Brazil imposes new fine, demands payments before letting X resume

SAO PAULO/BRASILIA BRAZIL — Brazil’s Supreme Court said on Friday that social platform X still needs to pay just over $5 million in pending fines, including a new one, before it will be allowed to resume its service in the country, according to a court document. 

Earlier this week, the Elon Musk-owned U.S. firm told the court it had complied with orders to stop the spread of misinformation and asked it to lift a ban on the platform. 

But Judge Alexandre de Moraes responded on Friday with a ruling that X and its legal representative in Brazil must still agree to pay a total of $3.4 million in pending fines that were previously ordered by the court. 

In his decision, the judge said that the court can use resources already frozen from X and Starlink accounts in Brazil, but to do so the satellite company, also owned by Musk, had to drop its pending appeal against the fund blockage.  

The judge also demanded a new $1.8 million fine related to a brief period last week when X became available again for some users in Brazil. 

X, formerly known as Twitter, did not immediately respond to a request for comment. 

According to a person close to X, the tech firm will likely pay all the fines but will consider challenging the fine that was imposed by the court after the platform ban.  

X has been suspended since late August in Brazil, one of its largest and most coveted markets, after Moraes ruled it had failed to comply with orders related to restricting hate speech and naming a local legal representative. 

Musk, who had denounced the orders as censorship and called Moraes a “dictator,” backed down and started to reverse his position last week, when X lawyers said the platform tapped a local representative and would comply with court rulings. 

In Friday’s decision, Moraes said that X had proved it had now blocked accounts as ordered by the court and had named the required legal representative in Brazil. 

CrowdStrike executive apologizes to Congress for July global tech outage

WASHINGTON — An executive at cybersecurity company CrowdStrike apologized in testimony to Congress for sparking a global technology outage over the summer. 

“We let our customers down,” said Adam Meyers, who leads CrowdStrike’s threat intelligence division, in a hearing before a U.S. House cybersecurity subcommittee Tuesday. 

Austin, Texas-based CrowdStrike has blamed a bug in an update that allowed its cybersecurity systems to push bad data out to millions of customer computers, setting off a global tech outage in July that grounded flights, took TV broadcasts off air and disrupted banks, hospitals and retailers. 

“Everywhere Americans turned, basic societal functions were unavailable,” House Homeland Security Committee Chairman Mark Green said. “We cannot allow a mistake of this magnitude to happen again.” 

The Tennessee Republican likened the impact of the outage to an attack “we would expect to be carefully executed by a malicious and sophisticated nation-state actor.” 

“We’re deeply sorry and we are determined to prevent this from ever happening again,” Meyers told lawmakers while laying out the technical missteps that led to the outage of about 8.5 million computers running Microsoft’s Windows operating system. 

Meyers said he wanted to “underscore that this was not a cyberattack” but was, instead, caused by a faulty “rapid-response content update” focused on addressing new threats. The company has since bolstered its content update procedures, he said. 

The company still faces a number of lawsuits from people and businesses that were caught up in July’s mass outage. 

Former executive gets 2 years in prison for role in FTX fraud

new york — Caroline Ellison, a former top executive in Sam Bankman-Fried’s fallen FTX cryptocurrency empire, was sentenced to two years in prison on Tuesday after she apologized repeatedly to everyone hurt by a fraud that stole billions of dollars from investors, lenders and customers. 

U.S. District Judge Lewis A. Kaplan said Ellison’s cooperation was “very, very substantial” and “remarkable.” 

But he said a prison sentence was necessary because she had participated in what might be the “greatest financial fraud ever perpetrated in this country and probably anywhere else” or at least close to it. 

He said in such a serious case, he could not let cooperation be a get-out-of-jail-free card, even when it was clear that Bankman-Fried had become “your kryptonite.” 

“I’ve seen a lot of cooperators in 30 years here,” he said. “I’ve never seen one quite like Ms. Ellison.”

