Security News

The European Union has imposed sanctions on a Russian military malware developer and the commander of Russia's MI6 equivalent, a mere five years after the two targeted Germany's parliament with a cyberattack. The pair, an admiral commanding the GRU spy agency and a malware dev already on international sanctions lists for targeting the MH17 mass murder investigation, are now subject to yet another travel ban.

The European Union on Thursday imposed sanctions on two Russian officials and part of Russia's GRU military intelligence agency over a cyberattack against the German parliament in 2015. EU headquarters said in a statement that travel bans and asset freezes have been imposed on the two men: Igor Kostyukov, head of the Main Directorate of the General Staff of the Russian Armed Forces, and Dmitry Badin, a military intelligence officer.

Image: Tauno Tõhk. The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services for their involvement in a 2015 hack of the German Federal Parliament. EU's sanctions include both travel bans and asset freezes and also block EU organizations and individuals from making fund transfers to sanctioned entities and individuals.

Insider threats, ransomware and cyber espionage were all in decline in the early part of 2020, according to the EU's cybersecurity agency - though the risk of an "Uncontrolled cyber arms race" among nation states is growing. The EU Agency for Cybersecurity said in its annual report issued today that those three categories of cyber threat were in decline up until April this year when COVID-19-related lockdowns began.

Criminals quickly exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19. The value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.

The EU's top court on Tuesday put limits on how European spy and security agencies could harvest troves of personal data, but said this could be done under a serious threat to national security. At the request of the courts in France, Belgium and Britain, the European Court of Justice confirmed that "EU law precludes national legislation" that requires telcos and tech companies to carry out the "Indiscriminate retention" of data, a statement said.

No matter the legal reasoning, an "Adequacy" decision to let data flow between the UK and the EU will hinge on the ups and downs of the wider Brexit negotiations, which are entering a tense final phase. At the end of the Brexit transition period, when business-as-usual trading with the EU will come to an end and the UK begins dealing with the world's largest trading bloc on new terms, the EU will need to decide whether the new UK data rules are sufficiently aligned with GDPR and allow the uninterrupted transfer of personal data from the EU to the UK. Such a decision of "Adequacy" in the relationship with EU data law is said to be important to the UK working as a successful digital economy.

Facebook may be forced to stop sending data about its European users to the U.S., in the first major fallout from a recent court ruling that found some trans-Atlantic data transfers don't protect users from American government snooping. The social network said Wednesday that Ireland's Data Protection Commission has started an inquiry into how Facebook shifts data from the European Union to the United States.

Facebook has been reportedly asked to stop sending data from Ireland to the US, on orders from the EU. This is according to a report from the Wall Street Journal, which said that Irish eyes won't be smiling come this Fall after a preliminary order to suspend data transfers to the US about its users was sent to Mark Zuckerberg's firm by the Irish Data Protection Commission. The news comes in the wake of an EU court ruling two months ago that transatlantic data protection arrangements - known as Privacy Shield - were "Inadequate".

European Union privacy regulators are wrangling over the penalty Ireland's data privacy watchdog was set to issue Twitter for a data breach, pushing back the case's long awaited conclusion under the bloc's tough new data privacy rules. The Irish Data Privacy Commission was expected to issue its decision in the Twitter case, which would be its first involving a U.S. technology company since the new privacy law, known as GDPR, took effect in 2018, allowing for hefty fines.