Meta to block some political ad targeting | Australian Government preparing to force identity verification on social media | Auto-Sector Cybersecurity Group expands to Europe amid rising threats
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Meta, the parent company to Facebook, on Tuesday said that starting January 19, it will no longer allow advertisers to select terms for ad targeting related to sensitive identifying traits, such as race, ethnicity, political affiliation, religion, or sexual orientation. Axios
The Australian federal government is getting ready to force Australians to prove their identity to services like Facebook, Reddit, OnlyFans and TikTok through an age verification process. As it stands, there’s no standard way for Australians to prove their age or identity online. Crikey
Car makers and parts suppliers seeing a rise in hacking threats and new cybersecurity laws are collaborating to share intelligence to better protect their operations. A U.S.-based group that coordinates cybersecurity information-sharing in the auto industry has set up an outpost in Europe to help companies communicate about common vulnerabilities and risks. The Wall Street Journal
ASPI ICPC
World
Ransomware crackdown spreads in U.S., Europe and Asia
NBC News
@kevincollier
Law enforcement agencies around the world have made a series of arrests in the past five days that together constitute one of the largest law enforcement crackdowns on suspected ransomware hackers to date.
Why the rest of the world shrugged at the Facebook Papers
Rest of World
@ItikaSPunit @YinkaWrites @sauteesquid @AlexGonzor
When news emerged about a leaked trove of documents about the inner workings of Facebook, known collectively as the Facebook Papers, Colombian journalist José Luis Peñarredonda, the audience editor at the Latin American Center for Journalistic Investigation, reached out to the Twitter hivemind and asked, “Is there something on the #FacebookPapers about Latin America?”
Robinhood breach exposed information on 7 million people
CyberScoop
@timstarks
Robinhood, a popular stock-trading app, said that it has been breached by someone who accessed information on 7 million people, then sought to extort the company.
Australia
Online age verification: what is it and why are people really worried about it?
Crikey
@cameronwilson
The federal government is getting ready to force Australians to prove their identity to services like Facebook, Reddit, OnlyFans and TikTok through an age verification process. As it stands, there’s no standard way for Australians to prove their age or identity online. A 2020 report from the House of Representatives social policy and legal affairs committee recommended the Digital Transformation Agency develop a standard for online age verification.
Secret figures reveal Coalition’s cut-down NBN tech three times more expensive than forecast
The Guardian
@joshgnosis
The technology in the Coalition’s cut-down version of the NBN cost up to three times more than originally forecast and was closer to the initial estimated cost of a revised version of Labor’s full-fibre plan, according to figures the government has sought to keep secret for almost a decade.
China
Chinese companies are making their own semiconductors
Protocol
@ZeyiYang
After years of a state-led drive to achieve "semiconductor independence," many Chinese companies have started 2021 with a chip side-gig. The list of those trying is a corporate who's-who: Baidu, Alibaba, smartphone brands Huawei, Xiaomi and Oppo, and home appliance brands Gree, Midea, TCL and Haier. Some already have experience making chips, while some are new to the (demanding) game.
China will advance development of eCNY, c.bank gov says
Reuters
@Kevin Yao @Samuel Shen
China will continue to advance the development of its central bank digital currency and improve its design and usage, the People's Bank of China governor Yi Gang said on Tuesday.
New Oriental's big pivot: from tutoring to agriculture
Protocol
@shenlulushen
The CEO of the New Oriental Education & Technology Group announced Sunday evening Asia time that his company would be fully exiting the once-lucrative K-9 tutoring business. Instead, Yu Minhong revealed that New Oriental will jump into the agriculture ecommerce business.
Microsoft: Chinese hackers are targeting Zoho ManageEngine software
ZDNet
@LiamT
Microsoft has sent an alert about a sophisticated Chinese hacker group targeting an obscure bug in Zoho software to install a webshell.
USA
Facebook parent company Meta to block some political, religious ad targeting
Axios
@sarafischer
Meta, the parent company to Facebook, on Tuesday said that starting January 19, it will no longer allow advertisers to select terms for ad targeting related to sensitive identifying traits, such as race, ethnicity, political affiliation, religion, or sexual orientation.
Meta plans to remove thousands of sensitive ad-targeting categories.
The New York Times
@MikeIsaac @tiffkhsu
The move, which takes effect on Jan. 19, affects advertisers on Meta’s apps such as Facebook, Instagram and Messenger and the company’s audience network, which places ads in third-party apps. The Silicon Valley company said it was making the changes to limit the way that its targeting tools can be abused. In the past, these features have been used to discriminate against people or to spam them with unwanted messaging.
