China rivalry spurs US Congress to align on tech spending | FBI used Australian firm to unlock San Bernardino shooter’s iPhone | China’s tech giants vow, in unison, to play by regulations

Apr 15, 2021

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

Legislation with bipartisan support in Congress would expand the role of the National Science Foundation and provide up to $200 billion in tech and related research funding to meet what backers say is a growing threat from China. The centerpiece of the package is a bill that would rename the federal government’s science agency as the National Science and Technology Foundation, and authorize it to spend $100 billion over five years for research into artificial intelligence and machine learning, robotics, high-performance computing and other advanced technologies. An additional $10 billion would be authorized for the Commerce Department to designate at least 10 regional technology hubs for research, development and manufacturing of key technologies. The Wall Street Journal
The iPhone used by a terrorist in the San Bernardino shooting was unlocked by a small Australian hacking firm in 2016, ending a momentous standoff between the U.S. government and the tech titan Apple. Azimuth Security, a publicity-shy company that says it sells its cyber wares only to democratic governments, secretly crafted the solution the FBI used to gain access to the device, according to several people familiar with the matter. The iPhone was used by one of two shooters whose December 2015 attack left more than a dozen people dead. The Washington Post
Nearly three dozen of China’s largest technology companies have made public pledges to comply with the country’s antimonopoly laws, as they scramble to fall in line following Beijing’s moves to rein in the business empire of Jack Ma, the country’s best-known entrepreneur. On Wednesday, China’s main antitrust watchdog, the State Administration for Market Regulation, published statements from 12 of the companies, including ByteDance Ltd., the owner of short-video social app TikTok, search-engine operator Baidu Inc. and e-commerce platforms JD.com and Pinduoduo. The Wall Street Journal

The World

In Coinbase’s Rise, a Reminder: Cryptocurrencies Use Lots of Energy
The New York Times
@HirokoTabuchi
The company’s stock market arrival establishes Bitcoin and other digital currencies in the traditional financial landscape. It also elevates a technology with astonishing environmental costs.

Australia

Adelaide University refuses millions in research projects due to foreign interference concerns
ABC News
@STomevska
The University of Adelaide has revealed it turned down seven collaborative research projects with overseas institutions due to concerns over foreign interference. The projects rejected include a research proposal from a Chinese multinational technology company based in Shenzhen, which the university said came at "significant financial cost" and "put the renewal of staff employment contracts in jeopardy". The university also turned down a research proposal in "advanced materials" from an Australian company, valued at $3 million, after a due diligence investigation revealed commercialisation funding was to come from a Hong Kong company linked to the "Panama Papers" scandal.

Uyghurs living in Australia turn up on hacked Chinese police blacklist
ABC News
@SeanRubinsztein @hui_echo
The Australian citizens, who have lived in Australia for between 7 and 20 years, are among thousands of Uyghurs in China and abroad who are singled out in an official Chinese blacklist for surveillance and interrogation.

WhatsApp conversations with ministers, bureaucrats should be recorded: National Archives boss
The Canberra Times
@dougdingwall
Public servants should keep a record of their WhatsApp conversations with ministers - or not use encrypted messages for government business at all, says the National Archives of Australia chief.

China

China’s Tech Giants Vow, in Unison, to Play by Regulator’s Rules
The Wall Street Journal
@StephanieAYang
Nearly three dozen of China’s largest technology companies have made public pledges to comply with the country’s antimonopoly laws, as they scramble to fall in line following Beijing’s moves to rein in the business empire of Jack Ma, the country’s best-known entrepreneur. On Wednesday, China’s main antitrust watchdog, the State Administration for Market Regulation, published statements from 12 of the companies, including ByteDance Ltd., the owner of short-video social app TikTok, search-engine operator Baidu Inc. and e-commerce platforms JD.com and Pinduoduo.

China Warns 34 Tech Firms to Curb Excess in Antitrust Review
Bloomberg
@pingroma
China ordered 34 internet corporations Tuesday to rectify their anti-competitive practices within the next month, signaling that Beijing’s scrutiny of its most powerful firms hasn’t ended with the conclusion of a probe into Alibaba Group Holding Ltd.

