U.S. moves ahead with plan to restrict Chinese technology investments | How Meta failed children on safety, states say | UK government weighs action against Russian hackers over NHS records theft
Good morning. It's Monday 24th June.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Follow us on Twitter and on LinkedIn.
The Treasury Department announced rules to restrict U.S. investment in Chinese semiconductors, quantum computers, and AI systems to curb China’s military enhancement. This targets venture capital and private equity firms, requiring transaction notifications and prohibiting certain investments. The Biden administration emphasizes that the restrictions are narrowly focused to protect U.S. national security. The New York Times
Meta faces lawsuits from 45 states and D.C., accusing it of prioritizing user engagement over child safety on Instagram and Facebook. Internal proposals to address addiction and loneliness were rejected. The lawsuits allege Meta misled the public about risks to young users and failed to implement adequate protections. The New York Times
The UK National Crime Agency targeted the Qilin ransomware group linked to Russia, which hacked into NHS patient records. The group's ransomware attacks posed significant threats to critical infrastructure, including the healthcare sector. This operation aimed to protect sensitive data and disrupt the hackers' activities. The Guardian
Australia
Social media age restrictions may push children online in secret, Australian eSafety commissioner says
The Guardian
Josh Taylor
Minors could also miss crucial support under a potential ban, online safety regulator’s office tells inquiry. Restricting children from social media could risk limiting their access to critical social support and could result in them accessing social media in secret, Australia’s online safety regulator has warned.
Calls to ban Facebook and Instagram in Australia
AFR
Hannah Wootton
Major media organisations have accused Meta of “preparing to blackmail the government” over its refusal to renew about $70 million in commercial deals paying news companies for their content, despite being legally required to do so. Meta’s decision meant media groups would likely have to cut jobs and even close mastheads as a result of the funding cuts, putting democracy and safety at risk, bosses of Australia’s biggest media outlets warned a parliamentary inquiry into social media on Friday.Facebook’s potential news ban already affecting smaller Australian media outlets, inquiry told
The Guardian
Josh Taylor
Independent media alliance says news ban would be ‘terrible for not only the industry but also for Australian democracy’. Smaller publishers are already feeling the effects of a potential ban on news on Facebook, a parliamentary committee has heard, as news outlets small and large make the case for social media companies to be compelled to pay for news.
Data and digital ministers agree on national govt approach to AI
Capital Brief
Department of Finance media release
Commonwealth, state and territory governments have agreed to a nationally consistent approach to the safe and ethical use of artificial intelligence by governments. After a meeting in Darwin today, data and digital ministers agreed to and released the 'National framework for assurance of AI in government', a framework that enables flexibility for each jurisdictions' needs while defining consistent expectations for oversight of AI and people’s experience of government.
‘Win for transparency’: Optus hands up 2022 cyber attack report
The Australian
Angelica Snowden
Optus has finally handed over to a law firm pursuing a class action against it, a hard copy of a Deloitte report into a disastrous cyber attack that affected millions of customers. Slater and Gordon brought the action on behalf of Optus customers whose data was leaked on to the dark web as a result of the incident, and class actions practice group leader Ben Hardwick said Optus has been fighting “tooth and nail to stop this report getting out for more than a year”.
How Medibank allegedly ignored the warning signs in one of Australia's worst cybersecurity breaches
ABC News
Josh Robertson
Medibank chief executive David Koczkar branded the move "disgraceful" as the insurer, in line with conventional wisdom, refused to pay a ransom. In the year following the hack, Medibank boosted its revenue and gross profit to $7.1 billion and $727.1 million respectively. It's not the hapless IT contractor but the big corporate machine that the Australian Information Commissioner is now seeking to hold to account.
News Corp and TikTok held talks over video content deal
Capital Brief
John Buckley
The discussions underscore the urgency within News Corp to secure payments from tech firms - but also shines fresh light on TikTok’s news strategy. News Corp Australia and TikTok held talks over a content deal that would have seen the Murdoch-controlled company paid for its videos in one of the first such agreements for the Bytedance-owned short form video platform worldwide.
China
Huawei sees HarmonyOS breaking the dominance of Android and Apple’s iOS in China
South China Morning Post
Iris Deng
Huawei Technologies expects HarmonyOS to break the dominance of Western mobile operating systems in mainland China after its next version ends support for Android apps. That iteration, called HarmonyOS Next, will be a “China-originated, independent and controllable” operating system, Richard Yu Chengdong, chairman of Huawei’s consumer business group, said at the company’s developer conference on Friday.
