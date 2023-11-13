Good morning. It's Tuesday 14th November.

The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.



Have feedback? Let us know at icpc@aspi.org.au.

Follow us on Twitter and on LinkedIn.

Federal MPs admit they lack an adequate understanding of the nation’s vulnerability to cyber attack, as Labor moves to categorise telecommunications as “critical infrastructure” following Optus’s 2022 cyber hack and last week’s disruptive network outage. A six-month study across political parties by the Australian Strategic Policy Institute has revealed that MPs did not believe they were sufficiently educated on the threats posed by cyber hackers and the importance of Australia’s critical technologies, including quantum, artificial intelligence, cyber security and critical infrastructure. The Australian

The government in Nepal said on Monday that it was banning the popular social media app TikTok, saying the platform’s refusal to curb hate content was affecting “social harmony.” TikTok has more than a billion users globally, so the ban by a Himalayan country with a population of about 30 million is unlikely to significantly affect the app, but it is another ominous sign for the Chinese-owned company of broader efforts by governments around the world to restrict its use. The New York Times

Major Chinese internet companies are scrambling to recruit app developers for projects based on Huawei Technologies’ HarmonyOS mobile platform, as the US-blacklisted telecommunications equipment maker expands the adoption of its self-developed operating system and manoeuvres to sever ties with Google’s Android ecosystem. South China Morning Post

ASPI

Educate us: federal pollies ask for help over hacker risks

The Australian

Joe Kelly

Federal MPs admit they lack an adequate understanding of the nation’s vulnerability to cyber attack, as Labor moves to categorise telecommunications as “critical infrastructure” following Optus’s 2022 cyber hack and last week’s disruptive network outage. A six-month study across political parties by the Australian Strategic Policy Institute has revealed that MPs did not believe they were sufficiently educated on the threats posed by cyber hackers and the importance of Australia’s critical technologies, including quantum, artificial intelligence, cyber security and critical infrastructure.

What do Australia’s parliamentarians think about cybersecurity and critical technology?

ASPI

Gai Brodtmann, Dr Alexandra Caples, Danielle Cave and Jacinta Keast

This research aims to provide a snapshot of what our nation’s policy shapers and policymakers are thinking when it comes to cybersecurity and critical technologies. What are they worried about? Where are their knowledge gaps and interests? What technologies do they think are important to Australia and where do they believe policy attention and investment should focus in the next five years? This initial study establishes a baseline for future longitudinal assessments that could capture changes or shifts in parliamentarians’ thinking.

'Inadequate': MPs admit tech knowledge does not compute

Perth Now

Kat Wong

Australian politicians have admitted they do not know enough about technology despite being increasingly asked to legislate on the emerging threats of the digital world. After contacting 24 MPs from the last parliament, the Australian Strategic Policy Institute released a report on Tuesday showing many did not feel they possessed adequate knowledge on artificial intelligence, quantum technology, cyber security and critical infrastructure and did not know where they could learn more.

There's an alarming knowledge gap on cybersecurity in Parliament

Capital Brief

Anthony Galloway

The benches of Australia’s federal parliament have long been dominated by lawyers, bankers, unionists and former political staffers. While this isn’t necessarily a bad thing, it doesn’t lend itself to a deep technical knowledge in the complicated area of cybersecurity and how to regulate critical infrastructure and technologies. Now, a new report has laid bare the knowledge gap in federal parliament in the wake of the major cyber attack on port operator DP World. The report by the Australian Strategic Policy Institute interviewed 24 parliamentarians—10.6% of the 46th Australian Parliament— for a qualitative study, and eighteen for quantitative study.

Major ports around Australia back in action after cyberattack

The Sydney Morning Herald

David Swan and Sumeyya Ilanbey

Port operator DP World says it has begun resuming operations at its ports across Australia, following a cyberattack that brought its freight shipments to a halt and stoked concerns about widespread shortages ahead of Christmas. Meanwhile, Federal MPs have admitted they do not fully understand Australia’s cybersecurity weaknesses or how they could improve laws to ward off cyberattacks that could cripple the nation’s critical infrastructure services. The Australian Strategic Policy Institute’s world-first study questioned MPs from the last federal parliament and found members were “not educated on the nature, nomenclature and nuances of critical technology and cybersecurity”, in a worrying sign as the country grapples with cyberattacks and deals with the rise of artificial

Australia

Botched upgrade shut down Optus network, telco reveals, leaving it with a compo bill of up to $400m

The Australian

Jared Lynch and Joseph Lam

Optus has finally revealed what caused its entire network to collapse, leaving more than 10 million Australians cut off from essential telecommunication services, as it faces a $400m compensation bill. A routine software upgrade triggered a mass shutdown of routers across its network, effectively unplugging phone and internet services across the country. Some people couldn’t dial triple-zero for emergency services on fixed lines, while Melbourne’s train network was paralysed and phone lines at some hospitals were blocked among broader economic disruption.

