A global tipping point for reining in tech has arrived | State-linked hackers hit American, European orgs with Pulse Secure exploits | Syria chemical-attack deniers admit links to WikiLeaks, Russia

Apr 20, 2021

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

Around the world, governments are moving simultaneously to limit the power of tech companies with an urgency and breadth that no single industry had experienced before... While nations and tech firms have jockeyed for primacy for years, the latest actions have pushed the industry to a tipping point that could reshape how the global internet works and change the flows of digital data. The New York Times
Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday. CyberScoop
A group of British academics was secretly in contact with Russian diplomats in four separate embassies as they worked to undermine evidence that Bashar al-Assad was using chemical weapons against his own people, according to emails seen by The Daily Beast… Some of these completely unproven theories have been taken up enthusiastically on social media and used to sow disinformation about Assad’s war crimes. Daily Beast

ASPI ICPC

Danielle Cave @DaniellesCave

.@ASPI_org will have 2 quantum reports out in the nxt mth. The 1st by ASPI's Defence & Nat Sec team is out on quantum, secure comms & defence: aspi.org.au/report/impact-…. It outlines how 🇦🇺 research & tech firms can contribute to & bring key capabilities to the ADF+alliance partners

World

A Global Tipping Point for Reining In Tech Has Arrived
The New York Times
@paulmozur @ceciliakang @satariano @dmccabe
Around the world, governments are moving simultaneously to limit the power of tech companies with an urgency and breadth that no single industry had experienced before. Their motivation varies. In the United States and Europe, it is concern that tech companies are stifling competition, spreading misinformation and eroding privacy; in Russia and elsewhere, it is to silence protest movements and tighten political control; in China, it is some of both. While nations and tech firms have jockeyed for primacy for years, the latest actions have pushed the industry to a tipping point that could reshape how the global internet works and change the flows of digital data.

State-linked hackers hit American, European organizations with Pulse Secure exploits
Cyber Scoop
@snlyngaas
Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday.

Alert (AA21-110A): Exploitation of Pulse Connect Secure Vulnerabilities
CISA
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products.

Hackers are exploiting a Pulse Secure 0-day to breach orgs around the world
Ars Technica
@dangoodin001
Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft of organizations in the US Defense industry and elsewhere, researchers said.

Australia

Jenny Bloomfield @AusOfficeTPE

很榮幸與科技部吳部長會面，台灣是全球高科技的領導者，特別在能源、生技等方面，澳洲非常期待深化與台灣在重要科技領域的夥伴關係。 Look forward to deepening science & tech partnership with Taiwan, a tech world leader, following a positive meeting with Minister Wu.

Farewell Afterpay, Australia loses its homegrown tech giant to the US
The Sydney Morning Herald
@EKnightOfficial
Australia, having fulfilled its role as the incubator for buy now, pay later companies, will soon watch them hatch, leave the nest and venture to the US. The first to take flight will be the oldest of the batch - Afterpay.

China

Chinese feminists are being silenced by nationalist trolls. Some are fighting back
CNN
@Nectar_Gan
The torrent of hate messages filling Liang Xiaowen's inbox stopped as suddenly as it had started. For a week, the 29-year-old Chinese feminist was subject to incessant chauvinist and misogynist attacks on Weibo, one of China's most popular social media sites. She was called a "traitor" and a "xenocentric bitch." Some users discussed how to find her parents' home address. Then, without any warning, Liang's account was removed by Weibo.

USA

Biden administration unveils plan to defend electric sector from cyberattacks
Cyber Scoop
@shanvav
The Biden administration is buckling down on cyber threats to U.S. power infrastructure. The Department of Energy (DOE) announced a 100-day plan to help shore up the U.S. electric power system against cyber threats Tuesday.

Does Big Tech Hurt U.S. National Security?
Foreign Affairs
We at Foreign Affairs have recently published a number of pieces on Big Tech and U.S. national security. To complement these articles, we decided to ask a broad pool of experts for their take. As with previous surveys, we approached dozens of authorities with specialized expertise relevant to the question at hand, together with leading generalists in the field. Participants were asked to state whether they agreed or disagreed with a proposition and to rate their confidence level in their opinion. Their answers are below.