Tesla data collected in China is kept in China, exec says
Reuters
Data collected from Tesla Inc’s electric cars in China is stored in China, the U.S. automaker’s vice president said, after reports that China’s military has banned Teslas from its facilities.

Bill Birtles @billbirtles

China’s gov continuing to attack the BBC, pushing out state media headlines like this one, which reads ‘BBC again publishers fake news smearing Chinese vaccines’. The story is about the Chinese CDC official Gao Fu’s comments about non-mRNA vaccines having ‘not high’ efficacy

Read our report 'Trigger warning. The CCP’s coordinated information effort to discredit the BBC' here.

China’s Dystopian “New IP” Plan Shows Need for Renewed US Commitment to Internet Governance
Just Security
@MarkCMontgomery, Theo Lebryk
China released its 14th Five-Year plan for economic development last month, including its intended next steps in technology. The blueprint makes clear that, even before the ink is dry on many 5G contracts for broadband telecommunications, China and its networking giant Huawei are gearing up to ensure their vision of the internet goes global.

Xinjiang statement removed from cotton watchdog website
Axios
@BethanyAllenEbr
Last year, an international cotton watchdog organization announced it was ceasing all operations in Xinjiang amid reports of widespread forced labor. That statement has now disappeared from the organization's website as backlash grows in China against international attempts to boycott Xinjiang cotton.

Do China’s ‘wolf warrior’ diplomats really have any bite?
Financial Times
@LindsayPGorman
Chinese officials have increasingly taken to Twitter over the past year in the face of mounting global concern about Xinjiang. That has now gone into overdrive. In just the last week of March, China’s diplomatic and state media accounts tweeted about the province more than 2,000 times — an eight-fold spike in frequency, according to research complied by the Alliance for Securing Democracy, where we track authoritarian social media accounts.. So far, this propaganda flood seems to have done a better job of fuelling a backlash than of convincing other governments. As the French foreign trade minister wrote, “It is not by trying to intimidate our parliamentarians, researchers & academics that [China] will respond to legitimate concerns about the treatment of Uyghurs in #Xinjiang”.

USA

The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm.
The Washington Post
@nakashimae @ReedAlbergotti
The iPhone used by a terrorist in the San Bernardino shooting was unlocked by a small Australian hacking firm in 2016, ending a momentous standoff between the U.S. government and the tech titan Apple. Azimuth Security, a publicity-shy company that says it sells its cyber wares only to democratic governments, secretly crafted the solution the FBI used to gain access to the device, according to several people familiar with the matter. The iPhone was used by one of two shooters whose December 2015 attack left more than a dozen people dead.

China Rivalry Spurs Republicans and Democrats to Align on Tech Spending
The Wall Street Journal
@johndmckinnon
Legislation with bipartisan support in Congress would expand the role of the National Science Foundation and provide up to $200 billion in tech and related research funding to meet what backers say is a growing threat from China. The centerpiece of the package is a bill that would rename the federal government’s science agency as the National Science and Technology Foundation, and authorize it to spend $100 billion over five years for research into artificial intelligence and machine learning, robotics, high-performance computing and other advanced technologies. An additional $10 billion would be authorized for the Commerce Department to designate at least 10 regional technology hubs for research, development and manufacturing of key technologies.

Jonathan Zittrain @zittrain

Extraordinary: A number of Microsoft Exchange servers were compromised with no easy way to alert their owners. The DOJ, with a court’s license, used the same vulnerability to undo the hack, and now is trying to get the word out.

Justice Department announces court-authorized effort to disrupt exploitation of Microsoft Exchange Server vulnerabilitiesAuthorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers in the United Statesjustice.gov

FBI Accesses Computers Around Country to Delete Microsoft Exchange Hacks
VICE
@josephfcox
On Tuesday the Department of Justice announced the FBI was given approval to access hundreds of computers across the United States running vulnerable versions of Microsoft Exchange Server software to remove web shells left by hackers who had earlier penetrated the systems.