Government to sweep away export barriers in ‘AUKUS revolution’

The Sydney Morning Herald

Matthew Knott

Australia will establish the military equivalent of a free trade zone with the United States and United Kingdom under sweeping changes to the nation’s defence export laws that will also make it illegal to share sensitive technology with foreigners in Australia. The proposed changes to Australia’s defence trade control regulations, quietly released for public consultation last week, are designed to allow the sharing of sensitive technology under the AUKUS pact while protecting these secrets from being stolen by nations such as China and Russia.

ASIC warns of ‘alarming’ holes in business’ cyber defences

Australian Financial Times

Paul Smith

Australian Securities and Investments Commission chairman Joe Longo has warned businesses must close “alarming” gaps in their cybersecurity defences, while experts said it would be “very costly” for telcos to comply with new cyber laws foisted on them after Optus’ network outage last week. Mr Longo was speaking as the corporate regulator released an annual snapshot of corporate Australia’s cyber preparedness on Monday, which found almost half were not managing third-party or supply chain risks, which are commonly used by hackers to breach companies.

China

Chinese Big Tech firms JD.com, NetEase and Meituan in rush to hire HarmonyOS-based app developers as Huawei aims to sever Android ties

South China Morning Post

Ben Jiang

Major Chinese internet companies are scrambling to recruit app developers for projects based on Huawei Technologies’ HarmonyOS mobile platform, as the US-blacklisted telecommunications equipment maker expands the adoption of its self-developed operating system and manoeuvres to sever ties with Google’s Android ecosystem. E-commerce giant JD.com, video gaming powerhouse NetEase and food delivery market leader Meituan are among a number of Big Tech companies that have started hiring HarmonyOS app developers, according to online career sites Maimai and liepin.com.

Gang says ICBC paid ransom over hack that disrupted US Treasury market

Reuters

James Pearson

China's biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a Lockbit ransomware gang representative said on Monday in a statement which Reuters was unable to independently verify. ICBC, whose U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Nov. 9, did not immediately respond to a request for comment.

China's chipmaking equipment imports surge 93% despite curbs

Nikkei Asia

Ryosuke Eguchi

Chinese imports of semiconductor manufacturing equipment rose more than 90% on the year last quarter, as the country has proven able to produce advanced chips despite trade controls imposed by the U.S. and its allies. Imports of machinery and equipment for producing semiconductors or integrated circuits jumped 93% in the three months through September to 63.4 billion yuan ($8.7 billion), a Nikkei analysis of Chinese customs data shows.

What role for China in global AI governance?

The Wire China

Paul Triolo

Much has been written over the past six months about how Beijing is grappling with the regulation of generative artificial intelligence, in the process corralling large language models and the platforms that use them via chatbots. In this endeavor, Beijing has arguably been out in front of other governments, particularly the U.S., by building a set of tools rather than trying to develop sweeping regulation such as the European Union’s AI Act.

USA

Southeast Asia

Asia’s island nations need satellite internet

The Diplomat

Sribala Subramanian

Island nations in the Asia-Pacific are a prime market for satellite internet, and Starlink has expanded its presence in the region. The service is available in Japan, the Philippines, Malaysia, Australia, and New Zealand. In a statement, the president of KDDI, Starlink’s local partner in Japan, noted that the service was well-suited for a country with “16,000 mountains and 6,000 islands.” Southeast Asian nations like Indonesia are also ideally situated for satellite internet. But Starlink faces regulatory and bureaucratic hurdles in Indonesia, especially in the direct-to-consumer market.

South & Central Asia

Nepal is banning TikTok over hate content, officials say

The New York Times

Bhadra Sharma

The government in Nepal said on Monday that it was banning the popular social media app TikTok, saying the platform’s refusal to curb hate content was affecting “social harmony.” TikTok has more than a billion users globally, so the ban by a Himalayan country with a population of about 30 million is unlikely to significantly affect the app, but it is another ominous sign for the Chinese-owned company of broader efforts by governments around the world to restrict its use.

Middle East

Hamas needed a new way to get money from Iran. It turned to crypto.

The Wall Street Journal

Angus Berwick and Ian Talley

In mid-2019, Israel’s military used a precision strike on a narrow street to kill a Hamas commander whom it called Iran’s money man in Gaza. The commander ran an off-the-books system of remittances in which trusted agents shuttled physical cash and goods across borders to settle customers’ balances. This so-called hawala network, as it is known in the Middle East, funneled tens of millions of dollars in financing from Iran to Hamas’s military wing.

The chilling power of Gaza’s internet blackout

Rest of World

Russell Brandom

On Friday night, after weeks of bombardment, Gaza disappeared from the internet. Cellular towers, landlines, and internet connections all dropped at once, making it all but impossible to get digital information in or out of the territory. The cut coincided with a ground assault by the Israeli military, commencing what Prime Minister Netanyahu called “the second phase of the war.” Many of the worst moments of the war have been spread through the same data channels that were shut down by the blackout — starting with footage of the October 7 attack and spreading to unsettling images of the assault on Gaza.

