Belgium warns against Huawei | New cyberthreat from Iran | Password-spraying of US power grid linked to Iran
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Belgium’s security services have classed the Chinese-led rollout of 5G networks at the second-highest security level, saying limits should be placed on technologies coming from “unreliable” operators. Brussels Times
Saudi authorities detected a new destructive cyberattack suspected of coming from Iran on Dec. 29, the same day the U.S. military struck targets controlled by Iranian-backed proxies. Yahoo News
Iranian linked state-sanctioned hackers have been carrying out a broad campaign of so-called password-spraying attacks, which guess a set of common passwords for hundreds or even thousands of different accounts, targeting US electric utilities as well as oil and gas firms. Wired
Australia
Ending secrecy key to filling the void on cybersecurity
Australian Financial Review
Anthony Bergin
Two key new national security leadership positions provide an opportunity to develop a partnership between business and government to safeguard Australia. Today, corporate security is national security.
China
Latest 'Intrusion Truth' data dump peels back layers on Chinese front companies
Cyber Scoop
@jeffstone500
The anonymous group known in the cybersecurity world for publishing detailed blog posts about suspected nation-state hackers released new information Thursday alleging that Chinese technology companies are recruiting attackers working on Beijing’s behalf.
Read Intrusion Truth’s blog-post here.
Exploring China’s Orwellian Digital Silk Road
The National Interest
@JohnHemmings2
By acting as network architects and administrators, Beijing will be privy to data streams in real-time across a large portion of the world, enabling them to develop influence and power across a number of different matrixes.
China Steps Up Its Information War in Taiwan
Foreign Affairs
@RushDoshi
The Chinese government has undertaken a vast information influence campaign designed to support its favored candidates and sow distrust in Taiwan’s democracy. China’s efforts go far beyond spreading disinformation and stale state propaganda.
USA
Iranian Hackers Have Been ‘Password-Spraying’ the US Grid
Wired
@a_greenberg
Iranian linked state-sanctioned hackers have been carrying out a broad campaign of so-called password-spraying attacks, which guess a set of common passwords for hundreds or even thousands of different accounts, targeting US electric utilities as well as oil and gas firms. According to a new report.
America’s Future Lies in Technical Alliances
Georgetown University
@flaggster73
This next century calls on us to dream a new American strategy – one that embraces R&D as a fundamental enabler, blends leadership with alliances, collaboration with competition and establishes a strategy embracing the full power of America’s innovation ecosystem.
U.S Funds Program With Free Android Phones For The Poor — But With Permanent Chinese Malware
Forbes
@iblametom
For years, low-income households have been able to get cheap cell service and even free smartphones via the U.S. government-funded Lifeline Assistance program. But according to security researchers, there’s a catch: the Android phones come with preinstalled Chinese malware, which effectively opens up a backdoor onto the device and endangers their private data.
This Secretive Surveillance Company Is Selling Cops Cameras Hidden in Gravestones
Motherboard
@josephfcox
A surveillance vendor that works with U.S. government agencies, such as the FBI, DEA, and ICE, is marketing spying capabilities to local police departments, including cameras that are hidden inside a tombstone, a baby car seat, and a vacuum cleaner.
Excerpt from a Special Services Group brochure, shared by Motherboard, advertising a HD, 360 degree surveilence camera hidden in a car baby seat.
San Diego’s massive, 7-year experiment with facial recognition technology appears to be a flop
Fast Company
@djpangburn
Since 2012, the city’s law enforcement agencies have compiled over 65,000 face scans and tried to match them against a massive mugshot database. But it’s almost completely unclear how effective the initiative was, with one spokesperson saying they’re unaware of a single arrest or prosecution that stemmed from the program.
Facebook sticking with policies on politicians' lies and voter targeting
Politico
@Ali_Lev @ZachMontellaro
Facebook is standing by its policies that allow politicians to lie to voters, while targeting their ads at narrow subsets of the public — decisions with vast implications for the more than $1 billion in online campaign messaging expected in this year’s elections.
