CyberScoop reports that Microsoft has expressed concern about provisions under the United Nations' cybercrime treaty that advance government access to personal data, following the suit of human rights groups that have already criticized portions of the draft.
Aside from enabling potentially increased government surveillance powers, the UN cybercrime treaty also lacks protections for surveillance targets and ethical hackers, according to Microsoft.
"We need to ensure that ethical hackers who use their skills to identify vulnerabilities, simulate cyberattacks, and test system defenses are protected. Key criminalization provisions are too vague and do not include a reference to 'criminal intent,' which would ensure activities like penetration testing remain lawful," said Microsoft Associate General Counsel for Cybersecurity Policy and Protection Amy Hogan-Burney in a LinkedIn post.
However, such concerns for the treaty, which has been backed by both China and Russia, could still be addressed as negotiations continue until Sept. 1, said former U.S. cyber diplomat Chris Painter.
"In particular, the scope issue is critical as Russia and its allies want a very broad scope that risks criminalizing dissent and other things we believe should be protected. There isn't really much of a middle ground here so this threshold issue (as well as others) is critical," said Painter.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.
While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency assistance providers to create fake claims that enabled relief fund and personal data theft.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.