TikTok was slammed for its pro-Palestinian hashtags. But it’s not alone.

The Washington Post

Drew Harwell

When congressional Republicans this month repeated their long-running calls for a nationwide ban on TikTok, they highlighted a data point they said was proof of the app’s sinister underpinnings: The number of TikTok videos with the #freepalestine hashtag is dramatically higher than those with #standwithisrael. That gap, they said, offered evidence that the app, owned by the Chinese tech giant ByteDance, was being used to boost propaganda and brainwash American viewers. But Facebook and Instagram, TikTok’s U.S.-based rivals, show a remarkably similar gap, their data show.

Big Tech

Hikvision wins project requiring Ramadan alerts against minorities

IPVM

Hikvision won a PRC 'Smart Campus' system that alerts when ethnic minority students are suspected of fasting for Ramadan. Hikvision responded by admitting it won the project but alleging, without evidence, that these alerts were never actually developed/deployed. Similarly, Hikvision recently blamed an employee for Hikvision including minority detection tech in its latest software. Hikvision has not offered any explanation for a $6 million contract explicitly requiring Hikvision Uyghur recognition that we reported on earlier this year.

You paid $1,000 for an iPhone, but Apple still controls it

The New York Times

Tripp Mickle, Ella Koeze and Brian X. Chen

For a decade, it was easy to get help repairing an iPhone. Cracked screens could be replaced in minutes, and broken cameras could be exchanged without a hitch. But since 2017, iPhone repairs have been a minefield. New batteries can trigger warning messages, replacement screens can disable a phone’s brightness settings, and substitute selfie cameras can malfunction. The breakdowns are an outgrowth of Apple’s practice of writing software that gives it control over iPhones even after someone has bought one.

Gmail: Google issues three-week warning to account holders

The Independent

Anthony Cuthbertson

Google has begun warning users that it will delete millions of Gmail accounts next month as part of a major update to the platform. The purge will impact all personal Google accounts that have been left dormant for at least two years, with emails, documents, spreadsheets, calendar appointments, photos and videos all permanently deleted. The policy was introduced earlier this year but is set to come into effect in December 2023.

Artificial Intelligence

OpenAI chief seeks new Microsoft funds to build ‘superintelligence’

Financial Times

Madhumita Murgia

OpenAI plans to secure further financial backing from its biggest investor Microsoft as the ChatGPT maker’s chief executive Sam Altman pushes ahead with his vision to create artificial general intelligence — computer software as intelligent as humans. In an interview with the Financial Times, Altman said his company’s partnership with Microsoft’s chief executive Satya Nadella was “working really well” and that he expected “to raise a lot more over time” from the tech giant among other investors, to keep up with the punishing costs of building more sophisticated AI models.

Google sues to block AI ads preying on small businesses

The Wall Street Journal

John D. McKinnon

Scammers are capitalizing on the rush of consumer interest in artificial-intelligence tools to steal U.S. small businesses’ social-media-account passwords, Google alleges in a new lawsuit. The lawsuit, filed Monday, targets unnamed individuals in India and Vietnam. Google said the hackers have been tricking small-business owners into clicking on Facebook ads that offer to download Google’s Bard artificial-intelligence chatbot. When they do, the ads hit them with malware that steals their social-media credentials.

White faces generated by AI are more convincing than photos, finds survey

The Guardian

Nicola Davis

A new study has found people are more likely to think pictures of white faces generated by AI are human than photographs of real individuals. “Remarkably, white AI faces can convincingly pass as more real than human faces – and people do not realise they are being fooled,” the researchers report. The team, which includes researchers from Australia, the UK and the Netherlands, said their findings had important implications in the real world, including in identity theft, with the possibility that people could end up being duped by digital impostors.

Misc

Seeing the disinformation forest through the trees: How to begin cleaning up the polluted information environment

The Forum Network

Alicia Wanless

Calls grow louder to regulate artificial intelligence, counter disinformation, and social media. But how can democracies govern the information environment if they don’t know how it affects people’s thinking and behaviour? The information environment is the space where people receive and process information to make sense of the world. To do that, we use our own brains, but we also build tools, from alphabets to AI, to process information into artefacts that can be shared in forms like the written word, holograms and everything in between.

Research

Google and Meta owe US publishers $14 billion a year

Tech Policy Press

Anya Schiffrin and Haaris Mateen

With our co-authors, Dr. Patrick Holder and Dr. Haris Tabakovic, today we published a working paper that estimates the amount of money that Meta and Google should pay US news publishers for the value of the journalism and information they produce. Based on our analysis, we estimate that fair compensation by the platforms to US publishers would amount to as much as $13.9 billion a year.

Share

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.