US lawmaker seeks ban on sharing intelligence with countries that use Huawei’s 5G networks
Reuters
U.S. Senator Tom Cotton on Wednesday introduced a bill that would prevent the United States from sharing intelligence with countries that allow Chinese telecoms giant Huawei Technologies to operate 5G network technology within their borders.
North Asia
North Korean hackers getting more careful, targeted in financial hacks
Cyber Scoop
@shanvav
North Korean hackers have for years been using different tactics to run cyber-enabled financial heists, most recently using front companies to compromise cryptocurrency-related businesses.
South Asia
Democracies Can Become Digital Dictators
Wired
Internet shutdowns in India prove it's not just authoritarians who repress online.
Strong Encryption Is Central to Good Security – India’s Proposed Intermediary Rules Puts It at Risk
Internet Society
@Ryan_ISOC
Security and encryption experts from around the world are calling on the Indian Ministry of Electronics and Information Technology (MeiTy) to reconsider proposed amendments to intermediary liability rules that could weaken security and limit the use of strong encryption on the Internet.
Europe
Belgian security services call to restrict 5G technology
Brussels Times
@Ev_McCullough
Belgium’s security services have classed the Chinese-led rollout of 5G networks at the second-highest security level, saying limits should be placed on technologies coming from “unreliable” operators. “Our security services recommend protection level 4… limiting the use of parts of 5G technology that come from unreliable suppliers,” said Telecom Minister Philippe De Backer said in parliament. While the security services did not name names as to whom such restrictions would be imposed on, Chinese multinationals Huawei and ZTE are the leading providers of 5G technology.
Middle East
New Iranian data wiper malware hits Bapco, Bahrain's national oil company
ZDNet
@campuscodi
Iranian state-sponsored hackers have deployed a new strain of data-wiping malware on the network of Bapco, Bahrain's national oil company, ZDNet has learned from multiple sources. The incident took place on December 29.
Saudis warn of new destructive cyberattack that experts tie to Iran
Yahoo News
@jennamc_laugh
Saudi authorities detected a new destructive cyberattack suspected of coming from Iran on Dec. 29, the same day the U.S. military struck targets controlled by Iranian-backed proxies in retaliation for a rocket attack that killed an American contractor the previous Friday.
A Pro-Iran Instagram Campaign Targeted The Trump Family After Soleimani’s Funeral
Buzzfeed News
@janelytv @jsvine
The same day Gen. Qassem Soleimani’s funeral procession filled the streets of Ahvaz, Iran, thousands of pro-Iran Instagram accounts worked in coordination to tag the US president’s family in image posts ranging from the Iranian flag to a beheaded Donald Trump.
Podcast - The other Iranian threat: cyberwarfare
Reset Podcast
@a_greenberg
How much should we worry about Iranian hackers?
Iranian Hacker Panic
Motherboard
@BMakuch
Iranian hackers are a threat, but is it being overblown?
Misc
Read the survey Mihoko refers to here.
TikTok Wants to Stay Politics-Free. That Could Be Tough in 2020.
Wall Street Journal
@georgia_wells @emilyglazer
Advisers from both major parties now say they are looking at ways to use Tik Tok as a platform for reaching young voters. That puts TikTok in a tough position. The company last year banned political ads.
Facebook Is Running Anti-Vax Ads, Despite Its Ban On Vaccine Misinformation
Buzzfeed News
@carolineha_
Despite its own rules prohibiting vaccine misinformation in ads, Facebook is hosting ads for an online pamphlet that falsely claims that the life-saving vaccine is unsafe. A Facebook spokesperson told BuzzFeed News that the ads represented “no violation” of its policies.
Research
North American Electric Cyber Threat Perspective
Dragos
As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases. This report provides a snapshot of the threat landscape as of January 2020.