Australian govt denies Chinese ‘spies’ targeted PM’s office / WeChat users outside China face surveillance while training censorship algorithms / Zoom adds H.R. McMaster to board

May 8, 2020

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

Scott Morrison’s office has denied claims Chinese hackers targeted the PM’s office but they did reportedly use an advanced hacking tool to attack the office of a senior Australian politician. Herald Sun
China’s social-messaging giant Tencent has been surveilling political content posted by foreign accounts to train its censorship algorithms for domestic users, a new study has found. Financial Times
Zoom Video Communications Inc. is further bolstering its ranks as the startup deals with security questions around its system, naming President Trump’s former national-security adviser, H.R. McMaster, as an independent director. WSJ

ASPI ICPC

Australian universities should think twice before installing spyware on students’ computers
The Strategist
Emilia Currey
Australian universities will soon be administering examinations online to comply with Covid-19-related social-distancing requirements and restrictions on movement. To deter students from cheating, several universities have said that they plan to use online tools to supervise exams remotely. Classified by some as ‘legitimised’ versions of spyware, the software uses facial-detection and machine-learning technologies to identify and monitor students while they’re taking their exams online.

Tracy Beattie @tracingtheworld

Still in complete shock but I also absolutely enjoyed my first time appearing on live television with @BBCWorld. Thank you @bbcmikeembley for a great interview on the #MilkTeaAlliance movement in Asia.

How to stay cyber-secure when working from home during Covid-19.

As Australian organisations plan to slowly return to the office in the coming weeks and months, cyber security, and cyber safety, becomes even more important.

We asked experts for some tips on how to stay secure and safe when working from home, and as we transition back to the office, full-time or part-time.

Australian MP Recommends Parents 'Stay Sane' With Animal Crossing
Kotaku
Self isolation has been real tough for working parents, stuck between having to continue working while effectively home-schooling children and dealing with constant interruptions. And if you're in that situation, one federal MP has a handy suggestion: Animal Crossing.

Tim Watts MP @TimWattsMP

Every #infosec professional in the world has already posted their hints for staying cyber secure while working from home, but THIS is the Animal Crossing/Monty Pythons Holy Grail cyber security tips cross over video you’ve been waiting for...

The World

Billions of people lack internet access during the coronavirus crisis
World Economic Forum
Billions of people are going online to stay in touch during the COVID-19 pandemic, but fewer than 1 in 5 people in the least developed countries are connected.

The Hague Journal of Diplomacy @Hague_Jour_Dipl

What can we expect from #Facebook #diplomacy & how can #MFAs make the most of it? Read Damien Spry's analysis of Facebook diplomacy by @MofaJapan_en @IndianDiplomacy @dfat @StateDept in Asia-Pacific in @Hague_Jour_Dipl: brill.com/view/journals/… @IntlRela @Brill_Social @ISGA_Hague

From Delhi to Dili: Facebook Diplomacy by Ministries of Foreign Affairs in the Asia-Pacific<section class=“abstract”><h2 class=“abstractTitle text-title my-1″ id=“d1346e2”>Summary</h2><p>This article uses digital research methods to explore the use of Facebook by ministries of foreign affairs (<span style=“font-variant: small-caps;”>MFA</span>s) in several Asian locations. It contextualis…brill.com

Australia

The Federal Government denies Chinese ‘spies’ targeted Scott Morrison’s office
Herald Sun
Clare Masters and Nathan Vass
Scott Morrison’s office has denied claims Chinese hackers targeted the PM’s office but they did reportedly use an advanced hacking tool to attack the office of a senior Australian politician.

China’s Military Is Tied to Debilitating New Cyberattack Tool
The New York Times
Ronen Bergman and Steven Lee Myers
On the morning of Jan. 3, an email was sent from the Indonesian Embassy in Australia to a member of Prime Minister Scott Morrison’s staff who worked on health and ecological issues. Attached was a Word document that aroused no immediate suspicions, since the intended recipient knew the supposed sender. The attachment contained an invisible cyberattack tool called Aria-body, which had never been detected before and had alarming new capabilities. Hackers who used it to remotely take over a computer could copy, delete or create files and carry out extensive searches of the device’s data, and the tool had new ways of covering its tracks to avoid detection. Now a cybersecurity company in Israel has identified Aria-body as a weapon wielded by a group of hackers, called Naikon, that has previously been traced to the Chinese military. And it was used against far more targets than the Australian prime minister’s office, according to a report to be released on Thursday by the company, Check Point Software Technologies.
Correction: May 7, 2020 An earlier version of this article, using information from Check Point Software Technologies, the cybersecurity company that produced the report on a new computer hacking tool, misidentified the Australian target of the Jan. 3 attack. It was the office of Mark McGowan, the premier of Western Australia, not the office of Scott Morrison, the prime minister of Australia. The error was repeated in a picture caption.

$10,000 gone: Hackers target ATO, early super scheme
Yahoo Finance AU
Lucy Dean
The Australian Federal Police is investigating fraudulent activity in relation to the coronavirus early access to super scheme.

eSafety Office @eSafetyOffice

Have you used our eSafety Toolkit for #schools? . A good place to start is the Online Safety Self-Assessment Tool – using this resource will give you a sense of how prepared your school is and what can be improved. esafety.gov.au/sites/default/… #onlineSafety #education

Covidsafe app: how Australia’s coronavirus contact tracing app works, what it does, downloads and problems
The Guardian
@joshgnosis
The Australian government has launched Covidsafe, an app that traces every person running the app who has been in contact with someone else using the app who has tested positive for coronavirus in the previous few weeks, in a bid to automate coronavirus contact tracing, and allow the easing of restrictions. Here’s what we know about the app so far.