She was ordered to report to prison on November 7. 

Ellison, 29, pleaded guilty nearly two years ago and testified against Bankman-Fried for nearly three days at a trial last November. 

At sentencing, she emotionally apologized to anyone hurt by the fraud that stretched from 2017 through 2022. 

“I’m deeply ashamed with what I’ve done,” she said, fighting through tears to say she was “so so sorry” to everyone she had harmed directly or indirectly. 

She did not speak as she left Manhattan federal court, surrounded by lawyers. 

In a court filing, prosecutors had called her testimony the “cornerstone of the trial” against Bankman-Fried, 32, who was found guilty of fraud and sentenced to 25 years in prison. 

In court Tuesday, Assistant U.S. Attorney Danielle Sassoon called for leniency, saying her testimony was “devastating and powerful proof” against Bankman-Fried. 

The prosecutor said Ellison’s time on the witness stand was very different from Bankman-Fried, who she said was “evasive, even contemptuous, and unable to answer questions directly” when he testified. 

Attorney Anjan Sahni asked the judge to spare his client from prison, citing “unusual circumstances,” including her off-and-on romantic relationship with Bankman-Fried and the damage caused when her “whole professional and personal life came to revolve” around him. 

FTX was one of the world’s most popular cryptocurrency exchanges, known for its Superbowl TV ad and its extensive lobbying campaign in Washington before it collapsed in 2022. 

U.S. prosecutors accused Bankman-Fried and other executives of looting customer accounts on the exchange to make risky investments, make millions of dollars of illegal political donations, bribe Chinese officials, and buy luxury real estate in the Caribbean. 

Ellison was chief executive at Alameda Research, a cryptocurrency hedge fund controlled by Bankman-Fried that was used to process some customer funds from FTX. 

As the business began to falter, Ellison divulged the massive fraud to employees who worked for her even before FTX filed for bankruptcy, trial evidence showed. 

Ultimately, she also spoke extensively with criminal and civil U.S. investigators. 

Sassoon said prosecutors were impressed that Ellison did not “jump into the lifeboat” to escape her crimes but instead spent nearly two years fully cooperating. 

Since testifying at Bankman-Fried’s trial, Ellison has engaged in extensive charity work, written a novel, and worked with her parents on a math enrichment textbook for advanced high school students, according to her lawyers. 

They said she also now has a healthy romantic relationship and has reconnected with high school friends she had lost touch with while she worked for and sometimes dated Bankman-Fried from 2017 until late 2022. 

Biden administration seeks to ban Chinese, Russian tech in most US vehicles

New York — The U.S. Commerce Department said Monday it’s seeking a ban on the sale of connected and autonomous vehicles in the U.S. that are equipped with Chinese and Russian software and hardware with the stated goal of protecting national security and U.S. drivers.

While there is minimal Chinese and Russian software deployed in the U.S, the issue is more complicated for hardware. That’s why Commerce officials said the prohibitions on the software would take effect for the 2027 model year and the prohibitions on hardware would take effect for the model year of 2030, or Jan. 1, 2029, for units without a model year.

The measure announced Monday is proactive but critical, the agency said, given that all the bells and whistles in cars like microphones, cameras, GPS tracking and Bluetooth technology could make Americans more vulnerable to bad actors and potentially expose personal information, from the home address of drivers, to where their children go to school.

In extreme situations, a foreign adversary could shut down or take simultaneous control of multiple vehicles operating in the United States, causing crashes and blocking roads, U.S. Secretary of Commerce Gina Raimondo told reporters on a call Sunday.

“This is not about trade or economic advantage,” Raimondo said. “This is a strictly national security action. The good news is right now, we don’t have many Chinese or Russian cars on our road.”

But Raimondo said Europe and other regions in the world where Chinese vehicles have become commonplace very quickly should serve as “a cautionary tale” for the U.S.

Security concerns around the extensive software-driven functions in Chinese vehicles have arisen in Europe, where Chinese electric cars have rapidly gained market share.

