Chinese spies masquerading as Iranian hackers target Israel | Hacktivists claim to seize passport data of Belarusian security forces | Facebook removes networks from Russia and Myanmar
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Suspected Chinese spies masqueraded as Iranian hackers in a two-year campaign to break into government and telecommunication networks in Israel. The alleged Chinese intruders used a hacking tool previously associated with Iranian operatives, and embedded some of their malicious code with Farsi, the predominant language in Iran. It was part of a broader campaign to gather intelligence at organizations in other Middle East and Central Asian countries that has continued this year, according to FireEye. CyberScoop
The actions of Cyberpartisans, a group of Belarusian hackers who claim to have secured access to the passport data of millions of Belarusians, raise questions about how Alyaksandr Lukashenka’s opponents interpret the right to privacy… “Intelligence, counterintelligence, and KGB employees who have special notes (indicating their occupations) in their passports are completely compromised,” said Andriy Baranovych. “And activists, partisans got the data, not the special services. And now the people who are the backbone of the Lukashenka regime will not feel safe.” Current Time
In July, we removed two networks from Russia and Myanmar. In this report, we’re also sharing an in-depth analysis by our threat intelligence team into one of the operations — a network from Russia linked to Fazze, a marketing firm registered in the UK — to add to the public reporting on this network’s activity across over a dozen different platforms. Facebook
ASPI ICPC
Influence for hire: the Asia–Pacific’s online shadow economy
The Strategist
@JakeWallis_ASPI
In our analysis of information operations and disinformation campaigns linked to the Chinese state, my colleagues in ASPI’s International Cyber Policy Centre and I found anomalies in the data: networks of social media accounts that had previously been marketing Indonesian IT support services, and Russian and Bangladeshi accounts that shifted abruptly into Chinese language. These data points were evidence of an online shadow economy in influence-for-hire services that intersects with the information operations of state actors. A surplus of cheap digital labour makes the Asia–Pacific in particular a focus for operators in this economy, and our new report, Influence for hire: the Asia–Pacific’s online shadow economy, examines the regional marketplace, with case studies of online manipulation in the Philippines, Indonesia, Taiwan and Australia.
ASPI suggests government work with platforms to fight disinformation for hire
ZDNet
@ashabeeeee
A healthy online public sphere requires political will, ASPI's latest report, Influence for hire: The Asia-Pacific's online shadow economy, says. "Transparency about government funding of public messaging when in office would allow citizens and civil society to engage with trust in the digital public sphere… While currently, much of the responsibility for taking action against the covert manipulation of online audiences falls to the social media companies, ASPI said solutions must involve responsibility and transparency in how governments engage with their citizens. "The technology industry, civil society, and governments should make that alignment of values the bedrock of a productive working relationship," it said. "Structures bringing these stakeholders together should reframe those relationships -- which are at times adversarial -- in order to find common ground."China hides behind hackers for hire: study
The West Australian
@Mazzaphrenia
Hack-for-hire groups are selling espionage and disinformation services that help Australia's enemies, according to security experts. Election manipulation and the use of lucrative marketing and spam networks is exposed in a report released by the independent Australian Strategic Policy Institute on Tuesday… Politicians are urged in the report to commit to not using networks of fake social media accounts to manipulate politics in Australian elections. The report also calls for a regional centre of excellence in democratic resilience to be supported by the quad security partnership of Australia, the United States, Japan and India.
Read ASPI ICPC's new report 'Influence for hire. The Asia-Pacific’s online shadow economy'
Australia’s lockdown demonstrations show how quickly local protests can go global
The Strategist
@arielbogle @AlbertYZhang
On 24 July 2021, anti-lockdown protests across Australia led to chaotic scenes and arrests. Presented as demonstrations against Australia’s pandemic restrictions, the protests were also branded as part of a ‘World Wide Rally for Freedom’, leading to speculation about the relationship between domestic events and a global movement. The demonstrations attracted a broad range of protesters and were promoted across chat and social media platforms such as Twitter, Facebook and Instagram. The messaging app Telegram appears to have played an important role in facilitating coordination of protests and dissemination of material between global and domestic accounts. ASPI’s International Cyber Policy Centre has examined 12 Australian Telegram public discussion and announcement channels on which protest planning took place and two international channels.