In Punishing Russia for SolarWinds, Biden Upends U.S. Convention on Cyber Espionage
The Wall Street Journal
@dnvolz
President Biden’s decision this week to punish Russia for the SolarWinds hack broke with years of U.S. foreign policy that has tolerated cyber espionage as an acceptable form of 21st century spycraft, analysts and former officials said.. “The hard question therefore is this: How was SolarWinds different from high-end Five Eyes intelligence operations?” asked Mr. Rid, referring to the name used for a cadre of Western intelligence powers. Administration officials deemed the SolarWinds hack beyond the boundaries of acceptable cyber operations because of its scope and scale. A senior administration official said Thursday the retaliation was additionally justified because the burden of repairing the damage largely fell on private companies and because Russia had shown in the past it can turn an espionage operation into something more destructive.

US-Japan roll out digital counter to China’s BRI
Asia Times
Richard Javad Heydarian
Suga-Biden summit launched multi-billion dollar plan to challenge BRI-backed Digital Silk Road scheme with more ventures to come.

North Asia

Why the world should pay attention to Taiwan's drought
BBC News
Cindy Sui
At the Baoshan No. 2 Reservoir in Hsinchu County, the primary water source for Taiwan's $100bn semiconductor industry, the water level is at the lowest it's ever been - only 7% full. If this and other reservoirs in Taiwan dry up, it could be detrimental for the global electronics sector, because so many of the products people use are powered by semiconductors - computer chips - made by Taiwanese companies. Around 90% of the most advanced microchips are manufactured in Taiwan. They're key to objects ranging from ventilators to smartphones, and the pandemic has left demand high and supply tight. The US is now worried about over-reliance on chips made overseas, including in Taiwan.

Japan should join Five Eyes intelligence network, says ambassador
The Sydney Morning Herald
Peter Hartcher
Japan is making progress toward joining the Anglophone world’s post-war spying network known as Five Eyes, according to Japan’s ambassador to Australia.

NZ & Pacific Islands

Is Facebook doing enough to combat COVID-19 misinformation in the Pacific?
ABC News
@marianfaa
Facebook has launched public COVID-19 education campaigns in Fiji and Papua New Guinea following calls for the social media giant to do more to tackle misinformation shared on its platform. The campaigns include graphics and videos in English and local languages, encouraging people to be aware of misinformation, fact-check claims and visit reputable Government websites for advice. A similar campaign will soon begin in Samoa. It comes as COVID-19 vaccination programs begin to roll out in all three countries.

South & Central Asia

India wants to cut Big Tech down to size. Critics say the new rules may give the state too much power
CNBC
@sahelirc
India's new rules for social media is a sign that New Delhi is hardening its stance toward Big Tech, experts told CNBC.. In February, New Delhi announced sweeping reforms to that would hold social media platforms like Facebook, WhatsApp and others more accountable to legal requests. They would be required to take down content the government deems "unlawful" while messaging service providers would be required to identify original posters of certain messages — but that could mean breaking end-to-end encryption promised to users.. Chakravorti outlined several reasons why India is becoming less accommodative toward Big Tech. A big driver is the rise of India's homegrown platforms such as Reliance Jio, which "benefits from the government taking a more aggressive stance on the US tech companies as it (Jio) looks to develop its own apps and services," he told CNBC.

UK

Syria Chemical-Attack Deniers Admit Links to WikiLeaks and Russia
Daily Beast
@michaeldweiss @JettGoldsmith
A group of British academics was secretly in contact with Russian diplomats in four separate embassies as they worked to undermine evidence that Bashar al-Assad was using chemical weapons against his own people, according to emails seen by The Daily Beast… Some of these completely unproven theories have been taken up enthusiastically on social media and used to sow disinformation about Assad’s war crimes.