“Who controls these data flows and software updates is a far from trivial question, the answers to which encroach on matters of national security, cybersecurity, and individual privacy,” Janka Oertel, director of the Asia program at the European Council on Foreign Relations, wrote on the council’s website.

Vehicles are now “mobility platforms” that monitor driver and passenger behavior and track their surroundings.

A senior administration official said that it is clear from terms of service contracts included with the technology that data from vehicles ends up in China.

Raimondo said that the U.S. won’t wait until its roads are populated with Chinese or Russian cars.

“We’re issuing a proposed rule to address these new national security threats before suppliers, automakers and car components linked to China or Russia become commonplace and widespread in the U.S. automotive sector,” Raimondo said.

It is difficult to know when China could reach that level of saturation, a senior administration official said, but the Commerce Department says China hopes to enter the U.S. market and several Chinese companies have already announced plans to enter the automotive software space.

The Commerce Department added Russia to the regulations since the country is trying to “breathe new life into its auto industry,” senior administration officials said on the call.

The proposed rule would prohibit the import and sale of vehicles with Russia and China-manufactured software and hardware that would allow the vehicle to communicate externally through Bluetooth, cellular, satellite or Wi-Fi modules. It would also prohibit the sale or import of software components made in Russia or the People’s Republic of China that collectively allow a highly autonomous vehicle to operate without a driver behind the wheel. The ban would include vehicles made in the U.S. using Chinese and Russian technology.

The proposed rule would apply to all vehicles, but would exclude those not used on public roads, such as agricultural or mining vehicles.

U.S. automakers said they share the government’s national security goal, but at present there is little connected vehicle hardware or software coming to the U.S. supply chain from China.

Yet the Alliance for Automotive Innovation, a large industry group, said the new rules will make some automakers scramble for new parts suppliers. “You can’t just flip a switch and change the world’s most complex supply chain overnight,” John Bozzella, the alliance’s CEO, said in a statement.

The lead time in the new rules will be long enough for some automakers to make the changes, “but may be too short for others,” Bozzella said.

Commerce officials met with all the major auto companies around the world while it drafted the proposed rule to better understand supply chain networks, according to senior administration officials, and also met with a variety of industry associations.

The Commerce Department is inviting public comments, which are due 30 days after publication of a rule before it’s finalized. That should happen by the end of the Biden Administration.

The new rule follows steps taken earlier this month by the Biden administration to crack down on cheap products sold out of China, including electric vehicles, expanding a push to reduce U.S. dependence on Beijing and bolster homegrown industry.

US to propose ban on Chinese software, hardware in connected vehicles, sources say

Washington — The U.S. Commerce Department is expected on Monday to propose prohibiting Chinese software and hardware in connected and autonomous vehicles on American roads due to national security concerns, two sources told Reuters.

The Biden administration has raised serious concerns about the collection of data by Chinese companies on U.S. drivers and infrastructure as well as the potential foreign manipulation of vehicles connected to the internet and navigation systems.

The proposed regulation would ban the import and sale of vehicles from China with key communications or automated driving system software or hardware, said the two sources, who declined to be identified because the decision had not been publicly disclosed.

The move is a significant escalation in the United States’ ongoing restrictions on Chinese vehicles, software and components. Last week, the Biden administration locked in steep tariff hikes on Chinese imports, including a 100% duty on electric vehicles as well as new hikes on EV batteries and key minerals.

Commerce Secretary Gina Raimondo said in May the risks of Chinese software or hardware in connected U.S. vehicles were significant.

“You can imagine the most catastrophic outcome theoretically if you had a couple million cars on the road and the software were disabled,” she said.

President Joe Biden in February ordered an investigation into whether Chinese vehicle imports pose national security risks over connected-car technology — and if that software and hardware should be banned in all vehicles on U.S. roads.

“China’s policies could flood our market with its vehicles, posing risks to our national security,” Biden said earlier. “I’m not going to let that happen on my watch.”