China-linked spies target Asian telcos since at least 2021
Security Affairs
Pierluigi Paganini
The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021. The threat actors used tools associated with Chinese espionage groups, they planted multiple backdoors on the networks of targeted companies to steal credentials.
The DJI Drone ban: a uniquely American clusterfuck
404 Media
Jason Koebler
Last week, the U.S. House of Representatives jammed a functional ban on DJI drones, called the “Countering CCP Drones Act” into a military funding bill that it then passed. The bill would put DJI drones, which are made in China, onto a Federal Communications Commission “covered list” alongside other banned Chinese tech companies, meaning that new drones would not be approved to use the communications infrastructure they need in order to operate. The ban could possibly ground existing drones, as well.
China’s AI leader Sensetime unveils US$260 million share placement plan
South China Morning Post
Jiaxing Li
Sensetime, one of China’s leading artificial intelligence (AI) companies, is seeking to raise HK$2 billion (US$260 million) from a stock placement at a discount to the market price to help finance growth. The stock hit a seven-week low amid concerns about potential earnings dilution before rebounding to close 3 per cent higher.
USA
How Mark Zuckerberg’s Meta failed children on safety, states say
The New York Times
Natasha Singer
In April 2019, David Ginsberg, a Meta executive, emailed his boss, Mark Zuckerberg, with a proposal to research and reduce loneliness and compulsive use on Instagram and Facebook. In the email, Mr. Ginsberg noted that the company faced scrutiny for its products’ impacts “especially around areas of problematic use/addiction and teens.” He asked Mr. Zuckerberg for 24 engineers, researchers and other staff, saying Instagram had a “deficit” on such issues.
U.S. moves ahead with plan to restrict Chinese technology investments
The New York Times
Alan Rappeport
The proposed Treasury Department rules would prohibit certain U.S. investments in Chinese companies that are developing semiconductors, quantum computers and artificial intelligence systems. The Biden administration is trying to restrict American financing from helping China develop advanced technology that could be used for weapons tracking, government intelligence and surveillance.
Biden allies raising $10 million to challenge Trump social media machine
Reuters
Jarrett Renshaw
U.S. President Joe Biden's main re-election SuperPAC is raising millions of dollars to try to solve a problem vexing Democrats: how to compete with Republican Donald Trump's social media machine that spits out a wall of viral videos. The previously unreported effort by the highly-secretive Future Forward USA Action underscores broad concerns among Democrats and Biden donors that he and his campaign are losing a viral-video war with the Republican Party, which relentlessly portrays him as too old and out of touch.
CDK Hackers Want Millions in Ransom to End Car Dealership Outage
Bloomberg
Craig Trudell
A group that claims to have hacked CDK Global, the software provider to thousands of car dealerships in North America, has demanded tens of millions of dollars in ransom, according to a person familiar with the matter.
U.S. is closer to curbing investments in China's AI, tech sector
Reuters
Andrea Shalal, David Lawder and Karen Freifeld
The United States on Friday issued draft rules for banning or requiring notification of certain investments in artificial intelligence and other technology sectors in China that could threaten U.S. national security. The U.S. Treasury Department published the proposed rules, opens new tab and a raft of exceptions after an initial comment period following an executive order signed by President Joe Biden last August. The rules put the onus on U.S. individuals and companies to determine which transactions will be restricted or banned.
Americas
The schoolchildren being lured by rebels on TikTok
BBC
Rachelle Krygier and Laura García
Fighters belonging to breakaway groups associated with Colombia's largest rebel movement are posting videos on TikTok to entice young people to join them. The BBC has investigated the growth of guerrilla "recruitment" videos, with dissident factions yet to agree to a peace deal with the Colombian government. “One or two start the trend and it becomes fashionable in the classroom,” says Lorena (not her real name), a 30-year-old teacher in Cauca, a rural region in south-western Colombia.
Senior Vancouver Police officer investigated for potential PRC data leaks
The Bureau
Sam Cooper
An officer from British Columbia’s Organized Crime Agency has investigated a senior Vancouver Police officer in relation to police data-base breaches and concerns that sensitive information could have been passed to Chinese officials, according to confidential sources and records examined by The Bureau.
North Asia
Japan’s space agency was hit by multiple cyberattacks, but officials say no sensitive data was taken
AP News
Mari Yamaguchi
Japan’s space agency has suffered a series of cyberattacks since last year, but sensitive information related to rockets and satellites was not affected and it is continuing to investigate and take preventive measures, officials said Friday. Chief Cabinet Secretary Yoshimasa Hayashi acknowledged that the Japan Aerospace Exploration Agency, or JAXA, has had “a number of” cyberattacks since late last year.
