Good morning. It's Wednesday 14th February.

The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.

Follow us on Twitter and on LinkedIn.

Apple Inc.’s iMessage and Microsoft Corp.’s Bing search engine, Edge web browser and Advertising service will avoid strict new European Union rules reining in Big Tech platforms. Bloomberg

North Korea is a major contributor to rising cyber insecurity. North Korea is also using cyber operations for espionage, intelligence gathering, and information operations to steal critical military information. Binding Hook

China’s offensive cyber capabilities have been under the scanner for a few years now. Even though China does not have a formal cyber offensive strategy, the capability mix and the changing approach that China has developed in the cyber offensive realm remain quite consequential. The Diplomat

World

Avoiding the disinformation trap

The New Yorker

Joel Simon

In the course of 2024, an estimated four billion people—half the world’s population—will go to the polls in eighty-three elections. Leading experts in global security have warned that disinformation is a major threat to the world’s stability in 2024, including in the United States, where most Republicans believe that Joe Biden’s win in the 2020 Presidential election was illegitimate. But fighting disinformation is a fraught endeavor. In some instances, researchers say, efforts to do so have hurt more than they have helped.

Australia

One in four companies banning AI ‘for now’ amid privacy concerns: Cisco study

The Australian

Jared Lynch

More than a quarter of Australian companies have banned artificial intelligence tools in the workplace, citing privacy concerns — including the potential of corporate secrets being shared with competitors, according to a new study. Communications technology titan Cisco surveyed more than 2600 security and privacy professionals across 12 countries, which revealed businesses were unplugging the much-hyped technology — for now. This is despite bigger businesses beginning to reap productivity gains from the much-hyped technology, which the Albanese government expects will inject up to $600bn a year into the national economy by 2030.

Unlocking AUKUS Pillar II will need more than BAU

InnovationAus

Dr Miah Hammond-Errey and Tom Barrett

Technology advancement is critical, but it is not the only essential ingredient for the success of AUKUS Pillar II. Without progress on two unheralded ‘functional’ areas – information sharing and innovation – which underpin the technological areas of Pillar II, as well as trilateral coordination across the board, long-term success will remain elusive. Almost two and a half years on from the initial announcement of AUKUS, the first significant shift of focus from Australia’s planned acquisition of nuclear-powered submarines came in the form of a joint statement from the AUKUS Defence Ministers Meeting in December 2023.

China

China’s chip industry is gaining momentum – it could alter the global economic and security landscape

The Conversation

China’s national champions for computer chip – or semiconductor – design and manufacturing, HiSilicon and Semiconductor Manufacturing International Corporation, are making waves in Washington. In August 2023, Huawei launched its high-end Huawei Mate 60 smartphone. According to the Center for Strategic and International Studies- an American think tank based in Washington DC, the launch “surprised the US” as the chip powering it showed that Chinese self-sufficiency in HiSilicon’s semiconductor design and SMIC’s manufacturing capabilities were catching up at an alarming pace.

USA

US official warns of China’s growing offensive cyber power

The Diplomat

Rajeswari Pillai Rajagopalan

China’s offensive cyber capabilities have been under the scanner for a few years now. Even though China does not have a formal cyber offensive strategy, the capability mix and the changing approach that China has developed in the cyber offensive realm remain quite consequential. A recent U.S. House Select Committee on the Chinese Communist Party (CCP) hearing disclosed a lot about China’s growing offensive cyber prowess. The hearing titled “The CCP Cyber Threat to the American Homeland and National Security” revealed Beijing’s interests in targeting U.S. infrastructure, the disruption of which would “wreak havoc,” creating enormous harm to American society at large. The hearing included statements from Federal Bureau of Investigation Director Christopher Wray, Cybersecurity and Infrastructure Security Agency Director Jen Easterly, and U.S. Cyber Command Chief General Paul Nakasone.

CISA releases 2024 priorities for the Joint Cyber Defense Collaborative

CyberScoop

Christian Vasquez

The Cybersecurity and Infrastructure Security Agency on Monday released the 2024 priorities for the Joint Cyber Defense Collaborative, an operational-focused government and private collaborative which has faced recent criticism. The announcement of three broad priorities will mark an alignment of “resources and strategic direction.” In the coming year, the JCDC will focus on: defending against advanced persistent threat operations, raising baseline protections for critical infrastructure owners and operators, and anticipating emerging technology and risks.

Biden campaign decision to join TikTok raises national security concerns

The Guardian

The chair of the US Senate Intelligence Committee, a senior Democrat, said he is concerned about the decision by the campaign of president Joe Biden to join TikTok. The campaign’s launch on TikTok is notable given that the app, which is owned by Chinese tech company ByteDance, is under review in the US due to potential national security concerns. Some US lawmakers have called for the app to be banned over concerns that the Chinese government could access user data or influence what people see on the app.