The Commerce Department plans to give the public 30 days to comment before any finalization of the rules, the sources said. Nearly all newer vehicles on U.S. roads are considered “connected.” Such vehicles have onboard network hardware that allows internet access, allowing them to share data with devices both inside and outside the vehicle.

The department also plans to propose making the prohibitions on software effective in the 2027 model year and the ban on hardware would take effect in January 2029 or the 2030 model year. The prohibitions in question would include vehicles with certain Bluetooth, satellite and wireless features as well as highly autonomous vehicles that could operate without a driver behind the wheel.

A bipartisan group of U.S. lawmakers in November raised alarm about Chinese auto and tech companies collecting and handling sensitive data while testing autonomous vehicles in the United States.

The prohibitions would extend to other foreign U.S. adversaries, including Russia, the sources said.

A trade group representing major automakers including General Motors, Toyota Motor, Volkswagen, Hyundai and others had warned that changing hardware and software would take time.

The carmakers noted their systems “undergo extensive pre-production engineering, testing, and validation processes and, in general, cannot be easily swapped with systems or components from a different supplier.”

The Commerce Department declined to comment on Saturday. Reuters first reported, in early August, details of a plan that would have the effect of barring the testing of autonomous vehicles by Chinese automakers on U.S. roads. There are relatively few Chinese-made light-duty vehicles imported into the United States.

The White House on Thursday signed off on the final proposal, according to a government website. The rule is aimed at ensuring the security of the supply chain for U.S. connected vehicles. It will apply to all vehicles on U.S. roads, but not for agriculture or mining vehicles, the sources said.

Biden noted that most cars are connected like smartphones on wheels, linked to phones, navigation systems, critical infrastructure and to the companies that made them.

California governor signs law to protect children from social media addiction

SACRAMENTO, California — California will make it illegal for social media platforms to knowingly provide addictive feeds to children without parental consent beginning in 2027 under a new law Governor Gavin Newsom signed Friday. 

California follows New York state, which passed a law earlier this year allowing parents to block their kids from getting social media posts suggested by a platform’s algorithm. Utah has passed laws in recent years aimed at limiting children’s access to social media, but those have faced challenges in court. 

The California law will take effect in a state home to some of the largest technology companies in the world. Similar proposals have failed to pass in recent years, but Newsom signed a first-in-the-nation law in 2022 barring online platforms from using users’ personal information in ways that could harm children. 

It is part of a growing push in states across the country to try to address the impact of social media on the well-being of children. 

“Every parent knows the harm social media addiction can inflict on their children — isolation from human contact, stress and anxiety, and endless hours wasted late into the night,” Newsom, a Democrat, said in a statement. “With this bill, California is helping protect children and teenagers from purposely designed features that feed these destructive habits.” 

The law bans platforms from sending notifications without permission from parents to minors between midnight and 6 a.m., and between 8 a.m. and 3 p.m. on weekdays from September through May, when children are typically in school. The legislation also makes platforms set children’s accounts to private by default. 

Opponents of the legislation say it could inadvertently prevent adults from accessing content if they cannot verify their age. Some argue it would threaten online privacy by making platforms collect more information on users. 

The law defines an “addictive feed” as a website or app “in which multiple pieces of media generated or shared by users are, either concurrently or sequentially, recommended, selected, or prioritized for display to a user based, in whole or in part, on information provided by the user, or otherwise associated with the user or the user’s device,” with some exceptions. 

The subject garnered renewed attention in June when U.S. Surgeon General Vivek Murthy called on Congress to require warning labels on social media platforms and their impacts on young people. Attorneys general in 42 states endorsed the plan in a letter sent to Congress last week. 

State Senator Nancy Skinner, a Democrat representing Berkeley who wrote the California law, said that “social media companies have designed their platforms to addict users, especially our kids.” 

