Israel and Iran broaden cyberwar to attack civilian targets | Australia introduces anti-troll laws | US seeks ways to adapt spycraft to changing technology
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Iranians couldn’t buy gas. Israelis found their intimate dating details posted online. The Iran-Israel shadow war is now hitting ordinary citizens. The New York Times
Australia will introduce legislation to make social media giants provide details of users who post defamatory comments, Prime Minister Scott Morrison said on Sunday. Reuters
A trained CIA case officer could once cross borders with a wallet full of aliases or confidently travel through foreign cities undetected to meet agents. Now, he or she faces digital obstacles that are the hallmarks of modern life: omnipresent surveillance cameras and biometric border controls, not to mention smartphones, watches and automobiles that constantly ping out their location. The Wall Street Journal
ASPI ICPC
Chinese vlogger films Uyghur concentration camps in Xinjiang
Pontifical Institute for Foreign Missions AsiaNews
Acting as a tourist, Guanguan travelled to various locations to check on detention camps’ existence. He found 18 different locations in operation and one abandoned. Ethnic Han Chinese have confirmed the existence of forced labour. The EU renews its sanctions against China’s repression of its Turkic speaking population. According to Nathan Ruser, a researcher with the Australian Strategic Policy Institute (ASPI), the Chinese vlogger filmed 18 different concentration camps in operation and one abandoned facility.
#175: The Architecture of Repression in Xinjiang
Apple Podcasts
Professor James Leibold (Head of the Department of Politics, Media and Philosophy, La Trobe University)
Daria Impiombato (Researcher at ASPI’s International Cyber Policy Centre)
A report published by the Australian Strategic Policy Institute (ASPI) maps and analyses the governance mechanisms employed by the Chinese party-state in Xinjiang. While the international debate continues as to whether the recent events in Xinjiang constitute genocide, this report gathers the relevant evidence before it could be covered up, and makes it publicly available.
“We go to space to benefit life on earth”, says NASA deputy administrator at Quad space officials' meet
WION
Sidharth MP
There are great benefits here on earth as a result of space exploration activities and continued human presence in Low Earth Orbit, according to Colonel Pam Melroy, NASA’s deputy administrator. “Climate change is an existential crisis, the best place to monitor earth, is from space...There are a lot of problems to solve...We go to space to benefit life on earth and those who spend their effort on it, see a direct line of sight.” The top American official was in discussion with heads of space agencies from the Quad countries (Japan, Australia, India, US), hosted as part of the Sydney Dialogue, by the Australian Strategic Policy Institute.
Indian lunar lander, Japanese rover to explore Moon in LUPEX mission, says JAXA Official
WION
Sidharth MP
The Indian and Japanese space agencies are planning a joint mission to the Moon, that is meant to explore the Polar region. The mission, which will be known as Lunar Polar Exploration Mission (LUPEX), will feature an Indian lunar lander and a Japanese rover. Dr Hiroshi Yamakawa, President, Japan Aerospace Exploration Agency (JAXA) revealed this and Japan’s future mission plans, at the Sydney Dialogue, an initiative by the Australian Strategic Policy Institute.
Policy, Guns and Money: Pacific cyber capacity
The Strategist
Papua New Guinea’s government pay system was recently hit by a ransomware attack. ASPI’s Bart Hogeveen speaks with Cherie Lagakali, Pacific liaison of the Global Forum on Cyber Expertise and chair of the Pacific chapter of Internet Society, about the attack and overall cyber capacity in the Pacific.
World
Notorious Pegasus spyware faces its day of reckoning
The Guardian
John Naughton
If you were compiling a list of the most toxic tech companies, Facebook – strangely – would not come out on top. First place belongs to NSO, an outfit of which most people have probably never heard. Wikipedia tells us that “NSO Group is an Israeli technology firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smartphones”...Pegasus is so powerful it is classed as a munition and, as such, requires the permission of the Israeli government before it can be sold to foreign customers. And those customers, apparently, have to be governments.
