U.S. confronts hacking by China | Russian disinformation campaign aims to undermine confidence in Pfizer | European Banking Authority hit by Microsoft Exchange hack
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Just as it plans to begin retaliating against Russia for the large-scale hacking of American government agencies and corporations discovered late last year, the Biden administration faces a new cyberattack that raises the question of whether it will have to strike back at another major adversary: China. The New York Times
Russian intelligence agencies have mounted a campaign to undermine confidence in Pfizer Inc.’s and other Western vaccines, using online publications that in recent months have questioned the vaccines’ development and safety, U.S. officials said. An official with the State Department’s Global Engagement Center, which monitors foreign disinformation efforts, identified four publications that he said have served as fronts for Russian intelligence. The Wall Street Journal
The European Banking Authority's email servers have been compromised in a global Microsoft Exchange cyber-attack. The EU body said personal data may have been accessed from its servers. And it had pulled its entire email system offline while it assessed the damage. "The EBA is working to identify what, if any, data was accessed," it said. BBC
ASPI ICPC
China bans the BBC
ABC Radio National
@isobelroe
The BBC's broadcasting licence in China was cancelled last month, following a a story aired by the BBC about systematic rape in China's re-education camps for Uyghur women. Now, the Chinese Communist Party is using social media to run a campaign that looks to discredit the BBC as fake news. And Australia is not immune from China's renewed opposition to western media.
Campaign to Discredit BBC Revealed as Media Conditions Inside China Continue to Deteriorate
China Digital Times
A newly published report by the Australian Strategic Policy Initiative (ASPI) has documented how Chinese diplomats and other state-affiliated public figures engaged in a coordinated effort to discredit and undermine U.K.’s public broadcaster, the British Broadcasting Corporation (BBC).
Beijing bullies now targeting Brits
The Daily Telegraph
After hitting Australia in a trade war, it appears the Chinese Communist Party is now setting its sights on the UK, according to a new report.
Read ASPI ICPC"s report “Trigger warning. The CCP’s coordinated information effort to discredit the BBC” here
World
European Banking Authority hit by Microsoft Exchange hack
BBC
The European Banking Authority's email servers have been compromised in a global Microsoft Exchange cyber-attack.
At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft's Email Software
Krebs on Security
@briankrebs
At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity.
White House fears significant number of organisations caught in Microsoft hack
ABC News
Microsoft initially said the hacks had been "limited and targeted attacks" but as the malware continues to spread, US officials confirm fears there are tens of thousands of organisations affected.
Tens of thousands of US organizations hit in ongoing Microsoft Exchange hack
Ars Technica
@dangoodin001
Multiple hacking groups are exploiting vulnerabilities to backdoor unpatched servers.
Casting a wide intrusion net: Dozens burned with single hack
Associated Press
@fbajak
The SolarWinds hacking campaign blamed on Russian spies and the “grave threat” it poses to U.S. national security are widely known. A very different — and no less alarming — coordinated series of intrusions also detected in December has gotten considerably less public attention.
China-linked hackers exploited SolarWinds software in 2020 breach, researchers say
CyberScoop
@snlyngaas
Suspected Chinese spies exploited popular enterprise software built by SolarWinds in a hacking operation last year, Dell-owned Secureworks said Monday, a conclusion that follows news that Russian hackers also leveraged SolarWinds technology.
Australia
Twitter and Twitch added to list of those concerned with Australia's Online Safety Bill
ZDNet
@ashabeeeee
Facebook, meanwhile, is unsure why the government is expanding cyberbullying takedown schemes to private messaging.
eSafety Commissioner defends proposed new powers
Sydney Morning Herald
@LisaVisentin
The sex industry is concerned a new bill will have unintended consequences for workers.
Frequent flyer data for major airlines hacked, travellers recommended to change passwords
ABC News
Hackers were in some computer systems for up to a month but the company that was breached will not say how many airlines or travellers were affected.
Saving digital media from digital platforms: The Australian way
ORF
@Kathuria18
Journalism is a critically important sector for a healthy democracy and a healthy human society. The state cannot be a fence sitter.
