Five-Eyes demands encryption backdoors | Pakistan blocks Tik-Tok | Twitter to take new measures before US Election.
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
A pact of five nation states dedicated to a global “collect it all” surveillance mission has issued a memo calling on their governments to demand tech companies build backdoor access to their users’ encrypted data — or face measures to force companies to comply. TechCrunch
Pakistan’s telecom regulator blocked TikTok on Friday for failing to filter out “immoral and indecent” content, another blow to the social media app that has come under increasing scrutiny as its popularity has surged across the globe. Reuters.
Twitter took steps on Friday to slow the way information flows on its network, even changing some of its most basic features, as alarm grows that lies and calls for violence will sweep through social media in the weeks surrounding the presidential election. The New York Times
ASPI ICPC
Snapshot of a shadow war in the Azerbaijan–Armenia conflict
ASPI Strategist
@elisethoma5 @AlbertYZhang
Modern conflicts are increasingly accompanied by online shadow wars in which the protagonists fight for narrative control. In our new report for ASPI’s International Cyber Policy Centre, we have documented some of the online activities associated with the latest outbreak of hostilities between Armenia and Azerbaijan over the disputed territory of Nagorno-Karabakh..What we found was a highly complex picture involving not just the two combatants but also their allies. For example, Turkish and Pakistani accounts have been actively supporting Azerbaijan in the fight for narrative control, while Indian accounts have been backing Armenia.
Read ASPI’s report “Snapshot of a Shadow War” detailing social media activities related to the Nagorno-Karabakh conflict here.
In midst of Nagorno-Karabakh clashes, Indians are backing Armenia, on the ground, and online
Indian Express
@nehabnk
Since fighting broke out on September 27 between Armenia and Azerbaijan in Nagorno-Karabakh, the Australian Strategic Policy Institute, a non-partisan think tank began noticing Indian social media accounts expressing support for Armenia with hashtags like #IndiasupportArmenia and #indianswitharmenia. On the opposite side, reflecting Turkey and Pakistan’s support for Azerbaijan in the three-decades long conflict, were Pakistani and Turkish accounts pushing their own hashtags.
Read ASPI’s report “Snapshot of a Shadow War” detailing social media activities related to the Nagorno-Karabakh conflict here.
Home Affairs TikTok security review found data security protections 'inadequate'
ABC News
Partly redacted documents show that the Department of Home Affairs completed a security assessment in January and recommended the app be banned or restricted on department devices.The assessment seemed narrowly focused, according to Fergus Ryan, an analyst with the Australian Strategic Policy Institute. "It also appears that the Home Affairs investigation only looked into the data security side of the equation without looking at the other important national security concern — that the app could be used to shape information flows to the benefit of the Chinese government," he said.
Read ASPI’s report “Tik-Tok and WeChat” here.
How global demand for hair products is linked to forced labor in China
CNN
@bexwright1 @IvanCNN @isaacyeephoto
ASPI’s ‘Uyghurs for Sale’ report even identified advertisements in online forums offering to arrange large numbers of Xinjiang workers. CNN has verified that several of the adverts are still online, including one with phrases like “absolutely obedient,” “can endure hardships” and “won’t cause trouble.”
World
‘Five Eyes’ governments call on tech giants to build encryption backdoors - or else
TechCrunch
@zackwhittaker
A pact of five nation states dedicated to a global “collect it all” surveillance mission has issued a memo calling on their governments to demand tech companies build backdoor access to their users’ encrypted data — or face measures to force companies to comply.
Australia
Swiping right? Investigation reveals the dark side of Tinder
ABC News
@AvaniDias @_angemccormack @thealirussell
A joint Four Corners and triple j Hack investigation has found Tinder is enabling sexual predators to thrive on its app.
ADF personnel warned about social media use after offensive Instagram account uncovered
ABC News
@andrewbgreene
Military personnel using fake or anonymous profiles to post offensive material online are being warned they can easily be tracked down and punished for breaching Defence policies.
Nation needs a stronger cyber regulatory framework
Australian Financial Review
While the federal government has been lauded to a certain extent for its 2020 Cyber Security Strategy, including the $1.35 billion Cyber Enhanced Situational Awareness and Response (CESAR) package, it has missed the chance to take a lead in introducing a stronger regulatory framework around cyber security suggest some industry leaders.
China
Chinese hackers suspected in cyber-espionage operation against Russia, India
CyberScoop
@shanvav @snlyngaas
Malicious software used in the campaign, which the departments of Defense and Homeland Security have dubbed “SlothfulMedia,” is linked with “high confidence” to the Chinese government.