Australia
Australia to introduce new laws to force media platforms to unmask online trolls
Reuters
Melanie Burton
Australia will introduce legislation to make social media giants provide details of users who post defamatory comments, Prime Minister Scott Morrison said on Sunday. The government has been looking at the extent of the responsibility of platforms, such as Twitter (TWTR.N) and Facebook (FB.O), for defamatory material published on their sites and comes after the country's highest court ruled that publishers can be held liable for public comments on online forums. The ruling caused some news companies like CNN to deny Australians access to their Facebook pages.
"The online world should not be a wild west where bots and bigots and trolls and others are anonymously going around and can harm people," Morrison said at a televised press briefing. "That is not what can happen in the real world, and there is no case for it to be able to be happening in the digital world."
Social media companies could be forced to give out names and contact details, under new anti-troll laws
ABC News
Tom Lowrey
Social media companies could be forced to reveal the identities of anonymous users in an effort to crack down on online trolling, under new laws being drafted by the federal government. The laws would require social media companies to collect the details of all users, and allow courts to force companies to hand over the identities of users to aid defamation cases. Social media companies would also be made legally liable for the content they publish from users, removing liability from individuals and companies that manage pages.
Voters back tougher rules on social media, survey shows
The Sydney Morning Herald
David Crowe & Zoe Samios
Two-thirds of Australian adults back the idea of holding Facebook and other social media companies responsible for posts made on their platforms, while 70 per cent want anonymous “trolls” to be revealed in tougher rules for millions of users. Voters support the case for greater oversight of the social networks, with 71 per cent favouring better regulation at the same time Prime Minister Scott Morrison promises a draft bill to subject the companies to tougher laws and court orders.
Chinese spy ship spotted circling Australia’s coast for three weeks
News.com.au
Frank Chung
Scott Morrison says the revelation that a sophisticated Chinese spy ship circled Australia’s coast earlier this year highlights the “very serious situation” in the Indo-Pacific...The Daily Telegraph first reported on Friday that the vessel had been spotted circling Australia’s coast for three weeks in August and September, collecting electronic intelligence as it travelled past sensitive military installations. It was believed to be a Dongdiao-class spy ship, similar to one which monitored the Talisman Sabre military exercises between Australia and the US earlier this year. The Dongdaio-class is capable of monitoring communications and radar signals and the electromagnetic spectrum as well as employing other surveillance methods such as optical sensors.
Cyber criminals stopped from stealing tens of millions of dollars as AFP unleashes new cyber punch
AFP
The AFP has stopped cyber criminals from stealing $24 million from the superannuation accounts of hard-working Australians and launched several counter strikes to stop millions of dollars more being siphoned offshore. Today, the AFP can reveal the details of cybercrime operations which prevented significant losses by businesses and individuals, including elderly Australians tricked into giving away hundreds of thousands of dollars. It comes as the Minister for Home Affairs Karen Andrews today announces the Joint Policing Cybercrime Coordination Centre – the JPC3 – which will be operational from March 2022.
China
Beijing presses Didi to delist from U.S. over data security fears - sources
Reuters
Julie Zhu, Kane Wu & Brenda Goh
Chinese regulators have pressed top executives of ride hailing giant Didi Global Inc (DIDI.N) to devise a plan to delist from the New York Stock Exchange due to concerns about data security, two people with knowledge of the matter told Reuters. China's powerful Cyberspace Administration of China (CAC) has asked the management to take the company off the U.S. bourse due to worries about leakage of sensitive data, said one of the people...The cyberspace regulator said, according to the person, the prerequisite for the relaunch of Didi's ride-hailing and other apps in China is that the company has to agree to delist from New York.
Ant Group applies to China's central bank to set up personal-credit scoring joint venture with state-backed partners
South China Morning Post
Georgina Lee
China’s central bank said it has received an application for a personal-credit scoring joint venture between Ant Group, state-backed Zhejiang Tourism Investment Group and four other investors, allowing the fintech giant to move ahead with its business overhaul.
USA
Biometrics, Smartphones, Surveillance Cameras Pose New Obstacles for U.S. Spies
The Wall Street Journal
Warren P. Strobel
A trained CIA case officer could once cross borders with a wallet full of aliases or confidently travel through foreign cities undetected to meet agents. Now, he or she faces digital obstacles that are the hallmarks of modern life: omnipresent surveillance cameras and biometric border controls, not to mention smartphones, watches and automobiles that constantly ping out their location. Then there is “digital dust,” the personal record almost everyone leaves across the internet.