With court order, FBI removes hundreds of Exchange Server web shells from US organizations
CyberScoop
@snlyngaas

NSA Cyber @NSACyber

NSA urges applying critical Microsoft patches released today, as exploitation of these #vulnerabilities could allow persistent access and control of enterprise networks. April 2021 Update Tuesday packages now available – Microsoft Security Response Centermsrc-blog.microsoft.com

Matt Gaetz’s Wingman Paid Dozens of Young Women—and a 17-Year-Old
The Daily Beast
@Jose_Pagliery @SollenbergerRC
Venmo payment records reveal a vast network of young women received money from Rep. Matt Gaetz’s associate, the accused sex trafficker Joel Greenberg.

A 23-Year-Old Coder Kept QAnon Online When No One Else Would
Bloomberg
@WilliamTurton @joshuabrustein
Two and a half months before extremists invaded the U.S. Capitol, the far-right wing of the internet suffered a brief collapse. All at once, in the final weeks of the country’s presidential campaign, a handful of prominent sites catering to White supremacists and adherents of the QAnon conspiracy movement stopped functioning. To many of the forums’ most devoted participants, the outage seemed to prove the American political struggle was approaching its apocalyptic endgame. “Dems are making a concerted move across all platforms,” read one characteristic tweet. “The burning of the land foreshadows a massive imperial strike back in the next few days.” In fact, there’d been no conspiracy to take down the sites; they’d crashed because of a technical glitch with VanwaTech, a tiny company in Vancouver, Wash., that they rely on for various kinds of network infrastructure. They went back online with a simple server reset about an hour later, after the proprietor, 23-year-old Nick Lim, woke up from a nap at his mom’s condo.

How Facebook’s Ad System Lets Companies Talk Out of Both Sides of Their Mouths
The Markup
@jeremybmerrill
Exxon, Comcast, and other companies target people of different political leanings with different ads.

Europe

Ransomware Attack Creates Cheese Shortages in Netherlands
Threat Post
Becky Bracken
An Easter weekend ransomware attack on a food-logistics firm in the Netherlands has caused shortages of prepackaged cheese in supermarkets across the country.

Misc

MyPillow CEO’s free speech social network will ban posts that take the Lord’s name in vain
The Verge
@russellbrandom
After a public break with Facebook and Twitter, MyPillow founder Mike Lindell is getting close to the launch of a new conservative-focused social network, giving more detail on the project in a video posted online this week. Called simply “Frank,” the social network plans to open its doors to a limited set of users on April 16th...“You don’t get to use the four swear words: the c-word, the n-word, the f-word, or God’s name in vain,” Lindell says in the video.

COVID-Related Threats, PowerShell Attacks Lead Malware Surge
Threat Post
Becky Bracken
Surging numbers of COVID-themed attacks, PowerShell trojans, along with the SolarWinds compromise and the continued spread of Sunburst malware were major contributors to a massive spike in the number of observed attacks in the wild during the last half of 2020, which McAfee’s said averaged 588 attacks per minute within its telemetry during Q3 and Q4 of 2020.

Twitter will study ‘unintentional harms’ caused by its algorithms
Engadget
@karissabe
The company will study its content recommendations and image cropping as part of the effort.

Data Brokers Are a Threat to Democracy
Wired
@jshermcyber
Unless the federal government steps up, the unchecked middlemen of surveillance capitalism will continue to harm our civil rights and national security.

Falun Gong, Steve Bannon And The Trump-Era Battle Over Internet Freedom
NPR
@davidfolkenflik
Of all the disruptions unleashed by the Trump White House on how the federal government typically works, the saga of one small project, called the Open Technology Fund, stands out.

The spectacle of anti-Asian violence on Instagram
Vox
@terrygtnguyen
Asian news sites like NextShark brought attention to anti-Asian racism — at the cost of circulating graphic imagery.