“With the passage of SB 976, the California Legislature has sent a clear message: When social media companies won’t act, it’s our responsibility to protect our kids,” she said in a statement.

China-connected spamouflage impersonated Dutch cartoonist

Washington — Based on the posts of an X account that bears the name of Dutch cartoonist Bart van Leeuwen, a profile picture of his face and short professional bio, one would think the Amsterdam-based artist is a staunch supporter of China and fierce critic of the United States.

In one post, the account blasts what it calls Washington’s “fallacies against the Chinese economy,” accompanied by a cartoon from the Global Times — a Beijing-controlled media outlet — showing Uncle Sam aiming but failing to hit a target emblazoned with the words “China’s economy.”

In another, the account reposts a Chinese propaganda video about the country’s rubber-stamp legislature, writing “today’s China is closely connected with the world, blending with each other, and achieving mutual success.”

But Van Leeuwen didn’t make the posts. In fact, this account doesn’t even belong to him.

It belongs to a China-connected network on X of “spamouflage” accounts, which pretend to be the work of real people but are in reality controlled by robots sending out messages designed to shape public opinion.

China has repeatedly rejected reports that it seeks to influence U.S. presidential elections, describing such claims as “fabricated.”

VOA Mandarin and DoubleThink Lab (DTL), a Taiwanese social media analytics firm, uncovered the fake Van Leeuwen account during a joint investigation into a network of spamouflage accounts working on behalf of the Chinese government.

The network, consisting of at least nine accounts, propagated Beijing’s talking points on issues including human rights abuses in China’s western Xinjiang province, territorial disputes with countries in the South China Sea and U.S. tariffs on Chinese goods.

Fake account contradicts real artist

Van Leeuwen confirmed in an interview with VOA Mandarin that he had nothing to do with and was not aware of the fake account.

“It’s ironic that my identity, being a political cartoonist, is being used for political propaganda,” he told VOA in a written statement.

The real Van Leeuwen is an award-winning cartoonist whose works have been published on news outlets around the world, such as the Las Vegas Review-Journal, the Korea Times, Sing Tao Daily in Hong Kong and Gulf Today in the United Arab Emirates.

He specializes in editorial cartoons, whose main subjects include global politics, elections in the U.S. and Russia’s invasion of Ukraine. Several of his past illustrations made fun of Chinese leader Xi Jinping’s economic policies and the opaqueness of Beijing’s inner political struggles.

After being contacted by VOA Mandarin, a spokesman from X said the fake account has been suspended.

Other than finding irony in being impersonated by a Chinese propaganda bot, Van Leeuwen said the incident also worries him.

“This example once again highlights the need for far-reaching measures regarding the restriction of social media,” Van Leeuwen wrote in his statement, “especially with irresponsible people like Elon Musk at the helm.”

After purchasing what was then called Twitter in 2022, the Tesla and SpaceX CEO vowed to reduce the prevalence of bots on the platform, but many users complain it has become even worse.

Musk, the world’s richest person, is a so-called “free speech absolutist,” opposing almost all censorship of people voicing their views. Critics say his policy allows racist and false information to flourish on X.

Former President Donald Trump has praised Musk’s business acumen and said he plans to have the man who may become the world’s first trillionaire head a commission on government efficiency if he is reelected in November.

Network of spamouflage accounts

Before its suspension, the X account that impersonated Van Leeuwen had close to 1,000 followers, more than Van Leeuwen’s real X account. It was registered in 2013, but its first post came only last year. The account’s early posts were mostly encouraging and inspiring words in Chinese. It also posted many dance videos.

Gradually, the account started to mix in more and more political narratives, criticizing the U.S. and defending China. It often reposted content from another spamouflage account called “Grey World.”

“Grey World” used a photo of an attractive Asian woman as its profile picture. Most of its posts were supportive of Beijing’s talking points. It regularly posted videos and cartoons from Chinese state media. It also posted several of Van Leeuwen’s cartoons about American politics.