And Albert Zhang’s article Do cyber spies dream of electric shadows?
That ‘Team Beto’ Fund-Raising Email? It Might Not Be From Beto.
The New York Times
Shane Goldmacher
Mimicking official correspondence is an age-old marketing trick. But look-alike emails suggesting links to Beto O’Rourke’s campaign for governor show the tactic has accelerated in the digital era.
North-East Asia
S.Korean game producers chase NFTs in real-money boost for players and firms
Reuters
Joori Roh
South Korea's mobile and online game producers are luring players with services using non-fungible tokens (NFTs), jumping on a trend the firms see as the future of the sector and sparking a sharp rally in their shares in recent weeks. An NFT is a digital asset that encompasses everything from images, videos to text, whose ownership record is tracked on the blockchain and is usually bought with cryptocurrencies. In the gaming world, the various characters, weapons, vehicles and other items that players make use of to accomplish their particular tasks can be NFTs.
South-East Asia
Apple tells Thai activists they are targets of ‘state-sponsored attackers’
The Guardian
Rebecca Ratcliffe & Navaon Siradapuvadol
Thai activists who have called for reform of the monarchy are among at least 17 people in Thailand who say they have been warned by Apple that they have been targeted by “state-sponsored” attackers.
Dyson dumps Malaysian supplier ATA over labour concerns
Reuters
Anantha Ananthalakshmi & Liz Lee
High-tech home appliance maker Dyson Ltd told Reuters it had cut ties with supplier ATA IMS Bhd (ATAI.KL) following an audit of the Malaysian company's labour practices and allegations by a whistleblower, sending ATA shares plunging...The termination is also a significant blow for Malaysia, a major electronics manufacturing hub that has faced scrutiny this year over claims migrant workers are being subjected to abusive working and living conditions.
South and Central Asia
WhatsApp wins approval to double payments offering to 40 mln users in India -source
Reuters
Aditya Kalra
WhatsApp (FB.O) has won regulatory approval to double the number of users on its payments service in India to 40 million, a source with direct knowledge told Reuters on Friday. The company had requested that there should be no cap on users of its payment service in India. Instead, the National Payments Corporation of India (NPCI) this week told the company it could double the user base to which it can offer its payment service - currently restricted to 20 million - the source said.
India tells public to shun Musk-backed Starlink until it gets licence
Reuters
Nidhi Verma
The Indian government advised people against subscribing to Starlink Internet Services, a division of billionaire Elon Musk's SpaceX aerospace company, as it does not have a licence to operate in the country. A government statement issued late on Friday said Starlink had been told to comply with regulations and refrain from "booking/rendering the satellite internet services in India with immediate effect".
Cryptocurrency exchange Coinstore enters India despite pending curbs on trade
Reuters
Nupur Anand
Singapore-based virtual currency exchange Coinstore has begun operations in India at a time when the Indian government is preparing legislation to effectively bar most private cryptocurrencies.
UK
Google makes pledges on browser cookies to appease UK regulator
Reuters
Paul Sandle & Huw Jones
Google has pledged more restrictions on its use of data from its Chrome browser to address concerns raised by Britain's competition regulator about its plan to ban third-party cookies that advertisers use to track consumers. The UK's Competition and Markets Authority (CMA) has been investigating Google's plan to cut support for some cookies in Chrome - an initiative called the "Privacy Sandbox" - because it is worried it will impede competition in digital advertising. Google has said its users want more privacy when they are browsing the web, including not being tracked across sites.
Europe
Italy fines Apple and Google for ‘aggressive’ data practices
TechCrunch
Natasha Lomas
Apple and Google have been fined €10 million apiece by Italy’s competition and market authority (AGCM) which has found they did not provide their users with clear enough information on commercial uses of their data — in violation of the country’s consumer code. The regulator also accuses the pair of deploying “aggressive” practices to push users to accept the commercial processing. Apple and Google were both contacted for a response to the ACGM’s sanction. Both said they will appeal.
