38M records exposed online | Cyberwar as an opportunity to decrease global violence | Beijing takes ByteDance Board Seat, Tencent and Alibaba may be next
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
More than a thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases. The data included a range of sensitive information, from people’s phone numbers and home addresses to social security numbers and Covid-19 vaccination status. WIRED
As the post-Sept. 11 conflicts come to an abrupt end, we are now at an important crossroads when it comes to determining just how far we are willing to take cyberwar. One possible avenue points to perilous conflict escalation between great powers further enabled by digital technologies. But an alternative perspective sees cyberwar as an opportunity to decrease global violence. Could such tactics shift war’s focus away from human casualties? The New York Times
The move by Chinese authorities to take an equity stake and board seat in ByteDance’s China subsidiary isn’t a one-off. It’s part of Beijing’s effort to increase oversight of all social media and news, which means other major owners of online content platforms, such as Tencent, Alibaba and Kuaishou, will likely be on the receiving end of similar government actions, according to tech investors and corporate lawyers in China. The Information
ASPI ICPC
Australia and the future of moving, making, and computing
AuManufacturing
Brent Balinski
A recent report published by the Australian Strategic Policy Institute argues that though Australia has produced an oversized research contribution to the field, it has fallen behind in the last five years while other developed nations and private enterprises have upped their investments. The report also advocates for a $15 billion federal investment in critical emerging technologies, with $3 billion to $5 billion allocated to quantum. “I think the article is timely and highlights some gaps in Australia that mean we are potentially going to miss some key opportunities in quantum,” says Rabeau.
Read our report 'An Australian strategy for the quantum revolution'
World
Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up
CyberScoop
@timstarks
Two separate CEOs of major insurance giants remarked in recent weeks about a considerable jump in cyber insurance premium prices: AIG’s chief executive said rates increased by 40% for its clients, while Chubb’s chief executive said that company was charging more, too. Rather than welcoming the trend, Chubb CEO Evan Greenberg offered a warning. Those price increases, he said, still don’t reflect the grave risk that a catastrophic cyber event poses.
Read our report on ransomware: 'Exfiltrate, encrypt, export'
Facebook removed 20 million posts for Covid-19 misinformation. Is it enough?
First Draft
On Wednesday, Facebook announced that between April and June it had removed 20 million posts that contained Covid-19 misinformation. The platform also said that warning labels had been added to more than 190 million Covid-19-related posts. The data was released as part of the platform’s Community Standards Enforcement Report, and, starting this past Wednesday, is accompanied every quarter by the Widely Viewed Content Report.
Data Brokers Know Where You Are—and Want to Sell That Intel
WIRED
@jshermcyber
In a new report for the Cyber Policy Program at Duke University’s Sanford School of Public Policy, I surveyed 10 major data brokers and the sensitive data they advertise. They openly and explicitly promulgate data on individuals’ demographic characteristics (from race to gender to income level) and political preferences and beliefs (including support for the NAACP, ACLU, Planned Parenthood, and the National LGBTQ Task Force), and on current US government and military personnel. Several of these firms also market another disturbing product: Americans’ geo-locations.
Australia
eSafety chief readies for online content crackdown
InnovationAus
@denhamsadler
The eSafety Commissioner has opened consultations on a range of new measures to crackdown on social media firms and other platforms to block underage individuals from accessing online pornography and material classified to be R18+ or higher. The eSafety Commissioner is ramping up its powers following the passage through Parliament of the Online Safety Act earlier this year, with the new scheme to come into effect from 2022.
‘No checks and balances’: $5b Aussie fund manager dumps Chinese stocks
Brisbane Times
@CharlotteGriev1
A prominent Australian fund manager overseeing investments worth over $5 billion says it has sold out of Chinese stocks completely and will not re-invest in the country until the ruling Communist Party provides more clarity around the regulatory crackdown against its major corporates. Melbourne-based Munro Partners had previously invested up to 15 per cent of its portfolio, or $750 million, into Chinese equities, including stakes in tech giants Tencent and Alibaba. But chief investment officer Nick Griffin said the firm’s stakes in all Chinese companies were divested over the first half of this year due to rising investment risks.
China
After Beijing Takes ByteDance Board Seat, Tencent and Alibaba May Be Next
The Information
@beijingscribe @juroosawa
The move by Chinese authorities to take an equity stake and board seat in ByteDance’s China subsidiary isn’t a one-off. It’s part of Beijing’s effort to increase oversight of all social media and news, which means other major owners of online content platforms, such as Tencent, Alibaba and Kuaishou, will likely be on the receiving end of similar government actions, according to tech investors and corporate lawyers in China.
Wuhan lab leak theory: How Fort Detrick became a centre for Chinese conspiracies
BBC News
A disinformation campaign claiming that the Covid-19 virus originated from an American military base in Maryland has gained popularity in China ahead of the release of a US intelligence report on the virus origins.
Chinese robot makers battle Europe and Japan rivals on home turf
Nikkei Asia
Shin Watanabe
Chinese industrial robots still have some catching up to do in terms of technology, but they are roughly 30% cheaper than Japanese and European counterparts, an opening Chinese manufacturers are set to exploit to gain ground in their home market.
The China tech bubble is bursting. That’s not a bad thing for investors
Rest of World
@ruima
Starting a month ago, officials have rained regulation over China’s powerful tech giants, triggering a more-than trillion-dollar drop in their stock market value; it intensified again just last week, with a law that heavily restricts how they collect and share private data. But far from degrading the whole internet sector’s investability, actually, the regulatory deluge is part of a well-signaled plan designed to shore up its future.