Australia's news media bargaining code is a form of ransomware, and someone paid up
ZDNet
@stilgherrian
The battle baffled the world. The big so-called 'tech companies' now have to pay Australian news producers to use their content, but what actually happened here?
HealthEngine to build Australia's vaccine booking platform
iTnews
@justinrhendry
The Department of Health has selected HealthEngine to build the booking platform that will underpin the federal government’s Covid-19 vaccination information and booking service.
Top tech companies tell ATO: software is legitimate R&D
Australian Financial Review
@eyersj
A dozen technology companies have written to the Australian Taxation Office, seeking a meeting to explain the role of software in research and development work in the hope of avoiding another heavy-handed crackdown against claims on the $2 billion R&D tax incentive.
NSW to invest $750m in green technology to hit 2030 emissions target
Australian Financial Review
@finbaromallon
NSW has set aside $750 million for its plan to cut carbon emissions by just over a third by 2030. The money will be spent over the next nine years to research new green energy technologies, set up low carbon industries and refit existing ones to curb emissions.
China
Huawei Loses Cellular-Gear Market Share Outside China
The Wall Street Journal
@DanStrumpf @stuwoo
Huawei’s share of revenue from selling wireless-equipment around the world, excluding China, fell 2 percentage points last year, a signal the U.S. campaign to curb the Chinese manufacturer is starting to make an impact.
Drone giant DJI hit by staff defections amid US-China tensions
South China Morning Post
Current and former employees say key managers have left DJI’s North American operation after the company was added to the US “Entity List” in December 2020.
China’s weaponization of rare earths is bound to backfire
The Japan Times
There was a time when China could cause the world to tremble by threatening its supply of rare earths. It’s long in the past.
China Targets AI, Chips Among Seven Battlefronts in Tech Race With U.S.
The Wall Street Journal
@lizalinwsj
A five-year economic plan unveiled in Beijing promises more spending, loans to bolster development of advanced technologies.
China to Pour More Money Into Chips, AI and 5G to Catch U.S.
Bloomberg
China pledged to boost spending and drive research into cutting-edge chips and artificial intelligence in its latest five-year targets, laying out a technological blueprint to vie for global influence with the U.S.China tech has a chip on its shoulder
The Straits Times
Elizabeth Law
When China's party leadership outlined short- and medium-term economic goals in its 14th Five Year Plan, it pledged to turn the nation into a technological powerhouse and move it towards developing self-reliance in tech.
Chloe Zhao’s ‘Nomadland’ Censored by China After Nationalist Backlash
Variety
Rebecca Davis
Chloe Zhao’s “Nomadland” was quietly swept from the Chinese web Friday, days after nationalist backlash erupted online over questions of her citizenship and a sentence she spoke to a U.S. magazine nearly a decade ago.
USA
Preparing for Cyberstrike on Russia, U.S. Confronts Hacking by China
The New York Times
@SangerNYT @julianbarnes @nicoleperlroth
The proliferation of cyberattacks by rivals is presenting a challenge to the Biden administration as it seeks to deter intrusions on government and corporate systems.
Tech spent years fighting foreign terrorists. Then came the Capitol riot.
Protocol
@issielapowsky
"Nobody's going to have a hearing if a platform takes down 1,000 ISIS accounts. But they might have a hearing if you take down 1,000 QAnon accounts."
F.B.I. Finds Contact Between Proud Boys Member and Trump Associate Before Riot
The New York Times
@ktbenner @alanfeuer @adamgoldmanNYT
A leader of the far-right group separately said he had been in touch with Roger Stone, but an official said it was not the same contact investigators found through electronic communications records.
America, Your Privacy Settings Are All Wrong
The New York Times
Using an opt-in approach will help curb the excesses of Big Tech.
The White House’s use of Zoom for meetings raises China-related security concerns
The Washington Post
@joshrogin
Two senior Biden administration officials told me that they inherited the Zoom system from the Trump administration.
Gov. Abbott to announce bill prohibiting social media companies from censoring viewpoints
KDBC
Governor Greg Abbott will hold a press conference Friday, regarding a bill to prohibit social media companies from 'censoring Texans'.
A Leading Critic of Big Tech Will Join the White House
The New York Times
@ceciliakang
Tim Wu’s appointment to the National Economic Council signals a confrontational approach by the Biden administration.