Italy's antitrust regulator fines Google, Apple over data use
Reuters
Giulia Segreti
Italy's antitrust regulator has fined Alphabet's Google (GOOGL.O) and iPhone maker Apple (AAPL.O) 10 million euros ($11.2 million) each for "aggressive practices" linked to the commercial use of user data. The authority said in statement the two tech groups did not provide "clear and immediate information" on how they collect and use the data of those who access their services.
Facebook offers remedies to address EU concerns about Kustomer deal
Reuters
Foo Yun Chee
Facebook (FB.O) has offered remedies in a bid to secure EU antitrust approval for its acquisition of U.S. customer service startup Kustomer, a European Commission filing showed. Facebook, now Meta Platforms, submitted its package on Wednesday. The EU competition enforcer, which did not provide details of the remedies in line with its policy, extended its decision deadline to Jan. 28. It is expected to seek feedback from rivals and customers before deciding whether to accept the offer or demand more. The Commission has previously said the deal may hurt competition and reinforce the U.S. social media company's power in online advertising.
Middle East
Israel and Iran Broaden Cyberwar to Attack Civilian Targets
The New York Times
Farnaz Fassihi & Ronen Bergman
Iranians couldn’t buy gas. Israelis found their intimate dating details posted online. The Iran-Israel shadow war is now hitting ordinary citizens.
Millions of ordinary people in Iran and Israel recently found themselves caught in the crossfire of a cyberwar between their countries. In Tehran, a dentist drove around for hours in search of gasoline, waiting in long lines at four gas stations only to come away empty.
In Tel Aviv, a well-known broadcaster panicked as the intimate details of his sex life, and those of hundreds of thousands of others stolen from an L.G.B.T.Q. dating site, were uploaded on social media.
For years, Israel and Iran have engaged in a covert war, by land, sea, air and computer, but the targets have usually been military or government related. Now, the cyberwar has widened to target civilians on a large scale.
Israel bars all foreigners, reinstates phone surveillance in effort to contain omicron variant
The Washington Post
Shira Rubin
At a three-hour cabinet meeting on Saturday night, the government decided to tighten quarantine rules, reinstate the role of the Israeli internal security service, Shin Bet, in surveilling the cellphones of people confirmed to be carrying the variant, and require events of more than 50 participants to apply a Green Pass system, by which participants must show proof of vaccination or recovery.
Misc
Carmakers get inventive as global chip crisis bites
Reuters
Christina Amann
Whether buying computer chips directly from manufacturers, reconfiguring cars, or producing them with parts missing, automakers are having to get creative to cope with the global shortage of semiconductors. The shortage, due to supply problems and a surge in demand for consumer electricals during the pandemic, has hit the auto industry hard, with millions of vehicles worldwide not being produced because important parts are missing.
IKEA email systems hit by ongoing cyberattack
BleepingComputer
Lawrence Abrams
IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails...In internal emails seen by BleepingComputer, IKEA is warning employees of an ongoing reply-chain phishing cyber-attack targeting internal mailboxes. These emails are also being sent from other compromised IKEA organizations and business partners.
AMC and Sony will hand out NFTs to 'Spider-Man' advance ticket buyers
Engadget
Jon Fingas
AMC is extending its fondness for the blockchain to the freebies you get with ticket pre-orders. The theater chain and Sony Pictures are giving away 86,000 NFTs to Stubs Premiere, A-List and Investor Connect members who buy or reserve tickets for Spider-Man: No Way Home showings on December 16th. Redeem a code through a special website and you'll get one of 100 designs available through the more eco-friendly Wax blockchain.
They Died From Covid. Then the Online Attacks Started.
The New York Times
Dan Levin
The social media profiles of anti-vaccine victims of the pandemic have made them and their families targets of trolling, even after their deaths.
Jobs
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.
SENIOR CYBER INTELLIGENCE ANALYST
CyberCX
At CyberCX we are building a uniquely Australia and New Zealand focused cyber intelligence capability. As a Cyber Intelligence Analyst, you will be part of a high-performing team with unparalleled visibility into the region’s cyber threat landscape. You will provide real-time intelligence support to some of the region’s most high-profile cyber incidents, provide threat information to inform the decisions of internal and customer security teams, and support the production of assessments and products that will help secure Australian and New Zealand communities and organisations.