecommunications companies” and stole U.S. customer call records and communications from “a limited number of individuals who are primarily involved in government or political activity,” according to a joint statement released by the FBI and the U.S. cyber watchdog agency CISA on Nov. 13.

Beijing has repeatedly denied claims by the U.S. government and others that it has used hackers to break into foreign computer systems.

The Chinese embassy in Washington did not immediately respond to a request for comment from Reuters on Thursday night.

There were also reports Chinese hackers targeted telephones belonging to then-presidential and vice presidential candidates Donald Trump and JD Vance, along with other senior political figures, raising widespread concern over the security of U.S. telecommunications infrastructure.

“This is an ongoing effort by China to infiltrate telecom systems around the world, to exfiltrate huge amounts of data,” Mark Warner told the Washington Post.

The breach went further than the Biden administration has acknowledged, with hackers able to listen to telephone conversations and read text messages, Warner was cited as saying in a separate interview by the New York Times.

“The barn door is still wide open, or mostly open,” he told the publication. REUTERS

MARYLAND – The director of the US National Security Agency on Nov 20 urged the private sector to take swift, collective action to share key details about breaches they have suffered at the hands of Chinese hackers who have infiltrated US telecommunications.

General Timothy Haugh, a four-star Air Force general who leads the NSA and Cyber Command, told Bloomberg News at the National Security Innovation Forum in Washington that public disclosure would help find and oust the hackers, as the US continues to try to understand a new spate of damaging mass breaches.

In calling for more disclosure, General Haugh didn’t identity specific companies.

General Haugh said he wants to provide a public “hunt guide” so cybersecurity professionals and companies can search out the hackers and eradicate them from telecommunications networks.

“The ultimate goal would be to be able to lay bare exactly what happened in ways that allow us to better posture as a nation and for our allies to be better postured,” he said, adding the US is reliant on industry to share insights into what happened on their own networks.

US authorities have confirmed Chinese hackers have infiltrated US telecommunications in what Senator Richard Blumenthal, a Connecticut Democrat, this week described as a “sprawling and catastrophic” infiltration. AT&T Inc, Verizon Communications Inc and T-Mobile are among those targeted.

Through those intrusions, the hackers targeted communications of a “limited number” of people in politics and government, US officials have said.

They include Vice-President Kamala Harris’ staff, president-elect Donald Trump and vice-president-elect JD Vance, as well as staffers for Senate Majority Leader Chuck Schumer, according to Missouri Republican Senator Josh Hawley.

Representatives of the Chinese government have denied the allegations.

China is “doing this on a scale en masse and as a national effort,” General Haugh said.

The US experience and response is more disjointed, given the limited reach of different law enforcement agencies and the dependence on information from the private sector. There are multiple investigations underway associated with the telecommunications breaches, he said.

“Everybody is in a slightly different place as it relates to Salt Typhoon,” General Haugh said, referring to Microsoft Corporation’s name for the group believed to be behind the telecommunications breaches.

Two cybersecurity experts who requested anonymity to speak freely have privately complained about the lack of information shared that could otherwise help them and others understand, find and tackle the hacks.

Detailed public disclosures would mean that even if some companies haven’t seen the intrusions yet, “they can begin to put countermeasures in place,” General Haugh said. It would also help other nations uncover and root it out too, General Haugh said.

“It’s going to take collective work,” he said, adding the “speed” with which everyone collaborates is a key step. BLOOMBERG

LONDON – Mirror Group Newspapers (MGN) is facing 101 phone-hacking lawsuits from public figures including actors Kate Winslet, Sean Bean and Gillian Anderson and the estate of late Australian cricketer Shane Warne, London’s High Court heard on Nov 20.

The publisher of the Daily Mirror, Sunday Mirror and Sunday People tabloids – which is owned by Reach – has been entangled in litigation for more than a decade over alleged phone hacking and other unlawful information gathering.

MGN had accepted that some unlawful information gathering took place at its newspapers in the early 2000s, before Prince Harry and three others went to trial in 2023.

Harry, the younger son of King Charles, was awarded £140,600 (around S$238,000) after London’s High Court ruled the prince had been targeted by MGN journalists – the biggest win yet in his “mission” to purge the British press.

He accepted substantial damages from MGN to settle the remainder of his lawsuit, but vowed his mission would continue and a trial of his separate case against Rupert Murdoch’s British newspaper arm is due to begin in January.

When Harry largely won his case in December 2023, Reach also claimed victory as two other claimants’ cases were rejected as having been brought too late.

The company said the ruling meant cases brought after October 2020 were “likely to be dismissed other than where exceptional circumstances apply”.

MGN is, however, currently facing a total of 101 lawsuits brought by a number of people, including Prince Harry’s ex-girlfriend Chelsy Davy, the claimants’ lawyers said at a hearing on Nov 20.

The publisher asked for a trial to be heard in late 2025 to decide whether a sample of the 101 cases were brought too late, arguing it would likely prompt a settlement of the cases.

Judge Timothy Fancourt ruled that such a trial would accelerate other cases being resolved and said it was likely to take place in November 2025. REUTERS