Beijing to define data that will not be allowed to leave the country easily | This is how ‘asshole’ Russian hackers shake down companies | Tencent sinks after China denounces online gaming
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Chinese policymakers will soon release guidelines for defining “important data”, classifying it into eight categories based on their impact on national security, a top researcher at a state-owned cybersecurity think tank has revealed. South China Morning Post
The Daily Beast obtained transcripts of a victim negotiating with a ransomware gang this summer, just as the Biden administration began to grapple with an onslaught of attacks. The Daily Beast
Shares of Tencent Holdings Ltd. and rivals fell Tuesday after a state-owned Chinese newspaper criticized online gaming as “opium for the mind,” fueling investor concerns that the companies’ popular games could be swept up into a broader regulatory crackdown. The Wall Street Journal
World
Scandal, Spyware, and 69 Pounds of Weed
The Daily Beast
@seth_hettena
Affidavits, contracts, and internal emails reveal the insane backstory of the controversy-ridden NSO Group’s first big overseas deal.
A Cold War is raging in cyberspace. Here's how countries are preparing their defenses
ZDNet
@mvanblom
Much like conventional militaries, countries also need to perform occasional drills of their cybersecurity defenses. Instead of soldiers and tanks, these involve virtual machines – and months of pestering executives for their login credentials.
Australia
Cabinet backs QR-code vaccine certificates for travel amid party room disagreement
The Sydney Morning Herald
@Gallo_Ways Rob Harris
Australians will use a QR-code vaccine certificate for international travel under a multimillion-dollar plan to reopen the borders, but the Coalition can’t agree on using it for domestic travel.
Australia no longer leads world in quantum computing
Australian Financial Review
Simon Devitt
Australia made a decision at the turn of the millennium to begin investment in what may become the defining technology of the 21st century: quantum. But as countries around the world now jostle for position in the second quantum revolution, Australia may be in danger of wasting this prescient investment.
China
Beijing to define key data that will not be allowed to leave China easily
South China Morning Post
@shenxinmei @CocoF1026
Chinese policymakers will soon release guidelines for defining “important data”, classifying it into eight categories based on their impact on national security, a top researcher at a state-owned cybersecurity think tank has revealed.
Tencent Sinks After China Denounces Online Gaming
The Wall Street Journal
Chong Koh Ping
Shares of Tencent Holdings Ltd. and rivals fell Tuesday after a state-owned Chinese newspaper criticized online gaming as “opium for the mind,” fueling investor concerns that the companies’ popular games could be swept up into a broader regulatory crackdown.
Tencent Weighs Kids Games Ban After ‘Spiritual Opium’ Rebuke
Bloomberg
Zheping Huang
Tencent Holdings Ltd. led a stocks rout after Chinese state media decried the “spiritual opium” of games, prompting the company to broach a ban for kids and triggering fears Beijing will set its sights next on the world’s largest gaming arena.
Jack Ma’s Ant Sees Profit Slide 37% After Regulatory Setback
Bloomberg
@luluyilun
Ant Group Co.’s profit fell to $2.1 billion in the March quarter after Chinese regulators thwarted its record initial public offering and told it to overhaul its sprawling operation.
Alibaba Group Announces June Quarter 2021 Results
Businesswire
Alibaba said on Tuesday that it was back in the black in the second quarter after a $2.8 billion antitrust fine led it to book a rare loss the quarter before. Profit for the three months that ended in June was $7 billion, the company said. Revenue was $31.9 billion, up 34 percent from a year earlier.
China’s propaganda agencies want to curtail use of content algorithms
South China Morning Post
Tracy Qu
China’s top state propaganda organs, which decide what people can read and watch in the country, have jointly urged better “culture and art reviews” in China partly by limiting the role of algorithms in content distribution, a policy move that could translate into higher compliance costs for online content providers such as ByteDance and Tencent Holdings.
China lodges representations with BBC over flood reporting
Reuters
China has lodged a stern representation with Britain's BBC over its reporting of the floods in Henan and a statement over how foreign journalists were being treated, the foreign ministry said on Tuesday..The broadcaster had said in a statement last month that the Chinese government should take immediate action to stop attacks which endanger foreign journalists. The Foreign Correspondents' Club of China had said journalists from several media outlets covering the floods were harassed online and by local residents, including some receiving death threats.
DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos
CyberReason
Following the discovery of Hafnium attacks targeting Microsoft Exchange vulnerabilities, the Cybereason Nocturnus and Incident Response teams proactively hunted for various threat actors trying to leverage similar techniques in-the-wild. In the beginning of 2021, the Cybereason Nocturnus Team investigated clusters of intrusions detected targeting the telecommunications industry across Southeast Asia. During the investigation, three clusters of activity were identified and showed significant connections to known threat actors, all suspected to be operating on behalf of Chinese state interests.
China quietly sets new 'buy Chinese' targets for state companies - U.S. sources
Yahoo! Finance
Andrea Shalal
China's government quietly issued new procurement guidelines in May that require up to 100% local content on hundreds of items including X-ray machines and magnetic resonance imaging equipment, erecting fresh barriers for foreign suppliers, three U.S.-based sources told Reuters.
China Takes Aim at Auto Chip Dealers With Global Supplies Low
The Wall Street Journal
@StephanieAYang
China’s top market watchdog said it is investigating auto chip dealers that it suspects are driving up prices during the global chip shortage. On Tuesday, the State Administration for Market Regulation said it would enhance market scrutiny and crack down on illegal practices like hoarding, price gouging and collusion. The regulator didn’t name any companies that were being investigated.
Why Is Beijing Micromanaging Its Technology Sector?
The Diplomat
@drfarls
Micromanaging a technology ecosystem is enormously complex and difficult, even for a bureaucracy the size of the Chinese government.
Losing to Taiwan was a disgrace': Chinese trolls react to Taiwan beating China in Badminton
ABC News
Taiwan takes the opportunity of winning Olympic badminton gold to subtly assert their nationhood, as Chinese nationalists vent their fury online.
USA
New SEC Boss Wants More Crypto Oversight to Protect Investors
Bloomberg
Robert Schmidt @benbain
The nation’s top securities regulator has unusual expertise in digital assets, but he says he’s no cheerleader for them
The Cryptocurrency Surveillance Provision Buried in the Infrastructure Bill is a Disaster for Digital Privacy
Electronic Frontier Foundation
@raineyreitman
The forthcoming Senate draft of Biden's infrastructure bill—a 2,000+ page bill designed to update the United States’ roads, highways, and digital infrastructure—contains a poorly crafted provision that could create new surveillance requirements for many within the blockchain ecosystem. This could include developers and others who do not control digital assets on behalf of users.
Eight trends in online militia movement communities since the US Capitol Riot
DFRLab
Avani Yadav and Jared Holt
In the months since January 6, militia movement supporters have shifted their approach to propaganda and organizing
Report claims U.S. tech companies continue to power China’s surveillance state
The Globe and Mail
@jgriffiths
Equipment supplied by American businesses remains vital to the operation of China’s nationwide surveillance and censorship apparatus, according to a report analyzing the companies and the technology involved..Drawing on publicly available government tenders and bidding records, the pair found that technology from U.S. companies is being used by public-security bureaus across China – including in Xinjiang – to power facial recognition, big data processing, and internet surveillance and monitoring, often in conjunction with equipment from Huawei, Hikvision and other Chinese surveillance companies.
‘It has to be known what was done to us’: Natick couple harassed by eBay tell their story for the first time
The Boston Globe
Aaron Pressman
Prosecutors said the harassment campaign, starting with the fence spray-painting incident, was directed by James Baugh, who headed eBay’s Global Security and Resiliency unit. Along with other participants in the scheme, Baugh was charged last year with conspiracy to commit cyberstalking and conspiracy to commit witness tampering. He is awaiting trial. Prosecutors said the 2019 campaign was sparked by complaints about articles in EcommerceBytes from eBay chief executive Wenig to his senior vice president and communications director, Steve Wymer.
Bipartisan report finds agencies plagued by cyber woes
The Record by Recorded Future
@martinmatishak
A review issued on Tuesday by the Senate Homeland Security Committee found that, despite years of warnings, agencies such as the State, Education, Agriculture and Health and Human Services departments have not established effective cybersecurity programs or complied with federal information security standards.
DeepMind's cofounder was placed on leave after employees complained about bullying and humiliation for years. Then Google made him a VP.
