Good morning. It's Monday 16th October.

The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.



Have feedback? Let us know at icpc@aspi.org.au.

Follow us on Twitter and on LinkedIn.

X has become the first online platform to be issued with a $610,500 fine under Australia’s Online Safety Act for its failure to meet basic online safety expectations. X has 28 days to either pay the fine, issued by the e-safety commissioner, Julie Inman Grant, or provide responses to questions X ignored from the commissioner on its work to crack down on child sexual abuse material on the platform. The Guardian

Researchers warn of renewed attacks against high-profile organisations launched by a Chinese APT actor ToddyCat. The group has been refining its tactics as well as malware toolset since 2020 when it was originally discovered. Researchers from security firm Check Point Software Technologies documented a ToddyCat campaign they dubbed "Stayin' Alive" that targeted organisations from Asian countries primarily from the telecom and government sectors. CSO Online

The websites of two relief groups providing aid to Israel and Gaza were disrupted in recent days after hackers flooded them with traffic, following a series of hackivist group threats over the ongoing conflict. Jerusalem-based nonprofit United Hatzalah, which provides emergency medical services, said its website was struck by distributed denial of service attacks that temporarily slowed its ability to receive donations. Reuters

ASPI

Multilateral action key in fight against China's economic coercion

Nikkei Asia

Hiroyuki Akita

Beijing has increased the frequency of economic coercion since the start of the decade. A report by the Australian Strategic Policy Institute cites 73 such incidents between 2020 and 2022. In those three years, the most often targeted was Australia, with 21 cases. Canberra's request for an investigation into the origin of COVID-19 drew anger from Beijing, which subsequently restricted imports of Australian wines and beef.

Read our Feb 2023 report Countering China’s coercive diplomacy: prioritising economic security, sovereignty and the rules-based order

Fergus Hunter, Daria Impiombato, Yvonne Lau, Adam Triggs, Albert Zhang and Urmika Deb

This research finds that the PRC’s use of coercive tactics is now sitting at levels well above those seen a decade ago, or even five years ago. The year 2020 marked a peak, and the use of trade restrictions and state-issued threats have become favoured methods. The tactics have been used in disputes over governments’ decisions on human rights, national security and diplomatic relations.

Australia

X fined $610,500 in Australia first for failing to crack down on child sexual abuse material

The Guardian

Josh Taylor

X has become the first online platform to be issued with a $610,500 fine under Australia’s Online Safety Act for its failure to meet basic online safety expectations. X has 28 days to either pay the fine, issued by the e-safety commissioner, Julie Inman Grant, or provide responses to questions X ignored from the commissioner on its work to crack down on child sexual abuse material on the platform. The legal notices were issued to X, Google, TikTok, Twitch and Discord in February following the first round of notices sent to Apple, Meta, Microsoft, Snap and Omegle last year.

Australia unveils draft law to regulate digital payment providers

Reuters

Renju Jose

Apple Pay, Google Pay and China's WeChat Pay, which have grown rapidly in recent years, are not currently designated as payment systems, putting them outside Australia's financial regulatory system. The proposed rules would enable the Reserve Bank of Australia to monitor digital wallet payments in the same way as credit card networks and other transactions. It would also give powers to the treasurer to order regulators to check if any payment platforms pose risks to the country.

Warnings about evolving cyber threats after hackers steal $1.2 million from Grafton family business

ABC News

Miranda Saunders and Emma Rennie

Paul Fuller says his account manager had good reason to trust the voice on the other end of the phone asking for bank details, but handing them over was a mistake that has cost his business almost $1.2 million. NAB has since recovered $84,000, but has told Mr Fuller there is no chance of recovering any more. Mr Fuller reported the incident to police and the banking ombudsman but held little hope of having any more money returned.

China

Chinese APT group ToddyCat launches new cyber-espionage campaigns

CSO Online

Lucian Constantin

Researchers warn of renewed attacks against high-profile organisations launched by a Chinese APT actor known in the industry as ToddyCat. The group has been refining its tactics as well as malware toolset since 2020 when it was originally discovered. In a new report this week, researchers from security firm Check Point Software Technologies documented a ToddyCat campaign they dubbed "Stayin' Alive" that targeted organisations from Asian countries primarily from the telecom and government sectors.

Apple’s compliance with China app rules plugs censorship loophole, creates new obstacles for developers

South China Morning Post

Dylan Butts

Apple’s move to require developers to apply for Chinese government licensing before their apps can be made available in its app store in the country will close one of Beijing’s censorship loopholes, but also make life harder for developers, according to analysts and users. The rule affects not just censored foreign apps, but also apps that target Chinese users, but do not have local operations.

