UNGA kicks off with cyber and AI – POLITICO

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
By signing up, you acknowledge and agree to our Privacy Policy and Terms of Use. You may unsubscribe at any time by following the directions at the bottom of the newsletter or by contacting us here. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
You will now start receiving email updates
You are already subscribed
Something went wrong
By signing up, you acknowledge and agree to our Privacy Policy and Terms of Use. You may unsubscribe at any time by following the directions at the bottom of the newsletter or by contacting us here. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

With help from John Sakellariadis and John Hendel

High-level officials from every corner of the globe are descending on New York City for some much needed face time. And those power players are going to be discussing how to cooperate on cyberattacks from nation states and how to effectively use AI — despite there being little consensus on its regulation.
HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! The Senate won’t be enforcing its dress code any longer, and I say about time. I’ve always wanted to know if our senators were fans of their state’s own sports team and now we are inching closer to that reality.
Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email me at [email protected]. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below. Let’s dive in.

Secretary of State Antony Blinken and other foreign ministers will be meeting with Meta, Amazon and other AI developers at the United Nations General Assembly to discuss AI’s potential in accelerating the UN Sustainable Development Goals. 1 p.m.
The Defense Intelligence Agency’s chief technology officer Ramesh Menon is joining a virtual discussion on the future of the intelligence community. 2 p.m.

JOIN US ON 9/20 FOR A TALK ON TRANSFORMING HEALTHCARE BILLING: Bipartisan legislation in the House and Senate would align costs for services across hospitals and doctors’ offices and reduce out-of-pocket spending that could potentially save the federal government billions of dollars. Can this legislation survive a polarized Congress? Join POLITICO on Sept. 20 to explore this and whether site-neutral payments and billing transparency policies could help ease health care costs. REGISTER HERE.
Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

THE ASSEMBLY — We hope you’ve been brushing up on your diplomat-speak: The time has come for the largest gathering of world leaders to convene in New York for the United Nations General Assembly. And this year we’re betting that every sentence that doesn’t start or end with “collaboration” will swap in “AI” instead. Here’s what else we’re watching for.
— Collab-ing on cyber: Away from the main hall on Tuesday is a separate State Department-led event with huge cyber implications. Moderated by America’s top cyber policy diplomat Nate Fick, the panel will focus on how member states need to cooperate with each other in the face of cyber challenges — including new and emerging sources of threats.
Watch for attendees to discuss how countries can work together to take an “action-oriented approach” to cyberattacks from nation-states and build on commitments “all UN member states have made to improve international cyber stability,” a State Department spokesperson granted anonymity to discuss meeting goals told Morning Cyber.
— Action alert: MC has also learned that the proposed 2022 cyber-focused “UN Programme of Action” is on the docket, which was born last year to a flurry of commitments from governments worldwide. It includes developing and implementing national cyber strategies, improving international cooperation and information sharing for cyberthreats, and developing and implementing norms and rules of behavior for responsible state behavior online.
— Newsflash: That’s easier said than done. Global cyberattacks are trending up from last year, and don’t forget the high-profile attacks by Chinese spies on U.S. federal agency emails, the intentional targeting of critical infrastructure at the military outpost in Guam, and anti-American disinformation campaigns being lobbed at a global audience.
State did not give an answer on whether the UN Cybercrime Treaty — which wrapped its sixth negotiation period earlier this month and looks to criminalize core cybercrime offenses — will be discussed at the panel.
— AI caramba: It wouldn’t be 2023 if there wasn’t an AI event. Thankfully, AI is looking to be a central theme for at least one panel, if Secretary of State Antony Blinken’s words last week are anything to go by.
—- Background: The secretary — along with foreign ministers and secretaries of states from Japan, Kenya, Singapore, Spain and the United Kingdom — will kick off UNGA with a ministerial side event today on the potential AI has to accelerate progress on the U.N. Sustainable Development Goals, featuring leading developers demonstrating practical AI applications as well as well as a discussion of the prospects and limitations of the technology.
— What to expect: Just last week, a lot of those familiar industry faces got together behind closed doors in Washington. And while the group of tech giants endorsed the idea of regulation — including the need to protect privacy and security of AI systems — there is still little consensus on what it should look like or how to get it through Congress.
— Not all sunshine and roses: Ahead of another international meetup earlier this year, Blinken and Secretary of Commerce Gina Raimondo acknowledged in a joint op-ed that this new AI era brings “serious potential hazards” such as the possibility to “conduct a cyberattack.”
And for more news from inside the Secretariat, check out POLITICO’s special UNGA Playbook this week by Suzanne Lynch.

