FBI aware of unauthorised emails purporting cyberthreats from their email address | US seeks extradition of alleged ransomware money launderer | Facebook stifles a report on hate speech in India
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The FBI on Saturday said it was aware of reports that unauthorized emails were coming from a legitimate FBI email address to thousands of organizations about a purported cyber threat. The emails -- which according to the agency are part of an "ongoing situation" -- started coming from an FBI address early Saturday and have hit at least 100,000 inboxes, according to the Spamhaus Project, a Europe-based nonprofit that tracks digital threats. CNN.
Russian man accused of laundering money in connection with ransomware that hackers have used to disrupt multiple US hospitals has been detained in the Netherlands at the request of the FBI, according to his lawyer. CNN
Human rights groups say Facebook is stifling an independent report it commissioned to investigate hate speech on its services in India, the company’s largest market by customers and where scrutiny of its operations is increasing. The Wall Street Journal.
ASPI ICPC
From open source to mighty national security resource
The Australian
Ben Packham
Australia also has a globally recognised centre of excellence in open-source intelligence that is hiding in plain sight in the Canberra suburb of Barton, just a short walk from Parliament House.
The Australian Strategic Policy Institute’s International Cyber Policy Centre is, despite its misleading title, home to one of the world’s biggest China-focused open-source intelligence team outside of government.
Established eight years ago as a separate unit within the Peter Jennings-led ASPI, it has become a global authority on Chinese foreign interference, disinformation, technological authoritarianism and human rights abuses.
It has done it in part by harnessing the intellect and enthusiasm of a particular type of millennial nerd and combining them with the experience of seasoned analysts and technology wonks.
Australian and Israeli PMs to take part in Bengaluru Tech Summit
The Hindu
According to the IT Minister, participation of Karnataka and Australia through BTS-2021 and The Sydney Dialogue has also been fixed. The Sydney Dialogue is the Australian Strategic Policy Institute’s summit for emerging, critical and cyber technologies. Coinciding with BTS-2021, The Sydney Dialogue’s sessions will be streamed at the tech summit, which is expected to cover QUAD space collaboration and the Indian and Australian Foreign Ministers’ take on technology’s impact on democracy.
The Sydney Dialogue kicks off on Wednesday, explore the program & register to participate here.
World
Biden and China’s Xi Will Hold Virtual Summit on Monday
The New York Times
Michael D. Shear
President Biden will hold a virtual summit with President Xi Jinping of China on Monday as the leaders of the world’s two largest economies confront tensions over trade, cyberthreats, the climate, Taiwan and human rights.
The Sneaky Way TikTok Is Connecting You to Real-Life Friends
WIRED
Louise Matsakis
Unlinke other social apps, TikTok didn’t become a global success by connecting people with their friends and family. Its stated mission is to “inspire creativity and build joy,” a far cry from Facebook’s goal to “bring the world closer together.” The app’s central feature, the For You Page algorithm, primarily recommends videos based on what users like, not whether they were uploaded by someone they know. But recently, it appears that’s started to change.
Australia
QAnon: how the far-right cult took Australians down a ‘rabbit hole’ of extremism
The Guardian
Van Badham
Cam Smith, an Australian researcher who monitors online far-right activity, had first noticed mention of QAnon in the local communities he watched as early as 2018. At the time, it looked like just a few “tiny meetup groups on Facebook” of around 20 people, he told me. “They were talking about, ‘Oh, we’ll meet up at like some pub in Oakleigh, and we’ll talk about this QAnon thing.’ And I didn’t think it was going to be that important.”
A CSIRO-founded venture capital fund wants to reshape the influencer economy by getting celebrities behind clean energy and deep tech
Business Insider
John Buckley
A new initiative borne of the CSIRO’s venture capital fund, Main Sequence, hopes to reshape the celebrity endorsement deal by welcoming celebrity co-investment in renewable energy and deep-tech startups. The fund says the entire project, dubbed “Voice Capital”, is underwritten with a promise of authenticity, playing matchmaker for celebrities and the causes they advocate for by welcoming them to quite literally put their money where their mouths are.
China
China Moves to Quash Online Rumors That Taiwan War Looms
Bloomberg
Chinese state media have sought to quiet online speculation that a conflict with Taiwan may be imminent, in a sign of how heated rhetoric between Washington and Beijing was feeding public concern about the risk of war. Chinese social media networks have seen a flurry of chatter about a possible Taiwan crisis in recent days, seemingly fueled by Beijing’s call for citizens to stockpile food and an unrelated message claiming to show the nation was preparing to mobilize military reserves. The surge came after a report by China’s state broadcaster saying that Taiwanese were hoarding their own survival supplies.