Hikvision welcomes PRC Premier, urged to 'thoroughly implement' Xi Jinping's "important instructions"

IPVM

Charles Rollet

Hikvision welcomed the PRC's Premier Li Qiang at its headquarters, with Li urging Hikvision and other tech firms he visited to "thoroughly study and implement" Xi Jinping's "important instructions" on the economy. The meeting demonstrates Hikvision's continued political and economic importance in the PRC, whose economy is struggling and which is trying to improve its tech self-reliance due to US sanctions.

USA

Hackers selling stolen customer DNA data from 23andMe

Neoscope

Noor Si-Bai

After reports of a massive user data hack began circulating online, the consumer DNA sequencing company 23andMe has acknowledged a breach that's seemingly led to its customers' genetic info circulating online. As Bleeping Computer reported and The Verge later confirmed, an unidentified hacker posted on a data-selling forum that they had access to a million lines of DNA information on the consumer DNA company's users.

How a billionaire-backed network of AI advisers took over Washington

POLITICO

Brendan Bordelon

An organisation backed by Silicon Valley billionaires and tied to leading artificial intelligence firms is funding the salaries of more than a dozen AI fellows in key congressional offices, across federal agencies and at influential think tanks. The fellows funded by Open Philanthropy, which is financed primarily by billionaire Facebook co-founder and Asana CEO Dustin Moskovitz and his wife Cari Tuna, are already involved in negotiations that will shape Capitol Hill’s accelerating plans to regulate AI.

Across US, Chinese Bitcoin mines draw national security scrutiny

The New York Times

Gabriel J.X. Dance and Michael Forsythe

When a company with Chinese origins broke ground last year on a crypto-mining operation in Cheyenne, Wyo., a team at Microsoft that assesses national security threats sounded the alarm. Not only was the site next door to a Microsoft data center that supported the Pentagon — it was about a mile away from an Air Force base that controlled nuclear-armed intercontinental ballistic missiles. The location could allow the Chinese to “pursue full-spectrum intelligence collection operations,” the Microsoft team wrote in an August 2022 report to the Committee on Foreign Investment in the United States.

The new AI panic

The Atlantic

Karen Hao

The Department of Commerce is considering a new blockade on a broad category of general-purpose AI programs, not just physical parts, according to people familiar with the matter. Although much remains to be seen about how the controls would roll out—and, indeed, whether they will ultimately roll out at all—experts described alarming stakes. If enacted, the limits could generate more friction with China while weakening the foundations of AI innovation in the US Of particular concern to Commerce are so-called frontier models.

Sandvine scraps plan to market tool in US that tracks encrypted messages

Bloomberg

Ryan Gallagher

Sandvine had pitched the new product, called “Digital Witness,” to governments and law enforcement agencies in Europe, the Middle East, Asia and North America. It was marketed as a tool to covertly monitor people’s internet use and encrypted messages sent using popular applications such as Meta Platform Inc.s’ WhatsApp and Signal, according to the people, who asked not to be identified to discuss confidential matters.

How the conspiracy-fueled Epoch Times went mainstream and made millions

NBC News

Brandy Zadrozny

The Epoch Times is one of the country’s most successful and influential conservative news organisations. It’s powered by Falun Gong, a religious group persecuted in China, which launched The Epoch Times as a free propaganda newsletter more than two decades ago to oppose the Chinese Communist Party. The nonprofit has amassed a fortune, growing its revenue by a staggering 685% in two years, to $122 million in 2021, according to the group’s most recent tax records.

Kids suing social media over addiction find a win amid losses

Bloomberg

Joel Rosenblatt

Minors and parents suing Meta’s Facebook and other technology giants for the kids’ social media platform addictions won an important ruling advancing their collection of lawsuits in a California court. A state judge on Friday threw out most of the claims but said she’ll allow the lawsuits to advance based on a claim that the companies were negligent – or knew that the design of their platforms would maximize minors’ use and prove harmful.

North Asia

TSMC seeks permanent US approval to supply China chip plant

Nikkei Asia

Cheng Ting-Fang

Taiwan Semiconductor Manufacturing Co. is applying for permanent approval to ship US chip equipment to its facility in Nanjing, China, after its one-year license for the plant received a temporary renewal, the chipmaker told Nikkei Asia on Friday. "TSMC has been authorised to continue operating in Nanjing and we are currently in the process of applying for a permanent authorization for our operations in China," the world's largest chipmaker said.

Canon begins selling chip machines to rival world’s best by ASML

Bloomberg

Mayumi Negishi and Yuki Furukawa

Canon Inc. has begun selling its nanoimprint semiconductor manufacturing systems, seeking to claw back market share by positioning the technology as a simpler and more attainable alternative to the leading-edge tools of today. Its machinery may also add a new front in the US-China trade war.

South & Central Asia

Waning demand for IT services hits hiring at Indian tech majors

Reuters

Sethuraman N R

India's top IT service providers are going slow on hiring as clients cut back spending and defer projects due to macroeconomic challenges, in a U-turn from the excesses of the past few years made in anticipation of further growth. Analysts have said they do not see demand for IT services returning anytime soon, reinforced by muted hiring trends across the top IT firms, as clients cutting discretionary spending after a pandemic boom.