Thousands of Articles Restored From Downed Website of Jailed Uyghur Scholar Ilham Tohti
Radio Free Asia
The former website of jailed Uyghur scholar Ilham Tohti containing thousands of articles has been restored seven years after it was shut down by authorities in China ahead of his 2014 arrest and sentencing to life in prison for “separatism,” according to a group that advocates for his release.
Chinese browser Tuber offers a glimpse beyond the Great Firewall — with caveats
TechCrunch
@ritacyliao
While some celebrate the app as an unprecedented “opening up” of the Chinese internet, such as this state media journalist, others quickly noticed the browser comes with a veil of censorship.
Tuber App That Promised Access to Blocked Sites in China Gone Within a Day
Whats on Weibo
It seems that the Tuber App, which promised access to blocked sites in China, is now blocked itself.
USA
Hackers exploit Trump's COVID-19 diagnosis to spread a different kind of virus
CyberScoop
Emails contain subject lines like “Recent materials pertaining to the president’s illness.” The body of the messages contain a hyperlink to an attached document. Clicking on it takes victims to a malicious Excel spreadsheet which can download BazaLoader, Proofpoint said.
The US Military Is About to Launch Its Largest 5G Experiments Yet
Defense One
@DefTechPat
The “at-scale” tests could change defense networks, training, and logistics — and how Americans use the Internet.
Dickson Yeo, the Singaporean who spied for China in the US, due to be sentenced
The Straits Times
Yeo, who was then a PhD student at the National University of Singapore's Lee Kuan Yew School of Public Policy, used social media to target American military and government employees who had access to sensitive information and persuaded them to write reports for cash.
Proud Boys websites kicked off web host, Google Cloud
ZDNet
@campuscodi
Following years of lobbying efforts, Google intervenes with one of its customers to have Proud Boys websites moved off its platform.
US unveils enforcement framework to combat terrorist, criminal cryptocurrency activities
ZDNet
@SecurityCharlie
Blockchain technologies are described as “breathtaking,” but still, the US wants to tighten its grip on emerging criminal use cases.
US Cyber Command disrupted the notorious Trickbot botnet
Engadget
@mariella_moon
It was reportedly meant to keep elections secure.
South and Central Asia
Pakistan blocks social media app TikTok for "immoral and indecent" content
Reuters
Pakistan’s telecom regulator blocked TikTok on Friday for failing to filter out “immoral and indecent” content, another blow to the social media app that has come under increasing scrutiny as its popularity has surged across the globe.
UK
Contact-tracing app has only sent one alert about an outbreak in a venue
Sky News
@rowlsmanthorpe
The absence of such alerts has raised questions as the mass closures of pubs and bars is expected in parts of the country.
Contact-tracing data harvested from pubs and restaurants being sold on
The Times
@shanti_das @ShingiMararike
Companies collecting data for pubs and restaurants to help them fulfil their contact-tracing duties are harvesting confidential customer information to sell.
Home Secretary and international partners tell tech companies to put child safety first
UK Home Office
Seven countries have today published an international statement on the end-to-end-encryption and public safety.
Europe
Backers of Australia's mandatory news code welcome French ruling on Google
The Guardian
Paris court orders the tech giant to discuss compensation with publishers for using content in search results or on Google News
Huawei ousted from heart of EU as Nokia wins Belgian 5G contracts
Reuters
Orange and Proximus have picked Nokia to help build 5G networks in Belgium as they drop Huawei amid U.S. pressure to exclude the Chinese firm from supplying key telecoms equipment.
Zweden is de proeftuin van China’s assertieve buitenlandpolitiek [Sweden is the testing ground for China's assertive foreign policy]
NOS
In verschillende landen wordt de nieuwe, assertieve buitenlandpolitiek 'uitgeprobeerd'. Deskundigen leggen in dit verhaal uit hoe China daarbij te werk gaat. [The new, assertive foreign policy is being 'tried out' in various countries. In this story, experts explain how China works.]
Facebook moderators speak of Covid risk in Dublin office
The Times
@marktigheST
Contract staff working as moderators for Facebook in Dublin have complained about the conditions in their Sandyford office, after two people went down with the coronavirus.
Gender and Women in Cyber
Funding for female founders falls to 2017 levels as pandemic shakes up the VC market
TechCrunch
@alex
Recent data concerning Q3 2020 compiled by PwC indicates that the quarter was relatively rich. Certainly, overall deal volume in the United States is down slightly compared to year-ago periods, but female founders fared worse.
Misc
Twitter Will Turn Off Some Features to Fight Election Misinformation
New York Times
@kateconger
Twitter also said it would add a label to claims about who won the election until it has been called by authoritative sources.
Read Twitter’s announcment about these changes here.