US seeks extradition of alleged ransomware money launderer
CNN
Sean Lyngaas
Russian man accused of laundering money in connection with ransomware that hackers have used to disrupt multiple US hospitals has been detained in the Netherlands at the request of the FBI, according to his lawyer. The US Justice Department is seeking the extradition of Denis Dubnikov, 29, who is accused of receiving more than $400,000 in cryptocurrency tied to ransom payments, according to a copy of the extradition request reviewed by CNN.
Ransomware takes center stage in U.S. official's Middle East trip
Reuters
Daphne Psaledakis
U.S. Deputy Treasury Secretary Wally Adeyemo will travel to the Middle East on Friday, a Treasury spokesperson told Reuters, where he will seek to build partnerships on ransomware and cybersecurity as hackers wreak havoc among some of America's more vital industries.
Ex-security chief: we have privatised our cyber security. The winners are the hackers
Prospect
Ciaran Martin
Despite all the hype and warnings of “cybergeddon,” cyber security has remained a rather dull subject for most of its life. Social chaos and economic meltdown caused by digital warriors has remained the stuff of Hollywood fantasy; the reality for most people has been low-level (but painful) online scams and getting notifications of opportunistic personal data breaches. Seemingly out of nowhere, however, 2021 has served to remind us of our serious digital vulnerabilities.
Huawei Strikes Back
Foreign Affairs
Jonathan E. Hillman
Huawei is hurting. Since the United States placed export restrictions on the company last year, the Chinese telecommunications giant has been cut off from key components of the semiconductor supply chain. U.S. diplomats have also persuaded a growing number of foreign leaders, many of them in advanced democracies, to keep Huawei out of their 5G networks. These punitive measures are taking a toll, and the company’s revenue has declined for four straight quarters.
Chinese company transfers thousands of Uyghurs from Xinjiang to Nanjing
RFA
Shohret Hoshur
A Chinese job-placement company transferred more than 3,000 Uyghur workers, including girls as young as 16, from the Xinjiang region to factories in other parts of China this year and plans to send thousands more in early 2022, an RFA investigation has shown.
Read more in our report: Uyghurs For Sale
Hackers Targeted Apple Devices in Hong Kong for Widespread Attack
WIRED
Lily Hay Newman
Since at least late August, sophisticated hackers used flaws in macOS and iOS to install malware on Apple devices that visited Hong Kong–based media and pro-democracy websites. The so-called watering hole attacks cast a wide net, indiscriminately placing a backdoor on any iPhone or Mac unfortunate enough to visit one of the affected pages.
Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users
VICE News
Lorenzo Franceschi-Bicchierai
Google researchers caught hackers targeting users in Hong Kong exploiting what were at the time unknown vulnerabilities in Apple’s Mac operating system. According to the researchers, the attacks have the hallmarks of government-backed hackers.
China’s next generation of hackers won’t be criminals. That’s a problem.
TechCrunch
Dakota Cary
Criminals have a long history of conducting cyber espionage on China’s behalf. Protected from prosecution by their affiliation with China’s Ministry of State Security (MSS), criminals turned government hackers conduct many of China’s espionage operations. Alarming as it may sound, this is not a new phenomenon. An indictment issued by the U.S. Department of Justice last year, for example, indicated that the simultaneous criminal-espionage activity of two Chinese hackers went back as far as 2009. In another case, FireEye, a cybersecurity company, alleges that APT41, a separate cohort of MSS hackers, began as a criminal outfit in 2012 and transitioned to concurrently conducting state espionage from 2014 onward. But there’s reason to believe that since then, China has been laying the groundwork for change.
"Hostile Forces" in the Digital Age
China Media Project
Stella Chen
Terms like “foreign forces” and “hostile forces” have frequently been used by Chinese Communist Party officials and domestic media over past decades to launch allegations of foreign interference, but these terms have often pointed not to real instances of external meddling but rather have underscored tensions within Chinese society. In the era of digital social media, when online flag-wavers can crowd-source their activities and self-publish their accusations, the discourse of foreign interference has become a regular feature of online attacks in Chinese cyberspace, with a wide range of groups and individuals denounced as traitors.