Europe

EU industry chief warns Alphabet CEO on tech rules compliance after Hamas attack

Reuters

Foo Yun Chee and Sudip Kar-Gupta

EU industry chief Thierry Breton on Friday warned Alphabet CEO Sundar Pichai to adhere to EU tech rules after the spread of disinformation on YouTube following Hamas' attacks in Israel, the latest company to be rebuked. Breton reminded Pichai in a letter posted on social media platform X, formerly known as Twitter, of the company's obligations set out in the Digital Services Act which requires very large online platforms to do more to tackle harmful and illegal content.

UK

UK-hosted AI summit to weigh election disruption, security risks

Bloomberg

Tom Rees

Politicians and business leaders will discuss the threat of humans losing control of artificial intelligence, potential election disruption and national-security concerns posed by the technology at a UK-hosted global summit next month. While the guest list isn’t public yet, Bloomberg has reported that US Vice President Kamala Harris will speak and that OpenAI chief Sam Altman and Microsoft CEO Satya Nadella are expected to be invited.

UK watchdog fines Equifax $13.4 million for role in cyber breach

Reuters

Huw Jones

Britain's financial watchdog said on Friday it had fined consumer credit rater Equifax Ltd 11 million pounds for its role in "one of the largest" cyber-security breaches in history. The Financial Conduct Authority said that in 2017 Equifax's parent company, Equifax Inc in the United States, was subject to one of the biggest cybersecurity breaches in history, when the personal details of as many as 147.9 million US consumers were accessed during the hack.

Middle East

Hackers hit aid groups responding to Israel and Gaza crisis

Reuters

Zeba Siddiqui

The websites of two relief groups providing aid to Israel and Gaza were disrupted in recent days after hackers flooded them with traffic, following a series of hackivist group threats over the ongoing conflict. Jerusalem-based nonprofit United Hatzalah, which provides emergency medical services, said its website was struck by distributed denial of service attacks that temporarily slowed its ability to receive donations.

Big Tech

The upshot of Microsoft’s Activision deal: Big Tech can get even bigger

The New York Times

Cecilia Kang and David McCabe

President Biden’s top antitrust officials have used novel arguments over the past few years to stop tech giants and other large companies from making deals, a strategy that has had mixed success. But on Friday, when Microsoft closed its blockbuster $69 billion acquisition of the video game publisher Activision Blizzard after beating back a federal government challenge, the message sent by the merger’s completion was incontrovertible: Big Tech can still get bigger.

Google offers to back enterprise customers against AI copyright claims

Tech Monitor

Ryan Morrison

Google says it will defend its enterprise customers against copyright claims if they use its artificial intelligence products to generate content. It joins companies such as Microsoft and Adobe in offering such an assurance, as Big Tech seeks to convince businesses it is safe to use generative AI. This applies to any product utilising Duet AI, its AI collaboration tool that is embedded across Workspace, the Google Cloud Platform and Vertex AI.

Artificial Intelligence

AI voice clones mimic politicians and celebrities, reshaping reality

The Washington Post

Pranshu Verma and Will Oremus

Rapid advances in artificial intelligence have made it easy to generate believable audio, allowing anyone from foreign actors to music fans to copy somebody’s voice — leading to a flood of faked content on the web, sewing discord, confusion and anger. While experts have long predicted generative artificial intelligence would lead to a tsunami of faked photos and video — creating a disinformation landscape where nobody could trust anything they see — what’s emerging is an audio crisis.

The path to AI arms control

Foreign Affairs

Henry A. Kissinger and Graham Allison

Arms control developed over decades. Restraints for AI need to occur before AI is built into the security structure of each society—that is, before machines begin to set their own objectives, which some experts now say is likely to occur in the next five years. The timing demands first a national, then an international, discussion and analysis, as well as a new dynamic in the relationship between government and the private sector.

ChatGPT use shows that the grant-application system is broken

Nature

Juan Manuel Parrilla

A 2023 Nature survey of 1,600 researchers found that more than 25% use AI to help them write manuscripts and that more than 15% use the technology to help them write grant proposals. Some people might see the use of ChatGPT in writing grant proposals as cheating, but it actually highlights a much bigger problem: what is the point of asking scientists to write documents that can be easily created with AI? What value are we adding? Perhaps it is time for funding bodies to rethink their application processes.

Events & Podcasts

How Elon Musk's X failed during the Israel-Hamas conflict

WNYC Studios

For the midweek podcast, Brooke speaks with Avi Asher-Schapiro, who covers tech for the Thomson Reuters Foundation, about how Musk's policy changes at X have led to a stronger initial surge of misinformation than usual during this conflict, and how an algorithmically-driven "fog of war" impacts our historical record of this conflict.

Share

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.