World
July 2021 Coordinated Inauthentic Behavior Report
Facebook
In July, we removed two networks from Russia and Myanmar. In this report, we’re also sharing an in-depth analysis by our threat intelligence team into one of the operations — a network from Russia linked to Fazze, a marketing firm registered in the UK — to add to the public reporting on this network’s activity across over a dozen different platforms.
Facebook removes anti-vax influencer campaign
BBC
@FloraCarmichael @charliehtweets
Facebook has removed hundreds of accounts which it says were involved in anti-vax disinformation campaigns operated from Russia. The company said the network of accounts targeted India, Latin America and the US. They attempted to recruit influencers to spread false claims to undermine public confidence in particular Covid-19 vaccines, it added.
COVID-19 social media disinformation campaign sought to exploit TikTok, Instagram influencers
CyberScoop
@timstarks
A Russia-based disinformation push about COVID-19 vaccines wasn’t a traditional “influence” campaign, so much as it was partially a campaign on “influencers.”
Russian Trolls Spread Wild Lie That COVID Vax Turns People Into Chimps
Daily Beast
@arawnsley
Russian trolls have been using Planet of the Apes memes in a vain attempt to convince vaccine skeptics that the AstraZeneca vaccine will turn them into chimpanzees.
Asia's economic winners will be those that embrace the open internet
Nikkei Asia
@nickclegg
The global internet is at a defining moment. Policymakers and regulators across Asia and around the world are writing rules that will shape our relationship with the internet for decades to come.
APAC’s vulnerability to cyber attacks
IronNet
@MorganDemboski
As the most targeted region in the world by ransomware and state-sponsored advanced persistent threat (APT) groups, the Asia Pacific region (APAC) experienced a 168% increase in cyberattacks between May 2020 to May 2021.
Australia
Internet titans band together to counter growing ‘techlash’
The Sydney Morning Herald
@carawaters
Australia’s software and internet titans have established a new peak body to represent the technology industry, in a bid to strengthen the fast-growing sector’s clout with lawmakers and counter a growing worldwide ‘tech lash’. As foreshadowed by this masthead’s CBD column last week, the newly formed Tech Council of Australia officially launches on Wednesday, with Tesla chair Robyn Denholm overseeing a board that also includes Atlassian co-founder Scott Farquhar, Afterpay co-founder Anthony Eisen and Canva co-founder Cliff Obrecht.
The ABS’s plan to safeguard Australia’s 2021 census
CSO
David Binning
After an embarrassing DOS attack in 2016 and a slew of recent cyberattacks on government, businesses, and citizens, the statistics agency has redoubled its cybersecurity efforts.
Government seeking feedback on options for regulatory reforms to strengthen cybersecurity practices
Gilbert + Tobin
Tim Gole, Jen Bradley, India Monaghan
The Department of Home Affairs has now released as part of its Australia’s Cyber Security Strategy (2020) a discussion paper, Strengthening Australia’s cyber security regulations and incentives, which discusses options for cybersecurity expectations and standards in corporate governance and in the dealing of information assets by large businesses.
China
China’s biggest tech losers
Financial Times
@ChrisNuttall
Beijing’s regulatory assault on China’s tech industry has lopped $87bn off the net worth of the sector’s wealthiest tycoons since the start of July, hitting the fortunes of magnates such as Tencent’s Pony Ma and Pinduoduo’s Colin Huang.
What tech does China want?
The Economist
In a decade or so China will, if the Communist Party has its way, become a techno-utopia with Chinese characteristics, replete with “deep tech” such as cloud-computing, artificial-intelligence (AI), self-driving cars and home-made cutting-edge chips.
Xi's tech crackdown preserves socialism with Chinese characteristics
Nikkei Asia
@mcgregorrichard
Indeed, the prevailing state media line is that the current crackdown, while messy, is a necessary corrective to what orthodox Marxists would label as dangerous monopoly capitalism. If there is a single lesson for traumatized investors, it is that the status quo in China can change overnight. Xi has many priorities. Building socialism is at the top of the list. Helping foreign investors is not.