China still steals commercial secrets for its own firms’ profit
The Economist
Earlier this year Microsoft found that a group of hackers, which it called Hafnium, had broken into hundreds of thousands of computer servers around the world that were running the firm’s mail and calendar software. The cyber-thieves were stealing emails, documents and other data from small businesses, ngos and local governments in an enormous, seemingly indiscriminate, cyber-attack. In July America, Britain, other members of nato and the European Union all blamed China. America was more specific. It named China’s civilian intelligence agency, the Ministry of State Security (mss).
Alibaba’s ‘Singles Day’ in China Hit by Global Supply Strains
The Wall Street Journal
Stephanie Yang
China’s biggest shopping season is getting squeezed by the global supply-chain crunch. The annual shopping festival, known as “Singles Day,” has over the years grown from a one-day shopping event into weeks of promotions that rake in more revenue than Black Friday and Cyber Monday combined. While Chinese e-commerce platforms reported more sales than ever this year, the event was dampened by production snarls.
China’s Global Network of Vocational Colleges to Train the World
The Diplomat
Niva Yau, Dirk van der Kley
Despite questions from U.S. President Joe Biden’s foreign policy team about the lack of local benefits for countries along the Belt and Road, China and Chinese companies are serious about upskilling and employing more locals on overseas projects. China is so serious that it is setting up a network of vocational colleges around the world, called Luban Workshops after Lu Ban, a mythical figure revered as an inventor. The workshops train students in dozens of countries in technical areas such as industrial sensors, control and robotics technologies, machinery equipment manufacturing, and high-speed rail technologies.
USA
Fake FBI emails about a sophisticated attack are part of 'ongoing situation,' agency says
CNN
Sean Lyngaas
The FBI on Saturday said it was aware of reports that unauthorized emails were coming from a legitimate FBI email address to thousands of organizations about a purported cyber threat. The emails -- which according to the agency are part of an "ongoing situation" -- started coming from an FBI address early Saturday and have hit at least 100,000 inboxes, according to the Spamhaus Project, a Europe-based nonprofit that tracks digital threats.
US seeks extradition of alleged ransomware money launderer
CNN
Sean Lyngaas
Russian man accused of laundering money in connection with ransomware that hackers have used to disrupt multiple US hospitals has been detained in the Netherlands at the request of the FBI, according to his lawyer. The US Justice Department is seeking the extradition of Denis Dubnikov, 29, who is accused of receiving more than $400,000 in cryptocurrency tied to ransom payments, according to a copy of the extradition request reviewed by CNN.
Ransomware takes center stage in U.S. official's Middle East trip
Reuters
Daphne Psaledakis
U.S. Deputy Treasury Secretary Wally Adeyemo will travel to the Middle East on Friday, a Treasury spokesperson told Reuters, where he will seek to build partnerships on ransomware and cybersecurity as hackers wreak havoc among some of America's more vital industries.
Ex-security chief: we have privatised our cyber security. The winners are the hackers
Prospect
Ciaran Martin
Despite all the hype and warnings of “cybergeddon,” cyber security has remained a rather dull subject for most of its life. Social chaos and economic meltdown caused by digital warriors has remained the stuff of Hollywood fantasy; the reality for most people has been low-level (but painful) online scams and getting notifications of opportunistic personal data breaches. Seemingly out of nowhere, however, 2021 has served to remind us of our serious digital vulnerabilities.
Biden signs into law bill to secure telecommunications systems against foreign threats
The Hill
Maggie Miller
President Biden on Thursday signed into law bipartisan legislation to secure telecommunications systems against potential foreign threats, particularly from those linked to China. The Secure Equipment Act will ban the Federal Communications Commission (FCC) from considering or issuing authorization for products from companies on the FCC’s “covered list,” which includes Chinese telecommunications groups Huawei and ZTE.
U.S. Companies Aid China’s Bid for Chip Dominance Despite Security Concerns
Wall Street Journal
Kate O’Keeffe, Heather Somerville, Yang Jie
U.S. firms and their China affiliates are ramping up investment in Chinese semiconductor companies, aiding Beijing’s bid for chip-sector dominance and complicating Washington’s efforts to preserve America’s lead in the critical technology, a Wall Street Journal investigation has found.
How will Facebook keep its metaverse safe for users?
The Financial Times
Hannah Murphy
The man leading Facebook’s push into the metaverse has told employees he wants its virtual worlds to have “almost Disney levels of safety”, but also acknowledged that moderating how users speak and behave “at any meaningful scale is practically impossible”.