Facebook plans to remove thousands of sensitive ad-targeting options
Reuters
@eculliford
Facebook Inc said on Tuesday it plans to remove detailed ad-targeting options that refer to ""sensitive"" topics, such as ads based on interactions with content around race, health, religious practices, political beliefs or sexual orientation. The company, which recently changed its name to Meta and which makes the vast majority of its revenue through digital advertising, has been under intense scrutiny over its ad-targeting abilities and rules in recent years.
Facebook gives estimate of bullying, harassment on its platforms for first time
Reuters
@eculliford
Facebook for the first time on Tuesday disclosed the prevalence of bullying and harassment on its platform, saying such content was seen between 14 and 15 times per every 10,000 views on the site in the third quarter. The company, which recently changed its name to Meta, also said in its quarterly content moderation report that bullying and harassment content was seen between 5 and 6 times per 10,000 views of content on Instagram.Facebook releases new reports on transparency and oversight amid criticism
The Washington Post
@lizzadwoskin
Facebook published a series of reports on Tuesday that showcase the company’s evolving response to a tide of criticism that its platform causes societal harm.Widely Viewed Content Report: What People See on Facebook
Facebook
The Widely Viewed Content Report aims to provide more transparency and context about what people are seeing on Facebook by sharing the most-viewed domains, links, Pages and posts for a given quarter in News Feed in the United States. You can also find additional insights into the different content types that appear to better understand Facebook’s distribution systems and how that influences the content people see on our platform. We plan to expand the scope of this report in future iterations. It will continue to appear in conjunction with our quarterly Community Standards Enforcement Report.
Reuters unmasks Trump supporters who terrified U.S. election officials
Reuters
@LindaSoReports @jasonszep
ZDNet
Law enforcement has taken little action as backers of Donald Trump aim stark threats at election officials. Reuters tracked down nine of the harassers. Most were unrepentant.
Read our report: Buying and selling extremism: New funding opportunities in the right-wing extremist online ecosystem
US arrests and charges Ukrainian man for Kaseya ransomware attack
The Record
@campuscodi
The US Department of Justice has charged today a 22-year-old Ukrainian national for orchestrating the ransomware attacks on Kaseya servers that took place over the July 4 weekend this year. The suspect, named Yaroslav Vasinskyi, was detained last month following an arrest warrant issued by the US. He was detained by Polish authorities at a border station while crossing from Ukraine into Poland.
US charges 2 suspected major ransomware operators
AP News
@etuckerAP @AlanSuderman
A suspected Ukrainian hacker has been arrested and charged in the United States in connection with a string of costly ransomware attacks, including one that snarled businesses around the globe on the Fourth of July weekend, U.S. officials said Monday.
Exclusive: New bipartisan bill takes aim at algorithms
Axios
@ashleyrgold
A bipartisan group of House lawmakers has introduced a bill that would require online platforms to let users opt out of having personal data-driven algorithms select the content they see, according to a copy of the text shared exclusively with Axios.
Social media users could disable algorithms in new U.S. proposal
Reuters
The legislation, introduced by Representatives Ken Buck, a Republican, and David Cicilline, a Democrat, and others, would require big internet platforms to show consumers information not directed to them via algorithms, putting them outside what the lawmakers called the "filter bubble."
Chip Shortage Creates New Power Players
The New York Times
@donal888
Microsoft Threat Intelligence Center (MSTIC) has detected exploits targeting systems running Zoho ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution, with the remote code execution bug tracked as CVE-2021-40539.
White House condemns Gosar video, Pelosi urges investigations
Reuters
David Morgan
The White House and Democrats in the U.S. Congress on Wednesday condemned an anime video tweeted by Republican congressman Paul Gosar that depicted him swinging swords at President Joe Biden and killing Democratic Representative Alexandria Ocasio-Cortez.
Recommendations to OSTP on National Security Presidential Memorandum-33
Center for Security and Emerging Technology
@emily_sw1
The quarterly progress reports — one on widely-viewed content and another on content that was taken down for breaking the company’s rules, showed hate speech is now 0.03 percent, or 3 views of hate speech per 10,000 views of content percent overall on the platform.
North Asia
TSMC, Sony to Open $7 Billion Chip Plant in Japan in 2024
The Wall Street Journal
Yang Jie
Taiwan Semiconductor Manufacturing Co. and Sony Group Corp. said they would build a $7 billion chip plant in Japan in a bid to ease the strained global supply chain for semiconductors. The plant isn’t set to start mass production until late 2024, so it won’t help solve the immediate shortages hitting production of cars and electronics. But when it does open, it will make an older type of chip that has been in particularly short supply this year and fill a gap in an industry that puts most of its investment dollars into the most advanced chips.