Tencent makes more NFT and blockchain moves: Blockheads
TechNode
@QinchenCQ
Tencent Music announced on Monday that it plans to release “digital collections” on its music streaming service QQ Music starting this month. The company confirmed with Chinese media that the collection will incorporate NFT technology.
This Is How Banned Goods From China's Xinjiang May Be Entering The US
BuzzFeed News
@meghara
A major organization in the region, sanctioned for its “connection to serious human rights abuses against ethnic minorities,” still does business all over the world… The report found that some of the consumer items made with those products, such as tomato sauce or textiles, are sold in the United States as well as to other countries like Australia, Canada, and Germany.
Explore ASPI ICPC’s Xinjiiang Data Project
$600m in cryptocurrencies swiped from Poly Network servers after security snafu
The Register
@katyanna_q
Poly Network, a Chinese software biz that processes cryptocurrency transactions across different blockchain platforms, urged hackers to return $600m worth of stolen digital cash in what it called the “biggest [attack] in DeFi history.” DeFi stands for decentralised finance.
Watching the Watchers
Sixth Tone
@dynamism42 Shi Yangkun
Ge spent the following weekends hunched over the camera, peering into the lens for up to three hours at a time. He hoped this practice would allow him to engage the country’s growing surveillance network on a human level, he says.
USA
A new Plandemic-like misinformation video has earned tens of millions of Facebook engagements via streaming platforms
Media Matters for America
@AlKapDC @ohhkaygo
In a little more than three days, a viral video pushing misleading claims about coronavirus vaccines and masks has earned more than 90 million Facebook engagements from uploads to streaming platforms, receiving millions of views.
Virus Misinformation Spikes as Delta Cases Surge
The New York Times
@daveyalba
Researchers have recorded a new burst of false and misleading information about the coronavirus after a decline in the spring.
Inside the White House-Facebook Rift Over Vaccine Misinformation
The New York Times
@KannoYoungs @ceciliakang
Interviews with administration officials, Facebook employees and other people with knowledge of the internal discussions revealed new details about who took part in the talks and the issues that fed the frustrations between the White House and the Silicon Valley titan.
Courts order handover of breach forensic reports in trend welcomed by consumers, feared by defendants
CyberScoop
@timstarks
In the past year, three judges have ordered companies that suffered data breaches to hand over internal forensic reports on how the incident happened — a trend that could lend new insights into incidents where consumers’ personal data is exposed, at the expense of companies that want to keep that information to themselves.
Apple’s head of Privacy details child abuse detection and Messages safety features
TechCrunch
@panzer
I spoke to Erik Neuenschwander, head of Privacy at Apple, about the new features launching for its devices. He shared detailed answers to many of the concerns that people have about the features and talked at length to some of the tactical and strategic issues that could come up once this system rolls out.
To Counter China, U.S. Needs to Mobilize Academia
Bloomberg
@HalBrands
A bipartisan group in the House of Representatives recently introduced a bill to create an Open Translation and Analysis Center focused on China. If enacted, the bill would revive one of the best traditions of Cold War statecraft — a federally funded effort, uniting government and academia, to understand a sometimes mysterious enemy. The proposed initiative appears, at first glance, fairly pedestrian. OTAC would receive $80 million in annual funding to translate Chinese documents — everything from Xi Jinping’s speeches to reports by the People’s Liberation Army — and make them freely available online.
NSA Awards Secret $10 Billion Contract to Amazon
Nextgov
The National Security Agency has awarded a secret cloud computing contract worth up to $10 billion to Amazon Web Services, Nextgov has learned. The contract is already being challenged.
NSA watchdog opens investigation into Carlson spying claims
The Record by Recorded Future
@martinmatishak
The NSA’s inspector general announced on Tuesday that it has opened an investigation into Tucker Carlson’s allegations that the spy agency targeted his communications.
Southeast Asia
Chinese espionage group targets critical infrastructure orgs in Southeast Asia
The Record by Recorded Future
@campuscodi
A cyber-espionage group believed to be operating out of China has targeted at least four critical infrastructure organizations in a southeast Asian country, security firm Symantec said in a report last week.
South & Central Asia
Twitter now in compliance with India’s new IT rules, government says
TechCrunch
@refsrc
Twitter is now complying with India’s new IT rules, New Delhi told a court Tuesday, in a move that is expected to ease months-long tension between the American social media network and the government of the key overseas market.