Uniqlo parent to digitally track materials across its supply chain
Nikkei Asia
Tamayo Muto
Fast Retailing, the owner of Japanese clothing chain Uniqlo, plans to put digital tracking technology in its supplier factories to help prevent its stores from running out of hot items. The CIO said the company is working on an inventory control initiative with its subcontracted factories, primarily in China, Southeast Asia and South Asia.
South Asia
Digital, energy connectivity new focus as Hasina-Modi begin fresh journey
Dhaka Tribune
Nurul Islam Hasib
Bangladesh and India have embarked on a new journey towards development and friendship with a shared vision for peace, prosperity and development of the two neighbours and the entire region, driven by connectivity, commerce and collaboration.
Ukraine - Russia
A deal between dictators: how the renewed Russia and North Korea partnership will Impact Ukraine’s future
Milwaukee Independent
The summit came as Putin visited North Korea for the first time in 24 years and the U.S. and its allies expressed growing concerns over a possible arms arrangement in which Pyongyang provides Moscow with badly needed munitions for its war in Ukraine, in exchange for economic assistance and technology transfers that could enhance the threat posed by Kim’s nuclear weapons and missile program.
Europe
Apple delays launch of AI-powered features in Europe, blaming EU rules
The Guardian
Blake Montgomery and agencies
Apple says competition rules that require functionality with rival products would compromise privacy and security. Apple will delay launching three new artificial intelligence features in Europe because European Union competition rules require the company ensure that rival products and services can function with its devices. The features will launch in the fall in the US but will not arrive in Europe until 2025.
UK
UK government weighs action against Russian hackers over NHS records theft
The Guardian
Denis Campbell and Dan Milmo
The government is considering striking back against Russian hackers who have stolen records covering 300m patient interactions with the NHS, including the results of blood tests for HIV and cancer, the Guardian can reveal. The National Crime Agency (NCA) is weighing up the possibility of taking retaliatory action against Qilin, the Russian-based ransomware gang who put into the public domain early on Friday a huge tranche of highly sensitive NHS records they stole in a cyber-attack on 3 June.
Stolen test data and NHS numbers published by hospital hackers
BBC
Joe Tidy
A gang of cyber criminals causing huge disruption to multiple London hospitals has published sensitive patient data stolen from an NHS blood testing company. Overnight on Thursday, Qilin shared almost 400GB of the private information on their darknet site. The gang has been trying to extort money from NHS provider Synnovis since they hacked the firm on 3 June. Cyber security expert Ciaran Martin told the BBC it was "one of the most significant and harmful cyber attacks ever in the UK."Records on 300m patient interactions with NHS stolen in Russian hack
The Guardian
Denis Campbell and Dan Milmo
Russian hackers have stolen records covering 300m patient interactions with the NHS, including the results of blood tests for HIV and cancer, the Guardian can reveal. The amount and sensitive nature of the data obtained by the Qilin hacking gang has caused alarm among NHS bosses, who are scrambling to set up a helpline to deal with inquiries from what could be a large number of worried patients and also health service staff.Investigation of Russian hack on London hospitals may take weeks amid worries over online data dump
ABC News
Pan Pylas
An investigation into a ransomware attack earlier this month on London hospitals by the Russian group Qilin could take weeks to complete, the country's state-run National Health Service said Friday, as concerns grow over a reported data dump of patient records.
Middle East
Israel opposes rebuilding Gaza’s internet access because terrorists could go online
The Intercept
Sam Biddle
Israeli opposes a proposal at a recent United Nations forum aimed at rebuilding the Gaza Strip’s war-ravaged telecommunications infrastructure on the grounds that Palestinian connectivity is a readymade weapon for Hamas. The resolution, which was drafted by Saudi Arabia for last week’s U.N. International Telecommunication Union summit in Geneva, is aimed at returning internet access to Gaza’s millions of disconnected denizens.
Gender & Women in Tech
Women in AI: Charlette N’Guessan is tackling data scarcity on the African continent
TechCrunch
Dominic-Madori Davis
Charlette N’Guessan is the Data Solutions and Ecosystem Lead at Amini, a deep tech startup leveraging space technology and artificial intelligence to tackle environmental data scarcity in Africa and the global South. She co-founded and led the product development of Bace API, a secure identity verification system utilizing AI-powered facial recognition technology to combat online identity fraud and address facial recognition biases within the African context.