U.S. Blacklisted China’s Xiaomi Because of Award Given to Its Founder
The Wall Street Journal
@DanStrumpf
The Defense Department labeled smartphone maker Xiaomi as a company that supports China’s military partly due to an award given to its founder for his service to the state, along with Xiaomi’s ambitious investment plans in advanced technologies such as 5G and artificial intelligence.
North-East Asia
Suga’s focus on cybersecurity underscores importance of alliances and reform for Japan
The Strategist
Hiroki Hunter
Japanese Prime Minister Yoshihide Suga, although something of an unknown quantity prior to his appointment, is already showing promising signs of stepping into the foreign policy breach left by his predecessor, Shinzo Abe.
South and Central Asia
India Threatens Jail for Facebook, WhatsApp and Twitter Employees
The Wall Street Journal
@Jeff Horwitz @newley
The country is flexing its new powers over big platforms while companies are counting on the world’s second-largest population for growth.
Amid Chinese Cyber Threat, How’s India’s Cyber Resilience Looking?
The Quint
Sushovan Sircar
The alleged intrusion into the networks of 10 assets of India’s power sector and two sea ports by Chinese state-sponsored threat actor ‘RedEcho’ has once again shifted the spotlight on India’s cybersecurity infrastructure and raised questions of its cyber resilience in mitigating such threats.
China hacking concern revives India focus on Cybersecurity plan
ET Telecom
India is mulling a new national strategy to strengthen the country’s cybersecurity amid allegations that Chinese intrusions may have affected operations at a key stock exchange and supply of electricity in the country’s commercial capital.
Huawei exploring joint venture, partnership with Indian company to transfer telecom tech for 5G: India CEO
ET Telecom
Danish Khan Romit Guha
Chinese telecom equipment maker Huawei is willing to partner an Indian company in 5G equipment manufacturing, including transfer of technology, to assuage any security concerns that India may have, its top official in the country said.
UK
Diary reveals birth of secret UK-US spy pact that grew into Five Eyes
BBC
@gordoncorera
New documents have been released about the birth of a secret intelligence pact between the US and UK 75 years ago. The documents, including diary entries, detail the war time meetings that began at Bletchley Park and led to the UKUSA deal being signed in March 1946. The alliance involved working together to intercept communications and break codes, sharing almost everything.
UK regulator to investigate Apple over 'unfair' App Store terms
The Guardian
@alexhern
Britain’s competition regulator has opened an investigation into Apple over claims the company is using its control over the App Store to impose “unfair and anti-competitive” terms on app developers.
Europe
Borrell: EU doesn’t have resources to fight disinformation from China
POLITICO
@laurenscerulus
The European Union's foreign service doesn't have the resources nor the authority to effectively counter hybrid attacks coming from China, its foreign affairs chief Josep Borrell said today.
Russia
Russian Disinformation Campaign Aims to Undermine Confidence in Pfizer, Other Covid-19 Vaccines, U.S. Officials Say
The Wall Street Journal
Michael R. Gordon @dnvolz
Russian intelligence agencies are trying to undermine confidence in Pfizer’s and other Western vaccines, using online publications that have questioned the vaccines’ development and safety, U.S. officials said.
Huawei’s Highway to Success Goes Through Russia
The National Interest
Dimitri Alexander Simes
Huawei’s interest in Russia is nothing new. Over the past several years, Huawei has shifted investments and operations to Russia to counter growing tensions with the West. In the process, the Chinese tech giant has emerged as the linchpin in a burgeoning technological partnership between Moscow and Beijing.
Middle East
Iranian Hackers Using Remote Utilities Software to Spy On Its Targets
The Hacker News
Ravie Lakshmanan
Hackers with suspected ties to Iran are actively targeting academia, government agencies, and tourism entities in the Middle East and neighboring regions as part of an espionage campaign aimed at data theft.
Gender and Women in Cyber
The State of Online Violence Against Women
Medium
Nearly all of forms of online violence disproportionately affect women, while the pandemic has accelerated these trends offline and online.