India’s digital policies are putting US tech in a bind
Atlantic Council
@MarkLinscott5 @AKRaghuraman
India has a message for US tech firms: Play by our rules—or risk losing out on our 750 million internet users. While India’s size and growth potential make it an attractive target for investment, these same factors also give Prime Minister Narendra Modi’s government unique leverage over America’s largest tech platforms.
Flush with unicorns, India's tech moment to overtake China arrives
Business Standard
@SarithaRai
Last week marked a watershed for technology startups in India, as a record bout of fundraising shifted attention to the world’s second-most populous market, just as investors were becoming spooked by a crackdown on internet companies in China.
UK
We'll drop SBOMs on UK.gov to solve Telecoms Security Bill's technical demands, beams Cisco
The Register
@GazTheJourno
Britain's Telecoms Security Bill will be accompanied by a detailed code of practice containing 70 specific security requirements for telcos and their suppliers to meet, The Register can reveal.
Europe
Seeking Change, Anti-Lukashenka Hackers Seize Senior Belarusian Officials’ Personal Data
Current Time
@oweneliz
The actions of Cyberpartisans, a group of Belarusian hackers who claim to have secured access to the passport data of millions of Belarusians, raise questions about how Alyaksandr Lukashenka’s opponents interpret the right to privacy… “Intelligence, counterintelligence, and KGB employees who have special notes (indicating their occupations) in their passports are completely compromised,” said Andriy Baranovych. “And activists, partisans got the data, not the special services. And now the people who are the backbone of the Lukashenka regime will not feel safe.”
Europe was the world’s great tech enforcer. Not anymore.
Politico
@vmanancourt @stuartklau
But with China and the United States ratcheting up pressure on their tech industries this year, the EU may find its grip on that role slipping — especially as the world’s rival superpowers look like they might pack a bigger punch. China is moving aggressively to assert control over companies like Alibaba, while the U.S. — with a trustbusting regulator and bipartisan support — is taking on Google and Facebook in court, after more than a decade on the sidelines.
Combatting online racist abuse: an update following the Euros
Twitter UK
@TwitterUK
In advance of the Euro 2020 Tournament, alongside our wider work with the football authorities, we put in place specific plans to quickly identify and remove racist, abusive Tweets targeting the England team and wider Euros conversation.
Middle East
Chinese hackers posed as Iranians to breach Israeli targets, FireEye says
CyberScoop
@snlyngaas
Suspected Chinese spies masqueraded as Iranian hackers in a two-year campaign to break into government and telecommunication networks in Israel. The alleged Chinese intruders used a hacking tool previously associated with Iranian operatives, and embedded some of their malicious code with Farsi, the predominant language in Iran. It was part of a broader campaign to gather intelligence at organizations in other Middle East and Central Asian countries that has continued this year, according to FireEye.
In First Massive Cyberattack, China Targets Israel
Haaretz
@amitaiz
Attack, revealed by FireEye, also targeted Israeli defense bodies and was part of a broader campaign by Chinese intel. It is the first documented case of a large-scale Chinese attack on Israel.
Misc
Why Understanding Cybersecurity Is No Longer Optional For Businesses
Forbes
Janos Konetschni
Recently the White House issued an open letter calling on businesses to improve their cyber defenses in response to ransomware — and not a moment too soon. Ransomware has been getting worse for some time. A recent survey found that 51% of businesses in America were hit by ransomware in 2020, with an average ransom demand of $178,000. An estimated 25% of victims chose to pay the ransom. As bad as it is, it’s poised to get worse.
All Social Networks Look The Same Now
The Information
@kyurieff
Our latest chart shows how many features social media networks have in common, ranging from livestreaming to TikTok competitors and shopping.
Quantum computing: How BMW is getting ready for the next technology revolution
ZDNet
@daphneleprince
Quantum computing may still be at an early stage, but BMW has been quietly ramping up plans for the moment when it reaches maturity.
Research
How open-source software shapes AI policy
Brookings
@AlexCEngler
Open-source software quietly affects nearly every issue in AI policy, but it is largely absent from discussions around AI policy—policymakers need to more actively consider OSS’s role in AI.
Jobs
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.