Cambridge University halts £400m deal with UAE over Pegasus spyware claims | Cybersecurity experts sound alarm on Apple and E.U. phone scanning plans | Apple takes down Quran app in China
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The University of Cambridge has broken off talks with the United Arab Emirates over a record £400m collaboration after claims about the Gulf state’s use of controversial Pegasus hacking software, the university’s vice-chancellor has said. The Guardian
More than a dozen prominent cybersecurity experts on Thursday criticized plans by Apple and the European Union to monitor people’s phones for illicit material, calling the efforts ineffective and dangerous strategies that would embolden government surveillance. The New York Times
Apple has taken down one of the world's most popular Quran apps in China, following a request from officials. Quran Majeed is available across the world on the App Store - and has nearly 150,000 reviews. It is used by millions of Muslims. The BBC understands that the app was removed for hosting illegal religious texts. BBC
ASPI ICPC
Australia
Cyber-crime: How police are rebooting methods for a new era
The Age
John Silvester
Assistant Commissioner Bob Hill and Commander Mick Frewen are traditional cops battling non-traditional crime. They are proving that in law enforcement old dogs can learn new tricks. Hill and Frewen have overseen a “root and branch” examination of how Victoria’s Crime Command works and are rolling out a new strategy, based more on software than hard interrogations. The most significant change relates to cyber-crime. Crooks no longer need to meet face to face, deals can be done without cash and state and international borders are about as relevant as a 30-year-old atlas.
China
China’s tech regulator says scrutiny of internet industry to deepen as targeted six-month campaign continues
South China Morning Post
@shenxinmei
China’s industry regulator plans to deepen scrutiny of the internet industry as it moves into the second half of a six-month campaign launched in July, the agency’s minister told Chinese media, prolonging a crackdown on the technology sector that has lasted for nearly a year. The Ministry of Industry and Information Technology (MIIT) will take “targeted measures” to foster a fair and orderly market environment, Minister Xiao Yaqing told state-run media outlet Economic Daily in an interview published on Sunday.
Chinese tech workers disclose working hours in criticism of '996'
Reuters
@horwitzjosh
A campaign calling on workers at Chinese tech companies and other high-profile firms to log their working hours on a public internet page has gone viral, in the latest backlash against a culture of overtime. Organised by four anonymous creators who described themselves as recent graduates, the "Worker Lives Matter" campaign calls on employees at tech firms to enter their company name, position, and working hours in a spreadsheet posted on GitHub.
Apple takes down Quran app in China
BBC News
@JamesClayton5
Apple has taken down one of the world's most popular Quran apps in China, following a request from officials. Quran Majeed is available across the world on the App Store - and has nearly 150,000 reviews. It is used by millions of Muslims. The BBC understands that the app was removed for hosting illegal religious texts.
China's Self-Destructive Tech Takedown
Project Syndicate
William R. Rhodes @StuartG30
China’s leaders think that they can crack down on the country’s private technology sector and still deliver material progress as state-owned companies take over. But by reversing the policies that enabled decades of rapid growth, they risk imperiling the unique economic model they seek to sustain.
Biotech’s Borders
The Wire
@carrierana22
Chinese biotech companies have made enormous progress in recent years, but they still need one thing: the United States.
The “Phone Disaster”
Rest of World
@dtbyler
In 2017, in Xinjiang, the state awarded an estimated $65 billion in private contracts to build infrastructure and $160 billion more to government entities in the region — an increase of 50% from 2016.While some of this increase in construction spending was centered on non-security-related projects, significant portions of state spending in Xinjiang centered on the building of detention facilities and related infrastructure. State contractors also used these funds to develop new tools in the region’s surveillance system and the Muslim “re-education” campaign.
USA
Cybersecurity Experts Sound Alarm on Apple and E.U. Phone Scanning Plans
The New York Times
@Kellen_Browning
More than a dozen prominent cybersecurity experts on Thursday criticized plans by Apple and the European Union to monitor people’s phones for illicit material, calling the efforts ineffective and dangerous strategies that would embolden government surveillance.
Twitter is being sued for letting Saudi spies inside the company
Protocol
@anna_c_kramer
A prominent human rights activist and Saudi dissident is suing Twitter for allegedly hiring two men who acted as spies for the Saudi government. The suit accuses Twitter of negligence in its failure to detect the two spies inside the company — who are currently under indictment from U.S. federal prosecutors — and prevent them from stealing personal information for the Saudi government.
US links $5.2 billion worth of Bitcoin transactions to ransomware
Bleeping Computer
@serghei
The U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) has identified roughly $5.2 billion worth of outgoing Bitcoin transactions likely tied to the top 10 most commonly reported ransomware variants.