Google reorg moves AR, VR, Starline and Area 120 into new ‘Labs’ team
TechCrunch
Sarah Perez
Google Labs is back, but this time around, it’s not a consumer-facing brand delivering a range of experimental products. Instead, it’s the internal name given to a new team at Google created under a reorganization that aims to gather the company’s many innovative projects and long-term bets under one roof. The new group will be led by Clay Bavor, a veteran Googler and VP whose most recent role has seen him leading the company’s forward-looking efforts in virtual and augmented reality, including its cutting-edge holographic videoconferencing project known as Project Starline.
How will this AI critic influence Biden’s policies? The clues are hiding in plain sight.
Protocol
Kate Kaye
The second of two leaders from NYU's AI Now Institute, a small but influential organization researching the social implications of artificial intelligence, just joined the Biden administration to lay the groundwork for government AI policy. Their previous work suggests their presence might encourage the government to require new transparency from tech companies about how their algorithms work.
This Company Tapped AI for Its Website—and Landed in Court
WIRED
Tom Simonite
Last year, Anthony Murphy, a visually impaired man who lives in Erie, Pennsylvania, visited the website of eyewear retailer Eyebobs using screen reader software. Its synthesized voice attempted to read out the page’s content, as well as navigation buttons and menus. Eyebobs used artificial intelligence software from Israeli startup AccessiBe that promised to make its site easier for people with disabilities to use. But Murphy found it made it harder.
Apple supplier Foxconn cautious on 2022 revenue outlook
Reuters
Yimou Lee, Sarah Wu
Apple supplier Foxconn forecast on Friday that a global chip shortage would run into the second half of 2022 and its fourth-quarter revenue for electronics, including smartphones, would fall more than 15%.
South-East Asia
How Taiwan Underwrites the US Defense Industrial Complex
The Diplomat
Eric Lee
Advanced semiconductors play an important role in the defense industry. This is increasingly so as the U.S. military posture relies on relatively few high-quality systems that are underwritten by advanced microelectronics. While supply chain visibility is low, especially in the defense sector, it’s clear that semiconductors increasingly provide significant value to complex weapons systems – and that Taiwan provides the steel in the spine for the U.S. defense industrial complex.
South and Central Asia
Facebook Is Stifling Independent Report on Its Impact in India, Human Rights Groups Say
The Wall Street Journal
Newley Purnell
Human rights groups say Facebook is stifling an independent report it commissioned to investigate hate speech on its services in India, the company’s largest market by customers and where scrutiny of its operations is increasing.
UK
Tory MP's £300K link to China 'spy' firm as he gets £700K for four extra jobs
Mirror
Geraldine McKelvie
The private equity firm has paid him more than £300,000 while he has been an MP. Investcorp helped bankroll a firm which worked for the Chinese government on surveillance systems capable of tracking oppressed Uyghur Muslims.
Testing firm can profit from sale of Covid swabs
The Sunday Times
Shanti Das, George Greenwood
A large Covid-19 testing provider is being investigated by the UK’s data privacy watchdog over its plans to sell swabs containing customers’ DNA for medical research. Cignpost Diagnostics, a government-approved supplier trading as ExpressTest, said it intended to analyse the samples to “learn more about human health”, to develop drugs and products or to sell information to third parties, company documents show.
Europe
Dutch newspaper accuses US spy agencies of orchestrating 2016 Booking.com breach
The Register
Gareth Corfield
Jointly US-Dutch owned Booking.com was illegally accessed by an American attacker in 2016 – and the company failed to tell anyone when it became aware of what happened, according to explosive revelations.
With all eyes on the Indo-Pacific, a burgeoning tech alliance is taking shape in the Euro-Atlantic
TechCrunch
Tyson Barker
On September 29-30, in a converted steel mill in Pittsburgh now serving as a startup accelerator, three top Biden cabinet members and two top EU officials huddled to launch the U.S.-EU Trade and Technology Council (TTC). The TTC — if it takes root — could be a Euro-Atlantic answer to the Quad in the Indo-Pacific: an embryonic tech alliance and a building block for a new democratic tech arrangement.
Middle East
CEO-designate of spyware firm NSO quits after US blacklisting
The Guardian
The executive due to take over as chief executive of Israeli spyware company NSO Group has quit after the business was blacklisted by the US Department of Commerce, the company has said.