Business Insider
During his tenure at DeepMind, Suleyman was an executive who drove his team to great heights and, sometimes, great despair.
A Fire in Minnesota. An Arrest in Mexico. Cameras Everywhere.
The New York Times
@kashhill
One night in the Twin Cities, shortly after the killing of George Floyd, someone set a fire in a Goodwill. That led to an international search for the culprits — and it exposed a growing system of global surveillance.
To Fight Vaccine Lies, Authorities Recruit an ‘Influencer Army’
The New York Times
@taylorlorenz
The White House has teamed up with TikTok stars, while some states are paying “local micro influencers” for pro-vaccine campaigns.
The sacking of a crypto mecca
The Verge
Russell Brandom
Libertarians built a Bitcoin economy in a small New Hampshire town — then feds tore it down.
NSA, CISA release Kubernetes Hardening Guidance
NSA
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk.
North-East Asia
Taiwan TV host becomes latest target of China’s Olympics trolls
Australian Financial Review
Samson Ellis
A high-profile Taiwanese TV host found herself the latest to draw fire from Chinese internet users after referring to Taiwan’s Olympians as “national competitors”..The post drew an angry reaction in China, where nationalist internet users often police the comments of celebrities and companies for views that clash with the Chinese Communist Party’s official narrative that both sides are part of “one China”.
New Zealand & The Pacific
Keeping PNG connected by investing in radio
Lowy Institute
@ShaneMcLeod
News that Australia’s Telstra could be a buyer of the Pacific Island region’s prominent mobile network and media player Digicel has put communications technology in the spotlight. The Australian government is set to underwrite the deal which some reports suggest could be worth up to A$2 billion, with the network’s dominant footprint in Papua New Guinea among its most valuable assets. But there’s another media platform in PNG that that for just a fraction of that price could be boosted to play a much more significant role in the lives of the country’s citizens: radio.
Bridging Papua New Guinea’s information divide
Lowy Institute
@ShaneMcLeod
Papua New Guinea’s public broadcaster, the National Broadcasting Corporation (NBC), plays a critical role in connecting and informing the nation, especially those citizens without access to other forms of communication. However, the public broadcaster’s transmission infrastructure is degraded and fails to reach a national audience. This is a critical problem ahead of nationwide elections scheduled for mid-2022.
UK
Angry Boris Johnson warns Iran of ‘consequences’ for killing Brit at sea in drone strike
The Sun
@MrHarryCole Jerome Starkey
A senior defence source said the most likely would be in cyberspace, warning “nobody will see it here but they will be left in no doubt you cannot kill a Brit unchecked”. A Foreign Office insider added: “A British national was killed and we have to make clear there are certain lines that can’t be crossed.”
The slow collapse of Amazon’s drone delivery dream
Wired
Andrew Kersley
Well over 100 employees at Amazon Prime Air have lost their jobs and dozens of other roles are moving to other projects abroad as the company shutters part of its operation in the UK, WIRED understands. Insiders claim the future of the UK operation, which launched in 2016 to help pioneer Amazon’s global drone delivery efforts, is now uncertain.
Europe
Germany says wife of man believed to be double agent also helped spy for China
The Washington Post
@RachelPannett
Federal prosecutors in Germany have charged a German Italian woman with espionage, alleging that she worked with her husband to feed information to Chinese intelligence for years. In a statement Monday, prosecutors said the woman, identified only as Klara K., is the wife of Klaus L., a retired German political scientist. He was arrested last month on suspicion of spying for China for almost a decade, using the political contacts he built up at a think tank.
Influencer in chief: Macron answers vaccine skeptics on TikTok and Instagram.
The New York Times
@aurelienbrd
As governments look to social media influencers to try to raise vaccination rates among the young, President Emmanuel Macron of France is making his own self-consciously informal videos.
Cyberattack knocks Italian vaccine registration portal offline
CyberScoop
@timstarks
A cyberattack over the weekend shut down the COVID-19 vaccination registration system for an Italian region that includes the city of Rome, officials there said. Nicola Zingaretti, president of the Lazio region, said in a Facebook post on Monday that the area suffered a “cyber attack of criminal origin,” according to a Google translation. “We do not know who the perpetrators are and their purposes,” he wrote.