Beijing’s American Hustle
Foreign Affairs
Matt Pottinger
Although many Americans were slow to realize it, Beijing’s enmity for Washington began long before U.S. President Donald Trump’s election in 2016 and even prior to Chinese President Xi Jinping’s rise to power in 2012. The United States and other free societies have belatedly woken up to this contest, and a rare spirit of bipartisanship has emerged on Capitol Hill. But even this new consensus has failed to adequately appreciate one of the most threatening elements of Chinese strategy: the way it exploits vital aspects of American and other free societies and weaponizes them in the service of Chinese ambitions.
WeChat and UnionPay will recognise each other’s QR codes
Protocol
@ZeyiYang
Chinese super app WeChat and the country's traditional payment processing giant UnionPay will recognise each other's payment QR code, Chinese publication Beijing News reported on Monday.
USA
38M Records Were Exposed Online—Including Contact-Tracing Info
WIRED
@lilyhnewman
More than a thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases. The data included a range of sensitive information, from people’s phone numbers and home addresses to social security numbers and Covid-19 vaccination status.
A group of moms on Facebook built an island of good-faith vaccine debate in a sea of misinformation
The Washington Post
@lizzadwoskin @willoremus @GerritD
As social media giants struggle to crack down on false claims about covid, ordinary users are finding ways to reach vaccine skeptics — and win them over.
Washington and Seoul Seek to Diversify the South Korea-US Alliance Through Cyber
The Diplomat
@jasonabartlett
While addressing the North Korean nuclear threat will remain a major focus of the South Korea-U.S. alliance, the addition of cybersecurity-specific language in the 2021 Biden-Moon summit suggests new collaborative measures between Washington and Seoul to diversify the alliance beyond its traditional role of deterring a second Korean War.
Apple already scans iCloud Mail for CSAM, but not iCloud Photos
9to5Mac
@benlovejoy
Apple has confirmed to me that it already scans iCloud Mail for CSAM, and has been doing so since 2019. It has not, however, been scanning iCloud Photos or iCloud backups.
Central Asia
Homegrown app helping Kabul residents steer clear of danger
Financial Times
@madhumita29
As Kabul fell on Sunday, 20 young Afghan tech workers tracked the Taliban’s advance, broadcasting real-time reports of gunfire, explosions and traffic jams across the city through a new app. Called Ehtesab, the app relies on ground-level reports from a vetted team of users to a private WhatsApp group. The reports, which are then verified by the app’s fact checkers, range from security incidents, such as fires, gunshots and bombings, to road closures and traffic problems to electricity cuts. Sara Wahedi, the 26-year-old founder of the app, said the team tried to confirm the reports with the interior ministry, “when it used to exist”.
Afghans are forced to choose between staying safe and staying online
Rest of World
@telliotter
As the Taliban seized control of major cities, people grew concerned that the group could use social media profiles and other information on the internet to identify citizens who previously worked for the Afghan security forces, civilian government, or foreign organizations. Many Afghans scrambled to delete their accounts or adjust their privacy settings, sometimes forced to choose between staying safe and maintaining important connections to contacts abroad.
Misc
Could Cyberwar Make the World Safer?
The New York Times
@cybele_cg
As the post-Sept. 11 conflicts come to an abrupt end, we are now at an important crossroads when it comes to determining just how far we are willing to take cyberwar. One possible avenue points to perilous conflict escalation between great powers further enabled by digital technologies. But an alternative perspective sees cyberwar as an opportunity to decrease global violence. Could such tactics shift war’s focus away from human casualties?
The REvil Is In The Details
Forbes
Reuven Aronashvili
The cyber industry needs to take a good, hard look in the mirror to face our collective failure to predict, plan for and defend against the type of paradigm-shifting ransomware attack carried out by REvil. The attack targeted software maker Kaseya — a company that develops software used to manage business networks and devices. Kaseya sells that software to managed service providers (MSPs), who, in turn, contract with companies to outsource the management of their IT systems.
The tough calculus of emissions and the future of EVs
Tech Crunch
@MarkPMills
Investors and politicians embracing a vision of an all-electric car future believe that path will significantly reduce global carbon dioxide emissions. That’s far from clear. A growing body of research points to the likelihood that widespread replacement of conventional cars with EVs would likely have a relatively small impact on global emissions. And it’s even possible that the outcome would increase emissions.
Research
Report: Data Brokers and Sensitive Data on U.S. Individuals
Duke, Sanford School of Public Policy
@jshermcyber
This report examines 10 major data brokers and the highly sensitive data they hold on U.S. individuals. It finds that data brokers are openly and explicitly advertising data for sale on U.S. individuals’ sensitive demographic information, on U.S. individuals’ political preferences and beliefs, on U.S. individuals’ whereabouts and even real-time GPS locations, on current and former U.S. military personnel, and on current U.S. government employees.
Events and podcasts
Disinformation in Malaysia: from cybertroopers to anti-fake news laws
ANU College of Asia and the Pacific
@jshermcyber
For better or worse, Malaysia is often at the forefront of digital media industry 'advancement'. 'Cybertroopers' were central to Malaysian public discourse long before 'buzzers' and 'trolls' became popularised in Southeast Asia. Global companies like Cambridge Analytica placed their offices first in Kuala Lumpur. In this webinar I ask what these trends mean for Malaysia's digital public sphere, including the fervent adoption of new communication practices.
Jobs
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.