Gender and Women in Cyber
Misc
Substack Is Now a Playground for the Deplatformed
WIRED
Chris Stokel-Walker
What do Alex Berenson, Bari Weiss, and Glenn Greenwald have in common? They’ve all railed against being deplatformed—be it a Twitter ban or the loss of a job at a prestigious publication—only to find a new home and great riches on Substack.
Contract lawyers face a growing invasion of surveillance programs that monitor their work
The Washington Post
Drew Harwell
Camille Anidi, an attorney on Long Island, quickly understood the flaws of the facial recognition software her employers demanded she use when working from home. The system often failed to recognize her face or mistook the Bantu knots in her hair as unauthorized recording devices, forcing her to log back in sometimes more than 25 times a day.
The world’s most professional whistleblower
POLITICO
Mark Scott, Laura Kayali
As the former Facebook data scientist prepares to return to Puerto Rico, her sun-drenched home since leaving the tech giant, a well-funded lobbying operation — run by a former aide to Hillary Clinton — has opened doors across the European Union, aiding Haugen's mission to persuade the bloc's lawmakers to pass sweeping legislation to crack down on social media.
The next normal: Algorithms will take over college, from admissions to advising
The Washington Post
Shea Swauger
Imagine being rejected from a university or advised out of your major because you’re Black, or a woman, or a first-generation college student. Imagine learning that these decisions were made by predictive analytics software that you can’t object to or opt out of. Just over a decade ago, this seemed unlikely. Now it seems difficult to stop.
Events
The Sydney Dialogue - Social Reset: A New Compact Between Technology and Government
ASPI
The information environment everywhere has come under strain and is being exacerbated by geopolitical tensions. State and non-state actors are actively distorting and manipulating the public square in a way that is both inauthentic and degrading to democratic systems. This disruption has created a rift between social media companies and governments. What is now at stake is the integrity of our information environment and ultimately the stability of societies. But the evolving dynamic of antagonism between governments and social media platforms is inhibiting the type of collaboration needed to overcome this challenge. There is an opportunity for technology platforms and legislators to reset their relationships and build online ecosystems that support free societies. This session on 18 Nov at 12:30-13:30 AEDT will propose new ideas for governments and technology companies to ‘reset’ their relationship and work more collaboratively to restore truth in the public sphere.
The Sydney Dialogue - Contested Space: Collaborating in the New Golden Age of Space
ASPI
This session will convene on 19 Nov at 12:00-13:00 AEDT with space leaders from the US, Japan, India, and Australia. It will consider challenges and opportunities in a contested, congested, and competitive space domain. It will explore how the Quad states can work together towards achieving the next giant leap in space exploration - specifically the return of humans to the lunar surface to achieve the ability to undertake crewed missions to Mars. Finally, the panel will consider how a high visibility collaborative project between Quad members in space can deliver a key advance in space globally.
The Sydney Dialogue - Democracies and Global Technology Governance
ASPI
There is rising awareness that how technologies are designed, where they come from, and how they are deployed, matters. To preserve human rights and free societies, democracies are coming to realise they need to play a more active role, as a group, shaping global tech governance. Be it standard setting, design principles, ethical frameworks or law enforcement access to digital content, there is a pressing need to ensure the interests of citizens are kept central. This panel on 19 Nov at 13:00-14:00 AEDT will look at how states can best advance global technology governance to preserve freedoms and the important role for the Indo-Pacific.
Research
Surveillance Technology at the Fair: Proliferation of Cyber Capabilities in International Arms Markets
Atlantic Council
Winnona DeSombre, Lars Gjesvik, Johann Ole Willers
State cyber capabilities are increasingly abiding by the “pay-to-play” model—both US/NATO allies and adversaries can purchase interception and intrusion technologies from private firms for intelligence and surveillance purposes. NSO Group has repeatedly made headlines in 2021 for targeting government entities in cyberspace, but there are many more companies selling similar products that are just as detrimental. These vendors are increasingly looking to foreign governments to hawk their wares, and policymakers have yet to sufficiently recognize or respond to this emerging problem. Any cyber capabilities sold to foreign governments carry a risk: these capabilities could be used against individuals and organizations in allied countries, or even in one’s home country.
Jobs
ICPC Analyst & Project Manager - Coercive diplomacy
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an Analyst and Project Manager to manage, and help lead, a project on coercive diplomacy in the Indo-Pacific region... This new role will focus on analysis, workshops and stakeholder engagement centred around coercive diplomacy, including how countries in the Indo-Pacific can work together to tackle this complicated policy challenge.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.