Russia
Inside a Ransomware Negotiation: This Is How ‘Asshole’ Russian Hackers Shake Down Companies
The Daily Beast
@shanvav
The Daily Beast obtained transcripts of a victim negotiating with a ransomware gang this summer, just as the Biden administration began to grapple with an onslaught of attacks.
Russia tells UN it wants vast expansion of cybercrime offenses, plus network backdoors, online censorship
The Register
Thomas Claburn
Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime. The proposal, titled "United Nations Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes," calls for member states to develop domestic laws to punish a far broader set of offenses than current international rules recognize.
An interview with BlackMatter: A new ransomware group that’s learning from the mistakes of DarkSide and REvil
The Record by Recorded Future
Dmitry Smilyanets
In July, a new ransomware gang started posting advertisements on various cybercrime forums announcing that it was seeking to recruit partners and claiming that it combined the features of notorious groups like REvil and DarkSide.
Gender and Women in Cyber
The voices of women in tech are still being erased
MIT Technology Review
@histoftech
TikTok’s decision to use a woman’s voice without her permission is only one recent example of a problem that some mistakenly think we’ve moved past.
Misc
Data Is Power
Foreign Affairs
Matthew J. Slaughter David H. McCormick
Data is now at the center of global trade. For decades, international trade in goods and services set the pace of globalization. After the global financial crisis, however, growth in trade plateaued, and in its place came an explosion of cross-border data flows. Measured by bandwidth, cross-border data flows grew roughly 112 times over from 2008 to 2020.
Popular technology that hospitals use to send lab samples is vulnerable, researchers found
CyberScoop
@Tonya Riley
A key technology that hospitals use to deliver medications, blood and other vital lab samples is at significant risk of hacking, new findings suggest. Researchers from the security vendor Armis found nine critical vulnerabilities in the control panel that powers the Translogic pneumatic tube systems from logistics automation company Swisslog Healthcare.
Test quantum mechanics in space — invest US$1 billion
Nature
Shooting glass beads across the inside of a satellite could probe the limits of quantum wave behaviour. Here’s how.
YouTube chief product officer Neal Mohan on the algorithm, monetization, and the future for creators
The Verge
@reckless
YouTubeYouTube chief product officer Neal Mohan joined Decoder this week to discuss YouTube’s new $100 million fund to begin paying creators who use YouTube Shorts, which is its competitor to TikTok. Mohan is bullish on Shorts, which he connects to YouTube’s earliest days as a way to quickly share personal videos.
Facebook Researchers Hope to Bring Together Two Foes: Encryption and Ads
The Information
@bysarahkrouse @SylviaVarnham
Facebook is bulking up a team of artificial intelligence researchers, including a key hire from Microsoft, to study ways of analyzing encrypted data without decrypting it, the company confirmed. The research could allow Facebook to target ads based on encrypted messages on its WhatsApp messenger, or to encrypt the data it collects on billions of users without hurting its ad-targeting capabilities, outside experts say.
Trusted platform module security defeated in 30 minutes, no soldering required
Ars Technica
@dangoodin001
Sometimes, locking down a laptop with the latest defenses isn't enough.
Facebook silences the people who know its operations best
The Washington Post
Yaël Eisenstat
Tech giants use nondisparagement clauses to keep former employees from discussing the companies.
Research
China’s Surveillance State
Top10VPN
@Valentin Weber @Vasilis Ververis
How American and Chinese companies collaborate in the construction and global distribution of chinas information control apparatus.
Jobs
ICPC Deputy Director – 12 month parental leave cover
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) is currently recruiting for a one-year parental leave cover for its Deputy Director position. This is an exceptional opportunity for a talented and experienced individual to contribute to the work of Australia's leading think-tank on cyber, information, technology and other national security issues in a unique leadership role.
ICPC Senior Analyst & Program Manager
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) potentially has an outstanding opportunity for a proactive, efficient and talented senior analyst & program manager to join its centre..We are looking for a senior individual with a minimum of 10-15 years of demonstrated relevant work experience who possesses excellent project management, stakeholder engagement and staff management skills. They must also possess strong knowledge - either as a generalist or a specialist - of some of the topics ICPC works across, and feel comfortable engaging with politicians, senior policymakers, business representatives and preferably also the media.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.