FCC orders telecom carriers to report PII data breaches within 30 days

Bleeping Computer

Sergiu Gatlan

Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. he updated data breach reporting rules aim to ensure that "providers of telecommunications, interconnected Voice over Internet Protocol, and telecommunications relay services are held accountable in their obligations to safeguard sensitive customer information, and to provide customers with the tools needed to protect themselves in the event that their data is compromised."

Explainer: what is Volt Typhoon and why is it the ‘defining threat of our generation’?

The Guardian

Helen Davidson

Relations between the US and China – particularly over Beijing’s threats to annex Taiwan – have plummeted in recent years, prompting growing concern about the potential for hostilities or all-out conflict. So recent revelations that a Chinese hacking network known as Volt Typhoon had been lying dormant inside US critical infrastructure for as long as five years have sparked considerable alarm. The network exploited US technological and security weaknesses. But rather than stealing secrets, US and allied intelligence services said it was focused on “pre-positioning” itself for future acts of sabotage. The Netherlands and Philippines have also recently publicly identified Chinese-backed hackers as targeting state networks and infrastructure.

North Asia

Emerging technologies will intensify the North Korean cyber threat

Binding Hook

Abhishek Sharma

The World Economic Forum’s Global Risk Report 2024, released in January, puts cyber insecurity as the fourth most severe global risk, up from eighth in 2023. North Korea is a major contributor to rising cyber insecurity. Its hackers stole $600 million in cryptocurrency in 2023, “almost a third of all funds stolen in crypto attacks last year”, according to a report by TRM Labs. North Korea is also using cyber operations for espionage, intelligence gathering, and information operations to steal critical military information. It targets academia, human rights organisations, and media companies; it creates discontent or mistrust through election fraud; and attacks critical national infrastructure, particularly in South Korea and the United States.

South & Central Asia

Taliban shuts down 'queer.af' domain, breaking Mastodon instance

404 Media

The Mastodon instance “queer.af” was effectively shut down by the Taliban, which has begun to operate Afghanistan’s “.af” top level domain after years of inactivity. When the Taliban retook control of Afghanistan in 2021, the fate of these domains and the websites on them became uncertain, and, three years later, another shoe now appears to be dropping. Last month, Erin Shepherd, the administrator of the queer.af Mastodon instance on the Fediverse posted that they have been “in limbo” since the Taliban retook control of the country, and had already planned to shut down in April. The Taliban shut the domain down roughly two months before it was scheduled to renew.

OpenAI executives discuss election misinformation and safety with civil society in India

The Hindu

Aroon Deep and Nihal Krishan

Popular generative artificial intelligence company OpenAI, best known for its ChatGPT tool, gathered some of the top tech policy and civil society representatives in India on February 12 to discuss AI-driven misinformation and election preparedness for the upcoming general election. Former top Indian government Information Technology officials and tech scholars who attended OpenAI’s private roundtable meeting in Delhi said the Election Commission of India could be doing much more in coordination with major tech platforms such as OpenAI to combat misinformation and disinformation during a time of heightened sensitivities.

Europe

Apple iMessage, Microsoft Bing dodge EU’s big tech crackdown

Bloomberg

Samuel Stolton

Apple Inc.’s iMessage and Microsoft Corp.’s Bing search engine, Edge web browser and Advertising service will avoid strict new European Union rules reining in Big Tech platforms. A probe concluded that the services don’t hold a dominant enough position to be regulated under the EU’s Digital Markets Act, the European Commission announced on Tuesday. Apple and Microsoft said they welcomed the decision in separate statements following the announcement. The decision from EU regulators is a win for the two US firms, which would have been obliged to adapt their services to meet a swathe of new obligations and prohibitions designed to limit market power abuses.

Cyberattack hits German battery maker Varta, halts production

Bloomberg

Aggi Cantrill

German battery maker Varta AG was hit by a cyberattack Monday night that halted production in five of its production facilities, the company said. The company’s information technology systems “and thus also production were pro-actively temporarily shut down for security reasons and disconnected from the internet,” Varta said in a statement on Tuesday. The extent of the damage is still being reviewed.

Hospitals offline across Romania following ransomware attack on IT platform

The Record by Recorded Future

James Reddick

Four more Romanian hospitals were confirmed on Tuesday to have been affected by a ransomware attack against an IT platform, bringing the total to 25 facilities whose data has been encrypted. Another 75 hospitals in the country using the platform have been disconnected from the internet as investigators determine if they too are impacted. According to the Romanian National Cyber Security Directorate, the unidentified hackers behind the attack are demanding 3.5 bitcoin, or about $170,000, to decrypt the data.