VOA Mandarin and DTL’s investigation identified “Grey World” as the main spamouflage account in a network of nine such accounts. Other accounts in the network, including the fake Van Leeuwen account, amplified “Grey World” by reposting its content.

But posts from “Grey World” had limited reach on X, despite having tens of thousands of followers. For example, between August 18 and September 1, its most popular post, a diatribe against Washington’s Indo-Pacific strategy, was viewed a little over 10,000 times but only had 35 reposts and 65 likes.

After the suspension of the fake Van Leeuwen account, X also shut down the “Grey World” account.

The spamouflage network is not the first linked to China.

In April, British researchers released a report saying Chinese nationalist trolls were posing as American supporters of Trump on X to try to exploit domestic divisions ahead of the U.S. election.

U.S. federal prosecutors in 2023 accused China’s Ministry of Public Security of having a covert social media propaganda campaign that also aimed to influence U.S. elections.

Researchers at Facebook’s parent company Meta said it was the largest known covert propaganda operation ever identified on that platform and Instagram, reported Rolling Stone magazine.

Network analysis firm Graphika called the pro-Chinese network “Spamouflage Dragon,” part of a campaign it identified in early 2020 that was at the time posting content that praised Beijing’s policies and attacked those of then-President Trump.

US targets second major Chinese hacking group

Washington — The United States has identified and taken down a botnet campaign by China-directed hackers to further infiltrate American infrastructure as well as a variety of internet-connected devices.

FBI Director Christopher Wray announced the disruption of what he called Flax Typhoon during a cyber summit Wednesday in Washington, describing it as part of a much larger campaign by Beijing.

“Flax Typhoon hijacked Internet-of-Things devices like cameras, video recorders and storage devices — things typically found across both big and small organizations,” Wray said. “And about half of those hijacked devices were located here in the U.S.”

Wray said the hackers, working under the guise of an information security company called the Integrity Technology Group, collected information from corporations, media organizations, universities and government agencies.

“They used internet-connected devices — this time, hundreds of thousands of them — to create a botnet that helped them compromise systems and exfiltrate confidential data,” he said.

But Flax Typhoon’s operations were disrupted last week when the FBI, working with allies and under court orders, took control of the botnet and pursued the hackers when they tried to switch to a backup system.

“We think the bad guys finally realized that it was the FBI and our partners that they were up against,” Wray said. “And with that realization, they essentially burned down their new infrastructure and abandoned their botnet.”

Wray said Flax Typhoon appeared to build on the exploits and tactics of another China-linked hacking group, known as Volt Typhoon, which was identified by Microsoft in May of last year.

Volt Typhoon used office network equipment, including routers, firewalls and VPN hardware, to infiltrate and disrupt communications infrastructure in Guam, home to key U.S. military facilities.

The Chinese Embassy in Washington Wednesday rejected the U.S accusations.

“Without valid evidence, the U.S. jumped to an unwarranted conclusion and made groundless accusations” Chinese Embassy spokesperson Liu Pengyu told VOA in an email, responding to the allegations about Flax Typhoon.

“The U.S. itself is the origin and the biggest perpetrator of cyberattacks,” Liu added. “We urge the U.S. to stop its worldwide cyber espionage and cyberattacks, and stop smearing other countries under the excuse of cyber security.”

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency have previously warned that Chinese-government directed hackers, like Volt Typhoon, have been positioning themselves to launch destructive cyberattacks that could jeopardize the physical safety of Americans.

Following Wednesday’s announcement by the FBI, the U.S. National Security Agency (NSA) issued an advisory encouraging anyone with a device that was compromised by Flax Typhoon to apply needed patches.

It said that as of this past June, the Flax Typhoon botnet was making use of more than 260,000 devices in North America, Europe, Africa and Southeast East.

The NSA said almost half of the compromised devices were in the U.S. Another 18 countries, including Vietnam, Bangladesh, Albania, China, South Africa and India, were also impacted.