WHAT HAPPENS IN VEGAS … — If Las Vegas had a line to bet on whether the largest hotel chain on the Strip would be getting hacked and held hostage, then last week bettors the world over would’ve hit the jackpot. But whether it would be able to pay out is a different story.
MGM and Caesars were both hacked, but they took different approaches to the ransom demands. Caesars reportedly paid hackers $15 million for its intel back, while MGM refused to pay.
So where does the Biden administration stand on ransoms, you ask? The White House feels strongly that no ransom payment should be made under any circumstance.
“This incident underscores our strong recommendation that companies do not pay ransoms,” deputy national security adviser for cyber and emerging technologies Anne Neuberger told MC in a statement. “Each payment to ransomware criminals incentivizes further attacks.”
— What’s next: In late October, the White House will convene 47 countries to discuss progress on disrupting ransomware networks, freezing funds, building capacity to track and disrupt ransomware networks, and promoting deeper collaboration, including on ransom payment policies, Neuberger said in her statement.
— The issue is deeper than payments: MGM Grand fell victim to a social engineering campaign, a type of cyberattack that manipulates people into divulging confidential information. But a couple of weeks earlier, custom internal tool building platform Retool was also hacked in a social engineering campaign that affected more than two dozen of its cloud customers.
The attacks illustrate that social engineering campaigns are impossible to beat over the long term. Even if a company’s systems are secure, a cybercriminal may eventually be able to convince someone to do something that compromises security.
— Waiting on the details: “There is likely much more to this intrusion than meets the eye,” said Drew Schmitt, practice lead at GuidePoint Security. “If it wasn’t for this social engineering attempt, it could have been another that relied on more technical means.”
“Sometimes attackers get lucky, and this could be one of those times.”

VMWARE CTO: OPEN SOURCE TALKS LIKELY TO SHAPE WIRELESS SECURITY — The Biden administration’s focus on open source security will likely play a bigger role going forward in shaping wireless security practices, Kit Colbert, chief technology officer of cloud company VMware, told POLITICO’s John Hendel in an interview.
The big reason, per Colbert — wireless networks are rapidly evolving. The administration is simultaneously trying to push 5G wireless networks to open their radio access network protocols, a form of architecture known as open RAN that allows carriers to virtualize some of their network functions in the cloud.
These network transformations will put telecom companies in the middle of these broader open source cybersecurity debates. The security and quality of these new open RAN networks have, so far, already generated intense discussion.
— Open source in the spotlight: The White House began convening industry and government officials to hash out open source security after the Log4j vulnerability was discovered at the end of 2021. Many key players — including Colbert and administration leaders like Anne Neuberger and acting cyber director Kemba Walden — came together last week for a two-day summit in Washington.
Colbert said the sessions helped government and industry align on what outcomes they want and pointed to factors like education, training and security best practices as a big emphasis.
— The telco angle: Although last week’s discussions didn’t feature “explicit discussion of telco,” Colbert said he expects that to likely change over time and sees big crossover implications. As telecom companies embrace more cloud-based network functions, “it means an increasing use of open source software,” he added.
— More to come next year: Colbert said he doesn’t expect this open source group to reconvene later this year but likely will next year, six to 12 months out. Neuberger “made reference to coming back together next year as kind of a checkpoint on progress,” he recalled. The CTO maintains hope that the collaboration will be durable beyond the 2024 election given the significance of the security issues.