Facebook, Twitter dismantle global array of disinformation networks. Reuters
A Political Ad Ban Won’t Fix Facebook’s Election Problem. Wired
Put Trump's Tweets on a Time Delay
Wired
Twitter has announced new changes to combat misinformation. It should go further by checking and flagging the president's tweets—before they wreak havoc.
Peloton removed QAnon hashtags from its platform as tech companies grapple with the conspiracy theory movement
Business Insider
A Peloton spokesperson confirmed to Business Insider that the fitness brand removed tags related to the QAnon conspiracy theory.
Google’s Supreme Court faceoff with Oracle was a disaster for Google
ArsTechnica
@binarybits
More importantly, an Oracle win could reshape how copyright law treats APIs, giving incumbents the power to lock out competitors who want to build compatible software.
Researchers Find Vulnerabilities in Microsoft Azure Cloud Service
The Hacker News
Two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server.
AMD Is in Advanced Talks to Buy Xilinx
The Wall Street Journal
@CaraRLombardo @danacimilluca
Advanced Micro Devices Inc. is in advanced talks to buy rival chip maker Xilinx Inc., according to people familiar with the matter, in a deal that could be valued at more than $30 billion and mark the latest big tie-up in the rapidly consolidating semiconductor industry.
Ransomware gang now using critical Windows flaw in attacks
Bleeping Computer
@Ionut_Ilascu
Microsoft is warning that cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks. The alert comes after the company noticed ongoing attacks from cyber-espionage group MuddyWater (SeedWorm) in the second half of September.
Negligent data center shutdowns bring $60 million fine for Morgan Stanley
CyberScoop
@jwarminsky
Morgan Stanley, the bank “failed to adequately assess the risk of subcontracting the decommissioning work, including exercising adequate due diligence in selecting a vendor and monitoring its performance
TSMC gets license allowing it to ship chips to Huawei; however, there is a major caveat
Phone Arena
@wolfcallsputs
The chips that the world's largest independent foundry can supply Huawei with have to be produced using more "mature" process nodes. Unfortunately, these older process nodes have no use when it comes to driving today's mobile phones.
Amazon's Latest Gimmicks Are Pushing the Limits of Privacy
Wired
Privacy advocates warn that the Ring Always Home Cam and Amazon One both normalize aggressive new forms of data collection.
Events
ASPI Webinar Launch: The Flipside of China’s Central Bank Digital Currency
ASPI ICPC
14 OCT 2020
Time: 11:00 am - 12:00 pm
Venue: Online
ASPI is delighted to invite you to the webinar launch of the International Cyber Policy Centre’s new report 'The Flipside of China’s Central Bank Digital Currency'. China’s central bank digital currency, known as ‘DC/EP’ (Digital Currency/Electronic Payment), is rapidly progressing and, if successful, would have major international implications that have not yet been widely considered by policy makers, as well as for governments, investors, and companies – including China’s own tech champions. This report aims to improve baseline understanding of DC/EP’s structural mechanics and to place the project in its political and bureaucratic context. It also seeks to contribute to an informed conversation about what the roll-out of DC/EP could mean for China and for the world. In this webinar, report authors Dr Samantha Hoffman, John Garnaut and Dr Matthew Johnson & Alexandra Pascoe will discuss some of the key findings from the report and offer insights into the potential of China’s central bank digital currency.
ASPI Webinar: Australia’s Cyber Security Strategy In-Focus
ASPI ICPC
The Covid-19 pandemic has emphasised the importance of the online world; it is now critically important in managing this pandemic. Yet at the same time, the risks and threats are increasing—in June the Prime Minister warned us that Australia was being targeted by a sophisticated state actor. In this webinar, hear from the Abigail Bradshaw CSC, head of the Australian Cyber Security Centre, and Marc Ablong PSM, head of National Resilience and Cyber Security group at Home Affairs, in a discussion moderated by Fergus Hanson, Director of ASPI's International Cyber Policy Centre, about Australia’s Cyber Security Strategy 2020 and how it will be operationalised.
CyFy 2020
ORF
CyFy 2020 (12-16 October), hosted by India’s largest think-tank the Observer Research Foundation, will gather an international community of experts — for the first time in a virtual setting — to identify, interrogate and interpret the new normal that is emerging in our global digital society. Over the course of a week, five themes will animate CyFy’s virtual discussions.
Research
Jobs
Senior Researcher / Project Lead
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has an outstanding opportunity for a senior researcher to lead a one-year project looking at leadership networks across Asia. Interviews will start immediately.
Cyber Initiative and Special Projects Fellow
The William and Flora Hewlett Foundation
The William and Flora Hewlett Foundation is seeking a Cyber Initiative and Special Projects Fellow, a three-year fixed term position, to be based in Menlo Park, California.