COVIDSafe downloads reach 5 million as experts question technical flaws
The Age
@maxkoslowski
Downloads are inching towards the target, but Labor and cyber security experts say the contact tracing technology was rolled out too hastily.

AFP investigating 'sophisticated' theft of $120,000 from 150 super accounts
The Sydney Morning Herald
@maxkoslowski @jennieduke
The bank accounts of up to 150 victims have been frozen and the AFP is closing in on the alleged perpetrators.

Weakened defences': COVID-19 a boon for malware merchants, warns Telstra boss
The Sydney Morning Herald
The telco says it has protected about 500 customers in the last month from COVID-19-themed malware which attempted to steal their money.

China

Tencent surveils foreign accounts to aid domestic censorship
Financial Times
China’s social-messaging giant Tencent has been surveilling political content posted by foreign accounts to train its censorship algorithms for domestic users, a new study has found. The research by the University of Toronto’s Citizen Lab comes as foreign governments, particularly the US, have been questioning the role of China’s technology companies in their markets, fearing their citizens’ data could be compromised.. Citizen Lab has found that this surveillance of private messages is also applied to accounts registered to foreign mobile numbers, in order to build up its repository of sensitive files and thus better censor China-registered accounts. The research shows how Tencent not only conducts censorship, but also informs and develops its own censorship strategies.

WeChat users outside China face surveillance while training censorship algorithms
Washington Post
Work-from-home and self-isolation measures during the covid-19 pandemic have highlighted and amplified our dependence on technology. But have they made us more aware of the risks? Do we really know what’s going inside those apps that have suddenly become our lifeline? If you’re one of the millions of users of the social media app WeChat based outside of mainland China, our latest report shows you should beware.

We Chat, They Watch: How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus
The Citizen Lab
WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts.

USA

Exclusive: U.S. drafts rule to allow Huawei and U.S. firms to work together on 5G standards
Reuters
Karen Freifeld, Chris Prentice
The U.S. Department of Commerce is close to signing off on a new rule that would allow U.S. companies to work with China's Huawei Technologies on setting standards for next generation 5G networks, people familiar with the matter said.

Secretary Pompeo @SecPompeo

Spoke with Czech Prime Minister @AndrejBabis to adopt a Joint Declaration on #5G Security. Today, we remember the 75th anniversary of the liberation of Western Czechoslovakia by U.S. and Allied forces. With our Czech Allies we confront threats to our collective security.

Zoom Adds Former National-Security Adviser H.R. McMaster to Board
WSJ
Zoom Video Communications Inc. is further bolstering its ranks as the startup deals with security questions around its system, naming President Trump’s former national-security adviser, H.R. McMaster, as an independent director.

Zoom Acquires Keybase and Announces Goal of Developing the Most Broadly Used Enterprise End-to-End Encryption Offering
Zoom blog
@ericsyuan
We are proud to announce the acquisition of Keybase, another milestone in Zoom’s 90-day plan to further strengthen the security of our video communications platform. Since its launch in 2014, Keybase’s team of exceptional engineers has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise. We are excited to integrate Keybase’s team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability.

Huawei allegations driven by politics not evidence: U.N. telecoms chief
Reuters
U.S. security concerns about 5G mobile networks built by Chinese telecoms giant Huawei appear to be driven by politics and trade rather than any evidence, the head of the U.N. internet and telecoms agency said on Friday. Houlin Zhao, secretary-general of the International Telecommunication Union (ITU), told reporters in Geneva that security of 5G networks was in everybody's interest but so far he had not seen anything to substantiate claims about Huawei.

Tech Companies Take Privacy Reins During Virus Absent U.S. Law
Bloomberg
@realdanstoller
Technology companies helping to fight the coronavirus are policing themselves to protect consumer data in the absence of a comprehensive U.S. statute and only a few state privacy laws.

Senators Want to Know if Amazon Retaliated Against Whistle-Blowers
The New York Times
Kate Conger
Democratic senators on Thursday questioned whether Amazon retaliated against whistle-blowers when it fired four employees who raised concerns about the spread of coronavirus in the company's warehouses.

UK

U.K. Virus App Contains Privacy Loopholes, Advocacy Group Says
Bloomberg
Natalia Drozdiak
The U.K.’s contact-tracing mobile phone app includes code that could allow authorities access to a user’s detailed location data and to send information to Microsoft Corp. and Alphabet Inc.’s Google, according to an initial technical analysis carried out by Privacy International.

Europe

Cameras to monitor masks and distancing in France
BBC News
Video surveillance cameras in France will monitor how many people are wearing masks and their compliance with social distancing when the coronavirus lockdown is eased next week.

Misc

How covid-19 conspiracy theorists are exploiting YouTube culture
MIT Technology Review
Covid-19 conspiracy theorists are still getting millions of views on YouTube, even as the platform cracks down on health misinformation.

Zoom, Xoom, Züm: Why Does Every Start-Up Sound Fast Now?
The New York Times
Erin Griffith
An investigation into Zoomd, Zoomi, Zoomy and Zoomies. Also, Zoomin. And Zoomvy and Zoomly. And …