How a push to remote work could help fix cybersecurity’s diversity problem
The Record by Recorded Future
Adam Janofsky
Women are underrepresented in technology jobs, and the discrepancy is even worse for cybersecurity roles specifically. Although there’s no definitive statistics on the subject, recent studies have pegged that women account for somewhere between 11% and 20% of the cybersecurity industry.
Misc
The West Needs Champions
Foreign Policy
@elisabethbraw
Western governments, though, cling to their belief in the old ways and are hurting their own companies as a result. As they look for ways to begin digging out of the pandemic’s economic collapse, Western governments and their allies should collectively protect their top-performing businesses against Chinese rivals who don’t play fair. Otherwise, it is precisely their top performers they risk losing.
Ransomware Gang Fully Doxes Bank Employees in Extortion Attempt
Vice
@lorenzofb
Hackers posted the alleged names, social security numbers, and home addresses of several Flagstar Bank workers.
Underpaid Workers Are Being Forced To Train Biased AI on Mechanical Turk
Vice
Aliide Naylor
Workers who label images on platforms like Mechanical Turk say they’re being incentivized to fall in line with their responses—or risk losing work.
Cyber ‘Deterrence’: A Brexit Analogy
Lawfare
@ciaranmartinoxf
The slogan of Western cyber policy—that “we will impose costs to deter our adversaries” (or variants of these words)—is at least as old as “Brexit means Brexit.”
Not the Encryption Apocalypse...Yet
Internet Society
Olaf Kolkman
“This destroys the RSA cryptosystem.” That is the last sentence in the abstract of a new, preliminary, dense mathematical paper published by renowned mathematician Claus Peter Schnorr. If this turns out to be true, it will mean bad news for anybody who relies on the underpinnings of encryption – which is everyone!
‘Deepfake is the future of content creation’
BBC
Bernd Debusmann Jr
Deepfake, or AI-generated videos, are increasingly being used commercially.
How to Shut Stalkers Out of Your Tech
Consumer Reports
@Yael Grauer
Consumer Reports shows you how to shut stalkers out of your tech, noting that people facing domestic abuse can take these steps to lock down their devices and eliminate stalkerware.
Facebook, It’s Time to Put the Rules in One Place
Lawfare
@carlymil
Facebook’s policies on health misinformation stretch across blog posts, different sections within the Community Standards, and now in its Help Center. This must change.
Could The Simpsons replace its voice actors with AI deepfakes?
Wired UK
Amit Katwala
Advances in computing power mean that you could extend that principle to any character. Deepfake technology can make convincing lookalikes from a limited amount of training data and the producers of show have thirty years worth of audio to work from. So could The Simpsons replace its voice cast with an AI?
New ransomware only decrypts victims who join their Discord server
BleepingComputer
@LawrenceAbrams
A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server.
Events
ASPI Webinar: Are you ready for the new critical infrastructure law?
ASPI ICPC
With amendments to the Critical Infrastructure Act currently before parliament, impacted industry sectors are racing to get ready. ASPI's International Cyber Policy Centre is delighted to invite you to a panel discussion on 18 March at 4pm where representatives from Home Affairs, the cybersecurity sector and industry will discuss the impact of the changes and answer your questions. Register here.
Interdisciplinary Approaches to Growth and Innovation
International Center for Law & Economics
On March 6, 2021 ICLE and the Oxford Union will welcome a distinguished group of scholars to discuss what economists have to learn from the study of science, business and demography, to better understand competition, trade, growth and the long-term development of our economy.
Research
How China’s Mercantilist Policies Have Undermined Global Innovation in the Telecom Equipment Industry
ITIF
@RobAtkinsonITIF
China’s state-backing of Huawei and ZTE allowed these companies to seize global market share from more innovative international competitors, reducing their growth in sales and investments in R&D. This, in turn, hurt global innovation in the industry.
Jobs
Product Policy Manager, Inauthentic Behavior
Facebook
As the importance and impact of the Facebook family of companies continues to grow, so does the security risk to the company and the likelihood that our platforms will be used to cause harm. The Facebook Security Policy team is dedicated to understanding these risks and crafting policies that govern acceptable use of our platform so that we can identify and take action against those who would use our platform for malicious purposes.