CRYPTO FRAUD EVOLVING — There’s a scam that’s been picking up steam over the last few years that’s netted a group millions of dollars — and is replicated by hundreds of others — and all it requires is a little social engineering.
The practice is called fake “liquidity mining,” which tricks investors into depositing cryptocurrency into manufactured pools and websites that appear to be legit for high returns on investment most often on decentralized exchanges that are not at all well regulated. Once the investors have been lured in, scammers pull the rug from underneath them and take everything in their wallet.
This type of scam is particularly difficult to prevent because it does not require any malware or hacking other than social engineering (paging MGM).
According to a new report by cybersecurity company Sophos, the scammers behind one fake liquidity mining scheme netted $294,000 in around two months. The scammers used a variety of techniques to lure their victims, including fake social media profiles and convincing English-language messages using ChatGPT or similar AI chatbots.
— It could happen to you: In one cautionary tale documented by Sophos, a retiree named “Frank” was coerced into investing $22,000 in crypto through legitimate servers between May 31 and June 5 after chatting with “Vivian” online for about a month. He signed a contract using a fraudulent URL the attackers sent over, and three days after the last deposit, they emptied his wallet.
— Skyrocketing scam: Sophos researchers say they have identified more than 500 fake liquidity pool websites this year, up from around a dozen last year. The analysts also estimate this particular scam ring operates through 14 domains and dozens of nearly identical fraud sites.
— But there are tell-tale signs: Almost all of these types of scammers examined by Sophos researchers have used WhatsApp or Telegram accounts tied to U.K. mobile numbers, even when using registered U.S. numbers.
— One big slip-up: On a couple occasions, “Vivian” — despite telling “Frank” she moved to the U.S. from Germany — accidentally wrote messages to him in Chinese.

SPY VS. SPY — U.S. intelligence learned that Chinese President Xi Jinping was enraged with senior Chinese military generals who kept him in the dark about a spy balloon that drifted across the United States in February. It’s illustrative of the expanding and highly secretive spy-off between the U.S. and China, reports Julian Barnes and Edward Wong for The New York Times.
BILLIONAIRE SCAMMED — Mark Cuban, a billionaire entrepreneur and owner of the Dallas Mavericks lost $870,000 in a crypto scam that involved his MetaMask wallet. Get the details from Julius Mutunkei at Crypto.news.
LISTEN TO THIS — Cybersecurity experts feared that Russia’s invasion of Ukraine would lead to a major cyber war, but that hasn’t happened yet. However, Ukraine’s defenders have been under a near constant barrage of cyberattacks, which have weakened Ukraine’s infrastructure and stolen sensitive information. Ukraine’s Security Service head of cyber Illia Vitiuk breaks down the details of his country’s defenses in an interview with NPR’s Jenna McLaughlin in Kyiv.
Also happening today
The Future of Privacy Forum is holding a virtual panel examining the privacy risks and data collection methods that come from integrating immersive technology like extended reality with vehicles. 11 a.m.
Chat soon.
Stay in touch with the whole team: Joseph Gedeon ([email protected]); John Sakellariadis ([email protected]); Maggie Miller ([email protected]); and Heidi Vogt ([email protected]).

GO INSIDE THE CAPITOL DOME: From the outset, POLITICO has been your eyes and ears on Capitol Hill, providing the most thorough Congress coverage — from political characters and emerging leaders to leadership squabbles and policy nuggets during committee markups and hearings. We’re stepping up our game to ensure you’re fully informed on every key detail inside the Capitol Dome, all day, every day. Start your day with Playbook AM, refuel at midday with our Playbook PM halftime report and enrich your evening discussions with Huddle. Plus, stay updated with real-time buzz all day through our brand new Inside Congress Live feature. Learn more and subscribe here.