U.S. Treasury puts crypto industry on notice over rising ransomware attacks
Reuters
@chrissanders88 @Bing_Chris @DPsaledakis
Suspected ransomware payments totaling $590 million were made in the first six months of this year, more than the $416 million reported for the whole of 2020, U.S. authorities said on Friday, as Washington put the cryptocurrency industry on alert about its role in combating ransomware attacks.
We ‘Blew It’ On Battling COVID Disinfo, Say Army's Pandemic Response Leaders
Defense One
@ECBHowe
The U.S. Army’s COVID-19 response leaders had plenty to say about its successes in the face of the pandemic, but also readily identified one facet of the operation where they failed. “We blew it in a lot of ways. And the biggest lesson learned is the value of strategic communications,” Paul Ostrowski said during the U.S. Army Association’s annual conference this week. Ostrowski, who recently retired as a three-star, served on Operation Warp Speed as director of supply, production and distribution for the program.
Sen. Marco Rubio: It's time to fire John Kerry, Biden's ethically challenged climate czar
Fox News
@marcorubio
For weeks, rumors have swirled in Washington about President Joe Biden’s climate czar John Kerry and his opposition to taking concrete action against the Chinese Communist Party’s use of slave labor. Now, we may have an answer about his reluctance to take action: according to a new report, Kerry and his wife have at least $1 million invested in a Chinese investment group called Hillhouse China Value Fund L.P.
Learn more about YITU Technology via our Mapping China’s Tech Giants project.
The White House's Plan to Stop Government Employees From Getting Phished
VICE
@josephfcox
The White House has an ambitious plan to greatly reduce the risk of phishing to the U.S. government. Part of that is having agencies phase out the use of SMS and app-based multi-factor authentication, and replace them with phishing-resistant methods such as hardware security keys.
One of the world’s most popular iOS apps right now was developed by Chinese police
Quartz
@Jane_Li911
Developed by China’s ministry of public security, “the national anti-fraud center” was the second most downloaded iOS app in September after TikTok, according to Sensor Tower’s monthly report this week. The analytics firm didn’t reveal the number of downloads for the Chinese app, which helps citizens block suspicious phone numbers and report malware, but it exceeded interest in YouTube, WhatsApp, and Instagram.
Amazon-owned Twitch says source code exposed in last week's data breach
Reuters
@mehta_chavi @EvaMathews99
Amazon.com Inc-owned (Twitch said on Friday that last week's data breach at the live streaming e-sports platform contained documents from its source code.
U.S. pursues a unique solution to fight hackers. It revolves around esports.
The Washington Post
@VildeHaya
As the United States seeks to shore up its defenses against cyberattacks, the country is seeking to harness the skills of some of the country’s most promising young minds using a model that mirrors competitive video gaming, also known as esports. U.S. Cyber Games, a project founded in April and funded by the National Institute of Standards and Technology’s National Initiative for Cybersecurity Education, has assembled a team of 25 Americans, ages 18 to 26, who will compete against other countries in the inaugural International Cybersecurity Challenge, scheduled to be held in Greece in June 2022.
East Asia
South Korea targets Apple over new app store regulation
Reuters
Joyce Lee
Apple was on a collision course with South Korea on Friday over new requirements that it stop forcing app developers to use its payment systems, with a government official warning of a possible investigation into the iPhone maker's compliance.
South & Central Asia
India’s high-tech governance risks leaving behind its poorest citizens
The Economist
@TheEconomist
Given India’s immense scale and complexity, and with its deep pool of highly skilled workers, its governments have increasingly turned to high-tech solutions for all sorts of problems. Generally these have eased burdens on both rulers and the governed, despite some expected glitches. Yet precisely because of India’s size and poverty, tens of millions still are left out—because they are poor, illiterate, disabled, lack electricity, do not possess a smartphone or cannot connect to a mobile or Wi-Fi network.
Hindu group urges India to regulate platforms, cryptocurrency
Reuters
@shilpajay
A powerful right-wing Hindu group linked to India's ruling party has called for curbs on streaming platforms and cryptocurrencies, saying regulation was essential.
We need to talk about digital ID: why the World Bank must recognize the harm in Afghanistan and beyond
Access Now
@veroluiza @wentword
With two of the world’s most influential power brokers meeting this week, what they failed to put on the agenda speaks volumes. Every year the World Bank and International Monetary Fund holds an annual summit to discuss the challenges and choices that determine whether we will have a sustainable and inclusive world. This year, they chose not to discuss digital identity programs, even though the World Bank itself funds and promotes these “Big ID” systems — including the systems the Taliban reportedly seized in Afghanistan.