Big Tech
Why the U.S. is forcing TikTok to be sold or banned
The New York Times
Sapna Maheshwari and Amanda Holpuch
Lawmakers in numerous countries have expressed concerns that TikTok, which is owned by the Chinese company ByteDance, may expose sensitive user data. Concerns that the Chinese government could access sensitive user data through the short-form video app TikTok, which is owned by the Chinese company ByteDance, have prompted the U.S. government to pass legislation banning the social media platform unless it is sold to a government-approved buyer.
Apple, Meta Have Discussed an AI Partnership
The Wall Street journal
Salvador Rodriguez, Aaron Tilley, Miles Kruppa
Facebook’s parent has held discussions with Apple about integrating Meta Platforms’ generative AI model into Apple Intelligence, the recently announced AI system for iPhones and other devices, according to people familiar with the matter. Meta and other companies developing generative AI are hoping to take advantage of Apple’s massive distribution through its iPhones—similar to what Apple offers with its App Store on the iPhone.
Artificial Intelligence
OpenAI co-founder Ilya Sutskever announces rival AI start-up
Financial Times
Madhumita Murgia in Washington and Hannah Murphy in Toronto
OpenAI’s co-founder Ilya Sutskever is starting a rival AI start-up focused on “building safe superintelligence”, just a month after he quit the AI company following an unsuccessful coup attempt against its chief executive Sam Altman.
AI is exhausting the power grid. Tech firms are seeking a miracle solution.
The Washington Post
Evan Halper and Caroline O'Donovan
The mighty Columbia River has helped power the American West with hydroelectricity since the days of FDR’s New Deal. But the artificial intelligence revolution will demand more. Much more. So near the river’s banks in Central Washington, Microsoft is betting on an effort to generate power from atomic fusion — the collision of atoms that powers the sun — a breakthrough that has eluded scientists for the past century. Physicists predict it will elude Microsoft, too.
What the arrival of A.I. phones and computers means for our data
The New York Times
Brian X. Chen
Apple, Microsoft and Google are heralding a new era of what they describe as artificially intelligent smartphones and computers. The devices, they say, will automate tasks like editing photos and wishing a friend a happy birthday. But to make that work, these companies need something from you: more data.
Hackers ‘jailbreak’ powerful AI models in global effort to highlight flaws
Financial Times
Hannah Murphy
Experts join forces in search for vulnerabilities in large language models made by OpenAI, Google and Elon Musk’s xAI. Pliny the Prompter says it typically takes him about 30 minutes to break the world’s most powerful artificial intelligence models. The pseudonymous hacker has manipulated Meta’s Llama 3 into sharing instructions for making napalm. He made Elon Musk’s Grok gush about Adolf Hitler. His own hacked version of OpenAI’s latest GPT-4o model, dubbed “Godmode GPT”, was banned by the start-up after it started advising on illegal activities.
Events & Podcasts
Stop the World
ASPI Podcast
This week on Stop the World, we bring you a special episode from the sidelines of the ASPI Defence Conference ‘JoiningFORCES’. In this first episode of a short series, ASPI’s Director of Defence Strategy and National Security, Bec Shrimpton, speaks to defence innovation and investment experts Heather Richman and Linda Lourie. They discuss defence innovation and opportunities for the government to work with the private sector to achieve national security outcomes. They also consider how the investment landscape has changed in the United States, including increased willingness from entrepreneurs to invest in national security.
The Sydney Dialogue
ASPI
The Sydney Dialogue was created to help bring together governments, businesses and civil society to discuss and progress policy options. We will forecast the technologies of the next decade that will change our societies, economies and national security, prioritising speakers and delegates who are willing to push the envelope. We will promote diverse views that stimulate real conversations about the best ways to seize opportunities and minimise risks.
Connecting the dots on privacy, security, & online safety for young people
Future of Privacy Forum and ASPI
Join us for the live webinar, Connecting the Dots on Privacy, Security, and Online Safety for Young People in Australia, co-hosted by the Australian Strategic Policy Institute and the Future of Privacy Forum on June 26 at 11:00am - 1:00pm Australian Eastern Time. In our increasingly digital world, the boundaries of our expectations related to privacy, security and online safety are stretched more and more – by technology companies, criminals and harm-doers, as well as regulators. Finding a good balance that ensures appropriate protection for members of our community in their use of digital products and services is complicated.
The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.