Europe

Europe eyes strict rules for artificial intelligence
Politico
@melissahei
The European Union wants to avoid the worst of what artificial intelligence can do — think creepy facial recognition tech and many, many Black Mirror episodes — while still trying to boost its potential for the economy in general. According to a draft of its upcoming rules, obtained by POLITICO, the European Commission would ban certain uses of "high-risk" artificial intelligence systems altogether, and limit others from entering the bloc if they don't meet its standards. Companies that don't comply could be fined up to €20 million or 4 percent of their turnover.

Disputes Mar the EU’s Struggle to Regulate Tech
CEPA
@apolyakova, Aristotle Vainikos
The Digital Markets Act (DMA), a centerpiece of the European Union’s tech regulatory agenda, is an ambitious effort to prop up European tech companies, which have underperformed in driving innovation. But while the European Commission believes its duty is to ensure a competitive digital market, there are increasing disputes among the 27 member states on key provisions in the proposal. Substantive disagreements paired with national governments going their own way may now derail the DMA.

Misc

In war zones, social media disinformation is costing lives
WIRED
@maude_morrison0, Adam Cooper
Do we, as a society, want the disinformation debate to focus narrowly on defending Western democracy – or we take a wider view, that includes countries at war?

120 Compromised Ad Servers Target Millions of Internet Users
The Hacker News
Ravie Lakshmanan
An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware.

Tool Links Email Addresses to Facebook Accounts in Bulk
VICE
@josephfcox
A tool lets a user see which email address is linked to a Facebook account even if the Facebook user didn't publicly advertise their address, according to a video sent to various researchers and Motherboard.

Facebook Wants to 'Normalize' the Mass Scraping of Personal Data
VICE
@josephfcox
Facebook wants to "normalize" the idea that large scale scraping of user data from social networks like its own is a common occurrence, as the company continues to face fallout from a leak of over 500 million Facebook users' phone numbers.

They Hacked McDonald’s Ice Cream Machines—and Started a Cold War
WIRED
@a_greenberg
Secret codes. Legal threats. Betrayal. How one couple built a device to fix McDonald’s notoriously broken soft-serve machines—and how the fast-food giant froze them out.

Discord Ends Deal Talks With Microsoft
The Wall Street Journal
Chat startup Discord Inc. has halted talks to sell itself to potential suitors including Microsoft Corp., according to people familiar with the matter, as it resumes interest in a potential initial public offering down the line.

Research

Martijn Rasser @MartijnRasser

NEW: Tour de force report by @LorenRaeDeJ and @_ainikki. A framework for how USG can effectively craft and execute a national tech strategy. @CNASdc @CNAStech

Trust the ProcessDeveloping strong, pragmatic and principled national security and defense policies.cnas.org

Events

Martijn Rasser @MartijnRasser

Join @TrishBytes, @KellyKborn and me for the webinar "The Future of Technology, Interdependence, and Resilience in the Indo-Pacific" April 22: 0900 PT/1200 ET Hosted by @StanfordCyber and @Hewlett_Found.

Welcome! You are invited to join a webinar: April 22nd at 9:00 am Pacific | The Future of Technology, Interdependence and Resilience in the…The Indo-Pacific will be the locus of global conflict and growth in the realm of critical and emerging technologies in the new decade. The region is home to the largest, most rapidly growing internet user bases in the world, accounting for just over half of the world’s internet users. At the same ti…stanford.zoom.us

Jobs

ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. Candidates must have the ability to synthesis complex cyber and technology developments and explain these developments to media and key stakeholders in plain language. The ability to engage with and brief seniors across parliaments, governments, civil society and the business community.

International Cyber Policy Centre – Program Coordinator
ASPI ICPC
The Coordinator’s primary focus will be the organisation and execution of ICPC’s sponsorship program. The Program Coordinator will work closely with internal and external stakeholders to maintain and develop these relationships. The coordinator will also support the Director and the Deputy Director with the coordination and delivery of ICPC's global research program. This will be a busy, fast-paced and varied role that would suit a highly organised and energetic individual who thinks and acts strategically.