IT ministry notifies amended controversial social media rules
Dawn
@javidhussainjj
The Ministry of Information Technology and Telecommunication on Thursday notified the amended social media rules that stakeholders and digital rights activists have strongly criticised. In a statement, IT and Telecom Minister Aminul Haque said under the rules, social media companies would have to abide by Pakistani laws and the rights of social media users.
UK
Cambridge University halts £400m deal with UAE over Pegasus spyware claims
The Guardian
@RichardA @georgia__goble Nick Bartlett
The University of Cambridge has broken off talks with the United Arab Emirates over a record £400m collaboration after claims about the Gulf state’s use of controversial Pegasus hacking software, the university’s vice-chancellor has said.
Facial recognition cameras arrive in UK school canteens
Financial Times
@cynthiao
Facial recognition computers have found an unlikely new niche: scanning the faces of thousands of British pupils in school canteens. On Monday, nine schools in North Ayrshire will start taking payments for school lunches by scanning the faces of pupils, claiming that the new system speeds up queues and is more Covid-secure than the card payments and fingerprint scanners they used previously.
Europe
Looks Like Facebook Found a Way to Bypass Europe’s Privacy Rules
VICE
@daithaigilbert
When Europe introduced its General Data Protection Regulation (GDPR) privacy laws in 2018, they were held up across the globe as the gold standard for protecting consumers’ data, and a way to finally bring tech companies like Facebook to heel. But a draft ruling by Ireland’s Data Protection Commission (DPC), published on Wednesday, paves the way for Facebook to completely bypass the GDPR regulations and continue to collect and use its users’ data without their explicit consent.
EU appeals to shared values to tempt Taiwan's chip firms
Reuters
Ben Blanchard
The European Union and Taiwan are democracies with shared values and are natural partners when it comes to semiconductors, a senior EU official said on Thursday, making a pitch for the island's key chip firms to invest in the bloc. Tech powerhouse Taiwan, home to companies like Taiwan Semiconductor Manufacturing Co Ltd, has become front and centre of efforts to resolve a shortage of chips that has shut some auto production lines around the world and whose impact is now being felt in consumer electronics too.
EU Must Be Speedy to Catch Tech Giants, Antitrust Watchdog Warns
Bloomberg
@aoifewhite101
The European Union’s top antitrust official warned that enforcers must move faster to tackle big tech’s bad behavior, hinting at how they may try to fix future problems. “We must intervene promptly” Olivier Guersent, director general of the European Commission’s competition unit, said at an online conference. If you are too slow, “you impose a very high fine but the damage is done and there’s nothing you can do to repair the harm” when tech giants take over a market.
Russia
Russia is pouring millions into Kremlin propaganda targeting the U.S.
OpenSecrets
@annalecta
Russian media outlets reported spending more than $146 million on foreign influence operations and propaganda in the U.S. since 2016, with over $16 million on propaganda targeting the U.S. in 2021, OpenSecrets’ analysis of new Foreign Agents Registration Act records shows.
Moscow says it is first to launch large-scale metro facial ID payment system
Reuters
@gabrielletf
Moscow's sprawling metro network on Friday launched a fare payment system using facial recognition technology at its more than 240 stations, an initiative the authorities said was the first of its kind in the world.
Americas
El Salvador sees greener crypto-currency mining in its future
Reuters
Nelson Renteria
El Salvador's unfolding experiment as a first-adopter of the crytocurrency bitcoin could be increasingly powered by new streams of renewable energy, the chief of the country's hydroelectric commission told reporters on Friday.
Cyberattack disrupts services at Ecuador’s largest bank
Associated Press
Customers of Ecuador’s largest bank continued to experience service disruptions on Friday following a cyberattack on the institution several days earlier. Long lines formed outside Pichincha bank branches and thousands of customers took their complaints to social media. People reported being unable to access services offered by the bank(s online and mobile app. ATMs worked somewhat regularly and branches remained open. The bank in a statement Monday acknowledged that it had “identified a cybersecurity incident in our systems that has partially disabled our services.”
Middle East
A Telegram Bot Told Iranian Hackers When They Got a Hit
WIRED
@brbarrett
When the Iranian hacking group APT35 wants to know if one of its digital lures has gotten a bite, all it has to do is check Telegram. Whenever someone visits one of the copycat sites they’ve set up, a notification appears in a public channel on the messaging service, detailing the potential victim’s IP address, location, device, browser, and more. It’s not a push notification; it’s a phish notification.
Countering threats from Iran
Google
Ajax Bash
Google’s Threat Analysis Group tracks actors involved in disinformation campaigns, government backed hacking, and financially motivated abuse. We have a long-standing policy to send you a warning if we detect that your account is a target of government-backed phishing or malware attempts. So far in 2021, we’ve sent over 50,000 warnings, a nearly 33% increase from this time in 2020.