South & Central Asia
Paytm, a payments company, is aiming to raise $2.5 billion amid India’s stock boom
The New York Times
@emilyschmall
With stocks on a tear in India, the parent company of Paytm, a leading digital payments app, went public on Monday with hopes of becoming the country’s largest initial public offering. The company, One97 Communications, aims to raise about $2.5 billion in a three-day offer that ends on Wednesday. It has already drawn huge institutional investors like Abu Dhabi’s sovereign wealth fund, the Texas teachers’ pension fund and the University of Cambridge, which have invested more than $1 billion.
Europe
Auto-Sector Cybersecurity Group Expands to Europe Amid Rising Threats, New Regulation
The Wall Street Journal
@catstupp
Car makers and parts suppliers seeing a rise in hacking threats and new cybersecurity laws are collaborating to share intelligence to better protect their operations. A U.S.-based group that coordinates cybersecurity information-sharing in the auto industry has set up an outpost in Europe to help companies communicate about common vulnerabilities and risks.
MediaMarkt hit by Hive ransomware, initial $240 million ransom
Bleeping Computer
@Lawrence Abrams
Electronics retail giant MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany.
Russia
Ransomware HQ: Moscow’s Tallest Tower Is a Cybercriminal Cash Machine
Bloomberg
@KartikayM @olgakharif
The building has also been home to more than a dozen companies since 2018 that convert cryptocurrencies to cash, judging from the addresses listed on company websites. Although there’s nothing inherently illegal about this, such businesses can enable criminals to cash out profits from digital crimes if they don’t vigilantly monitor their customers, and some find lax oversight to be a useful market niche. Experts have linked at least four of the companies in Vostok to money laundering associated with the ransomware industry, which has generated $1.6 billion in ransom payments since 2011, according to the U.S. Treasury Department.
The Americas
‘Be careful you don’t die in an accident’: Hong Kong protester living in Canada receives daily threats
The Globe and Mail
@stevenchase
Last year, Ottawa urged anyone being targeted in such a manner to speak to law enforcement. Martin Seto, a Calgarian with the New Hong Kong Cultural Club, which also supports asylum seekers, said he spoke to the RCMP’s Integrated National Security Enforcement Team, but they told him it’s difficult, if not impossible, to trace harassment online – particularly if it’s coming from another country.
Mexico arrests businessman in Pegasus spyware case
AP News
@verzamex
Mexican prosecutors said Monday they have arrested a businessman on charges he used the Pegasus spyware to spy on a journalist. The software marketed by the Israeli spyware firm NSO Group has been implicated in government surveillance of opponents and journalists around the world. Mexico had the largest list — about 15,000 phone numbers — among more than 50,000 reportedly selected by NSO clients for potential surveillance.
Misc
Musk's Twitter poll shaves stock price and raises regulatory questions
Reuters
@Subrat_Patnaik @VidyaReuters @ChrisPrentice
Tesla Inc chief Elon Musk's Twitter poll proposing to sell a tenth of his holdings in the electric carmaker shaved around $60 billion off the company's market value on Monday and raised questions about whether he may have violated his settlement with the U.S. securities regulator again.
YouTube to expand test that reopens mobile app directly in its TikTok rival, Shorts
TechCrunch
@sarahintampa
YouTube is looking to give its TikTok rival, Shorts, a competitive advantage. The company confirmed it’s expanding a recent global test that defaults the YouTube mobile app to open directly in Shorts if the user had previously watched Shorts videos before exiting. In other words, instead of being taken to the YouTube homepage when you return to the app, you’d be dropped into the short-form video experience.
If healthcare doesn't strengthen its cybersecurity, it could soon be in critical condition
World Economic Forum
@DuguinStephane
It’s hard to imagine anything more cynical than holding a hospital to ransom, but that is exactly what’s happening with growing frequency. The healthcare sector is a popular target for cybercriminals. Unscrupulous attackers want data they can sell or use for blackmail, but their actions are putting lives at risk. A cyberattack on healthcare is more than an attack on computers. It is an attack on vulnerable people and the people who are involved in their care; this is well illustrated by the breadth of healthcare organizations, from hospitals to mental health facilities to pharmaceutical companies and diagnostic centres, targeted between June 2020 and September 2021.
Niantic reveals its vision for a ‘real-world metaverse,’ releases Lightship AR Developer Kit
TechCrunch
@asilbwrites
AR technology company Niantic, best known for Pokémon GO, announced today that it will launch Lightship, an AR Developer Kit (ARDK) that will make building augmented reality experiences more accessible. This free, openly available technology will help Niantic lay the foundation for its vision of the “real-world metaverse.”
How Data Is Reshaping Real Estate
The New York Times
@Patrick Sisson
This obstacle was one of many that his company, Standard AI, faced while retrofitting a Circle K convenience store in Tempe, Ariz., with computer vision software, which tracks every item customers pick up so they can simply scan their app-enabled phone to pay as they leave, eliminating the checkout line. A network of more than 100 cameras can identify any of the thousands of similarly sized candy bars or beverages grabbed by customers, including cans of Red Bull, now identifiable thanks to a combination of geometric projections and higher-resolution cameras.