Big Tech

Why you'll see even less political content on Instagram and Threads

Mashable

Christianna Silva

As the 2024 U.S. election nears, social media platforms are trying to avoid repeating their past mistakes: egregious missteps that helped spread misinformation and disinformation and fueled political ire and divide. As a result of years of scrutiny over how these platforms handle political disinformation and and extremism, many have created a whole host of rules and regulations regarding political content on their sites. In November, for instance, Meta said it would force political advertisers to disclose when a Facebook or Instagram ad has been "digitally created or altered, including through the use of AI."

Artificial Intelligence

AI companies agree to limit election ‘deepfakes’ but fall short of ban

The Washington Post

Gerrit De Vynck

Leading artificial intelligence companies are planning to sign an “accord” committing to developing tech to identify, label and control AI-generated images, videos and audio recordings that aim to deceive voters ahead of crucial elections in multiple countries this year. The agreement, developed by Google, Microsoft and Meta, as well as OpenAI, Adobe and TikTok, however, does not ban deceptive political AI content, according to a copy obtained by The Washington Post. X, previously Twitter, was not a signatory to the agreement.

AI monitoring employees for ‘thought crimes’ in apps like Slack and Zoom

9to5Mac

Ben Lovejoy

A number of large US companies are using AI monitoring systems to analyse employee communications in popular business apps like Slack, Teams, and Zoom. One AI model claims to be able to analyse the content and sentiment of both text and images posted by employees, reports CNBC.

OpenAI CEO warns that 'societal misalignments' could make artificial intelligence dangerous

Euronews

The CEO of ChatGPT-maker OpenAI said on Tuesday that the dangers that keep him awake at night regarding artificial intelligence are the “very subtle societal misalignments” that could make the systems wreak havoc. However, Altman stressed that the AI industry, like OpenAI, shouldn't be in the driver's seat when it comes to making regulations governing the industry.

Watermarking the future

The Verge

Emilia David

Generative AI has made it easier to create deepfakes and spread them around the internet. One of the most common proposed solutions involves the idea of a watermark that would identify AI-generated content. The Biden administration has made a big deal out of watermarks as a policy solution, even specifically mandating tech companies to find ways to identify AI-generated content. Watermarks will, as before, still denote who owns and created the media that people are looking at. But as a policy solution for the problem of deepfakes, this new wave of watermarks would, in essence, tag content as either AI or human generated.

Misc

Score is a new dating app for people with good to excellent credit

TechCrunch

Dominic-Madori Davis

There is a new dating app just in time for Valentine’s Day, but there’s a catch: You must have at least a 675 credit score to use it. Launched today by financial platform Neon Money Club, Score is a dating app for people with good to excellent credit, and it seeks to help raise awareness about the importance of finances in relationships. The exclusionary aspect of the app is no doubt going to rub some people the wrong way, especially when you consider that the average U.S. citizen’s credit score is 716, with Black and Hispanic people more likely than other racial groups to have a score below 640.

Research

China is allegedly using fake local news sites to push propaganda in other countries

Semafor

Diego Mendoza

A new report suggests that China is attempting to shape global narratives by spreading pro-Beijing messages on hundreds of fraudulent news sites across 30 countries. A Beijing-based public relations firm has created more than 100 websites that are posing as local news outlets across 30 countries to spread pro-China talking points, according to a new report by Citizen Lab, a research group at the University of Toronto.

Jobs

China Analyst or Senior Analyst

ASPI

ASPI has an exciting opportunity for an analyst or senior analyst to explore China's evolving foreign and security policy, political economy and impact on the Indo-Pacific and the world. ASPI’s China analysts conduct rigorous data-driven research, publish impactful reports that shape the public policy discourse and contribute to the wide catalogue of influential China work published by ASPI. The difference between the analyst and senior analyst levels will depend on experience level and demonstration of past work.

Senior Policy & Partnerships Manager – The Sydney Dialogue

ASPI

ASPI has an exciting opportunity for a Senior Policy and Partnerships Manager to play a leading role in helping the organisation deliver The Sydney Dialogue (TSD) 2024. TSD, which is now in its third year, is a major international summit focused on critical, emerging and cyber technologies that brings together political leaders, government officials, senior business executives, and prominent civil society leaders.

Professional Development Program Coordinator

ASPI

Our Program Coordinators are fundamental to the success of our professional development programs. As a key team member, you will be tasked with nurturing collaborative relationships across Defence, National Security, the National Intelligence Community, and the broader ASPI community. Success demands adept communication and interpersonal skills, a focus on client service, exceptional organisational abilities coupled with keen attention to detail, and the capability to think on your feet, problem-solve, and meet deadlines effectively.

Share

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.