Misc
After Wild West start, scooter providers chase scale to survive
Reuters
@nick_carey @reutersCarolynC
The era of breakneck growth for electric scooter firms is giving way to more selective expansion focused on profits as they face tougher regulations, more demanding customers and wary insurers.
The Fight for Sneakers
The New York Times
@daiwaka
Shoppers armed with specialized sneaker bots can deplete a store’s inventory in the time it takes a person to select a size and fill in shipping and payment information. For limited-release shoes, the time advantage afforded by a bot could mean the difference between disappointment and hundreds of dollars in instant profit.
A malware botnet has made more than $24.7 million since 2019
The Record by Recorded Future
@campuscodi
The operators of a malware botnet known as MyKings are believed to have made more than $24.7 million through what security researchers call a “clipboard hijacker.” First spotted in 2016, the MyKings botnet has been one of the most sprawling malware operations in recent years. Also known as the Smominru or the DarkCloud botnet, this gang operates by scanning the internet for internet-exposed Windows or Linux systems that run outdated software.
The dark side of wellness: the overlap between spiritual thinking and far-right conspiracies
The Guardian
@EvaWiseman
Extreme right-wing views and the wellness community are not an obvious pairing, but ‘conspirituality’ is increasingly pervasive. How did it all become so toxic?
Apple’s privacy changes create windfall for its own advertising business
Financial Times
@PatrickMcGee_
Apple’s advertising business has more than tripled its market share in the six months after it introduced privacy changes to iPhones that obstructed rivals, including Facebook, from targeting ads at consumers.
Firebreaks, firewalls, and ‘windows of opportunity’ in cyber norms
ORF
Moliehi Makumane
The Global South must amplify its ideas, perspectives, and positions on cybernorms as multilateral institutions like the UN work towards a framework for responsible state behaviour in cyberspace.
The road to an evenly distributed TechFuture should put the needs of the Global South front and centre
ORF
@andreas_kuehn
Countries in the Global South are keen on leveraging cyberspace for their economic development, and thus, have a considerable interest in the security and stability of the digital realm.
Research
Covid-19 vaccine misinformation and narratives surrounding Black communities on social media
First Draft
@kaylinthewriter @JacquieSMason Rory Smith
Over 75 per cent of US adults have received at least one Covid-19 vaccination. Yet vaccination rates vary widely across regions and demographics. Among those who have received at least one vaccine (percentages are relative to their total population), 68 per cent are Asian, 52 per cent are white, 48 per cent are Hispanic and 43 per cent are Black. In most states where data is available, Black people are receiving a smaller percentage of vaccines relative to their overall population, despite them accounting for a much larger share of Covid-19 deaths.
Bugs in Our Pockets: The Risks of Client-Side Scanning
Cornell University
Hal Abelson @rossjanderson @SteveBellovin Josh Benaloh
Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS).
The 2020 Elections Oral History Project
Stanford Internet Observatory
@stanfordio
This oral history and corresponding policy paper attempts to capture their experiences and offer a path forward for healing the election community and protecting our democracy. By telling the on-the-ground story of election officials in their own voices, we seek to tell the story of those guardians of democracy who administered and secured this election, and, as a result, were the targets of unprecedented, baseless, and heinous attacks.
Events & Podcasts
CyFy 2021 - The Big Pause: Reclaiming our Tech Futures
Observer Research Foundation
@orfonline
The world is on an uneven path to recovery, with distinct divides along the lines of access, capacity, agenda-setting power and capital. Similarly, the metamorphosis of our relationship with technology during the Big Pause will result in deepening conflicts over technology flows and the regimes that shape their contours. The key question animating our digital debates this year is, who will own our tech futures?
Agree to Disagree: Cyber Wars
Intelligence Squared
@JohnDonvan
In this special edition of Intelligence Squared’s Agree-to-Disagree series, John Donvan sits down with David Sanger of The New York Times for a closer examination of ransomware attacks before launching into a much more specific debate with two cyber security experts. The debate: Should paying hacker ransoms be made illegal? Cyber Threat Alliance president and chief executive Michael Daniel and Rapid7 vice-president Jen Ellis square off in light of recent high-profile hackings.
Facebook Doesn’t Have to Be Terrible
WIRED
@GiladEdelman @snackfight @LaurenGoode
This week on Gadget Lab, we talk with WIRED politics writer Gilad Edelman about the overall impact of the whistleblower’s revelations, whether anything will change internally at Facebook, and how plausible it is that even big, sweeping changes to the platform here in the US could fix Facebook’s issues overseas.
Jobs
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.