Events
The Sydney Dialogue - Keynote Address: Prime Minister of Australia
The Sydney Dialogue - Social Reset: A New Compact Between Technology and Government
ASPI
@ASPI_ICPC
The information environment everywhere has come under strain and is being exacerbated by geopolitical tensions. State and non-state actors are actively distorting and manipulating the public square in a way that is both inauthentic and degrading to democratic systems. This disruption has created a rift between social media companies and governments. What is now at stake is the integrity of our information environment and ultimately the stability of societies. But the evolving dynamic of antagonism between governments and social media platforms is inhibiting the type of collaboration needed to overcome this challenge. There is an opportunity for technology platforms and legislators to reset their relationships and build online ecosystems that support free societies. This session on 18 Nov at 12:30-13:30 AEDT will propose new ideas for governments and technology companies to ‘reset’ their relationship and work more collaboratively to restore truth in the public sphere.
The Sydney Dialogue - Keynote Address: Prime Minister of India
The Sydney Dialogue - Contested Space: Collaborating in the New Golden Age of Space
ASPI
@ASPI_ICPC
This session will convene on 19 Nov at 12:00-13:00 AEDT with space leaders from the US, Japan, India, and Australia. It will consider challenges and opportunities in a contested, congested, and competitive space domain. It will explore how the Quad states can work together towards achieving the next giant leap in space exploration - specifically the return of humans to the lunar surface to achieve the ability to undertake crewed missions to Mars. Finally, the panel will consider how a high visibility collaborative project between Quad members in space can deliver a key advance in space globally.
The Sydney Dialogue - Democracies and Global Technology Governance
ASPI
@ASPI_ICPC
There is rising awareness that how technologies are designed, where they come from, and how they are deployed, matters. To preserve human rights and free societies, democracies are coming to realise they need to play a more active role, as a group, shaping global tech governance. Be it standard setting, design principles, ethical frameworks or law enforcement access to digital content, there is a pressing need to ensure the interests of citizens are kept central. This panel on 19 Nov at 13:00-14:00 AEDT will look at how states can best advance global technology governance to preserve freedoms and the important role for the Indo-Pacific.
The Sydney Dialogue - Keynote Address: Former Prime Minister of Japan
EVC & INDSR JOINT CLOSED-DOOR WORKSHOP
The closed-door event will be co-organized by Taipei-based Institute for National Defense and Security Research (INDSR) and European Values Center for Security Policy Taipei Office (EVC), held within INDSR workshop premises in Taipei. Login via Webex will be provided to confirmed participants. The goal of this workshop is connecting Taiwanese and European knowledge and national security experts on supporting and protecting strategic technologies.
Research
Surveillance Technology at the Fair: Proliferation of Cyber Capabilities in International Arms Markets
Atlantic Council
@__winn @LarsGjesvik @OleWillers
State cyber capabilities are increasingly abiding by the “pay-to-play” model—both US/NATO allies and adversaries can purchase interception and intrusion technologies from private firms for intelligence and surveillance purposes. NSO Group has repeatedly made headlines in 2021 for targeting government entities in cyberspace, but there are many more companies selling similar products that are just as detrimental.
Making the Concept of Violence Central to the Study of Offensive Cyber Operations
Offensive Cyber Working Group
@egflo @jamessshires
Cybersecurity is the foundation of our online life, while cyber insecurity is its Achilles’ heel. Within this broader picture, offensive cyber operations by states are an important – but far from the only – cause of global cyber insecurity. The effects of state offensive cyber operations are wide, with harms ranging from leaked or deleted personal data to the non-functioning of critical infrastructures such as oil pipelines. Categorizing and prioritizing these harms is difficult, as scholars and policymakers struggle to draw standard distinctions between peace and war, espionage and covert action, and military and intelligence functions.
First Steps to Getting Started in Open Source Research
Offensive Cyber Working Group
@gianfiorella
Open source research has “come of age”, according to a recent article published by The Economist. What was once the niche realm of a relatively small number of individuals with free time and obsessive internet habits is now informing research and journalism in a wide range of fields and institutions. It’s hard to imagine a better time to roll up your sleeves and set off on the path of the open source researcher.
Jobs
ICPC Analyst & Project Manager - Coercive diplomacy
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an Analyst and Project Manager to manage, and help lead, a project on coercive diplomacy in the Indo-Pacific region... This new role will focus on analysis, workshops and stakeholder engagement centred around coercive diplomacy, including how countries in the Indo-Pacific can work together to tackle this complicated policy challenge.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.
.