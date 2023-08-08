Good morning. It's Wednesday 9th August.

The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.



Have feedback? Let us know at icpc@aspi.org.au.

Follow us on Twitter and on LinkedIn.

The UK's elections watchdog has revealed it has been the victim of a "complex cyber-attack" potentially affecting millions of voters. The Electoral Commission said unspecified "hostile actors" had managed to gain access to copies of the electoral registers, from August 2021. Hackers also broke into its emails and "control systems" but the attack was not discovered until October last year. BBC

Hackers affiliated with China’s Ministry of State Security targeted a range of government, telecommunications and research organizations across at least 17 countries since 2021, according to a new report. Researchers from Recorded Future’s Insikt Group have spent months tracking RedHotel – a state-sponsored hacking group using a range of malware in espionage campaigns against countries across Southeast Asia and other regions. The Record by Recorded Future

Cybersecurity researchers at Cisco Talos have discovered a new ransomware gang operating out of Vietnam, the latest addition to an increasingly crowded cybercriminal landscape in Southeast Asia. Targeting victims in English-speaking countries, as well as Bulgaria, China, and Vietnam, the gang uses a Yashma ransomware variant that downloads a ransomware note from an account dubbed “nguyenvietphat” on the code sharing platform Github, evading some endpoint detection and antivirus software, Cisco’s report finds. CyberScoop

ASPI

TikTok starting up Australian technology lab following security risk concerns

ABC News

Julian Fell

TikTok has started a massive recruitment drive in Australia amidst concerns that the company poses “serious espionage and data security risks". The China-based social media giant is currently advertising 47 positions across engineering, cybersecurity and data analysis for their inner-city Sydney office. Fergus Ryan, senior analyst at the International Cyber Policy Centre, said that as long as engineers in China can access Australian's data, it is "at risk of being accessed and used by PRC [People's Republic of China] intelligence services".

World

Chinese hackers targeted at least 17 countries across Asia, Europe and North America

The Record by Recorded Future

Jonathan Greig

Hackers affiliated with China’s Ministry of State Security targeted a range of government, telecommunications and research organizations across at least 17 countries since 2021, according to a new report. Researchers from Recorded Future’s Insikt Group have spent months tracking RedHotel – a state-sponsored hacking group using a range of malware in espionage campaigns against countries across Southeast Asia and other regions. The Record is an editorially-independent unit of Recorded Future.

Australia

US help to end tech worker shortages

The Australian

Geoff Chambers

Tech giants say Australia will fall further behind global competitors in the hunt for skilled workers, investment and new technologies unless more is done to boost collaboration and partnerships with US companies to drive workforce and economic growth. A report released by Accenture, the Tech Council of Australia, Microsoft and LinkedIn on Wednesday reveals that 102,000 Australians are currently employed by US tech firms, including one-in-five tech graduates.

Australians uncomfortable with government using AI: Office of the Australian Information Commissioner survey

The Canberra Times

Miriam Webber

Just one in five Australians are comfortable with the government using their personal data to feed artificial intelligence, which could then make decisions impacting them, a new survey from the Office of the Australian Information Commissioner has found.

Rebooting Australia’s defence industry policy: defining the problem

The Strategist

Roland Stephens

In the US, the ‘Washington consensus’ of fiscal stringency, deregulation, trade liberalisation and disdain for industry support is dead. It was killed by a new politics capitalising on the anger of a hollowed-out middle class, and now bipartisan agreement that China is eating America’s strategic and economic lunch. Replacing it is a maximalist industry policy that subsidises technology development, champions the onshoring of industrial capability and jobs, and reserves national technological endowments to the US and its allies.

China

China drafts rules for facial-recognition use

The Wall Street Journal

Karen Hao and Liza Lin

China released draft rules on Tuesday to curb uses of facial recognition, taking a step to limit the expansion of a polarizing technology while leaving large carve outs for national-security-related uses.

China’s AI players from Alibaba to state-run institute rush to open source their models in race for global influence

South China Morning Post

Ben Jiang

China’s Big Tech firms, start-ups and institutions are rushing to share with the rest of the world their large language models – the software that underpins chatbots like ChatGPT – as they race to acquire global users amid a competition over artificial intelligence supremacy.

USA

DHS used Clearview AI facial recognition in thousands of child exploitation cold cases

Forbes

Thomas Brewster

In early July, U.K. police contacted the DHS Homeland Security Investigations unit about a sexually explicit video involving a man and an infant that the British investigators believed was made in America. In an effort to identify both the adult and the child, HSI ran the pair’s faces through an undisclosed facial recognition tool that scanned a mass database of images scraped from the web and social media. It found a match: Scott Barker, a college sports coordinator in Ashland, Missouri, according to a search warrant reviewed by Forbes. The Barker investigation provides a rare insight into how HSI is using facial recognition tools like Clearview AI to quickly chase down new child exploitation leads. But HSI is also using this type of technology in an unprecedented three-week operation to solve years-old crimes that’s led to hundreds of identifications of children and abusers, according to Jim Cole, who spent over two decades on fighting crimes against minors for the HSI and who pushed the initiative before retiring earlier this year.

White House holds first-ever summit on the ransomware crisis plaguing the nation’s public schools

Associated Press

Frank Bajak

The White House on Tuesday held its first-ever cybersecurity “summit” on the ransomware attacks plaguing U.S. schools, in which criminal hackers have dumped online sensitive student data, including medical records, psychiatric evaluations and even sexual assault reports. “If we want to safeguard our children’s futures we must protect their personal data,” first lady Jill Biden, who is a teacher, told the gathering. “Every student deserves the opportunity to see a school counselor when they’re struggling and not worry that these conversations will be shared with the world.”

China's plan to rule the world's smart devices, FCC urged to act

Newsweek

Shaun Waterman and Didi Kirsten Tatlow

When police, firefighters and other first responders across the U.S. rush to emergencies, they rely on special devices to avoid overwhelmed public networks. Chinese spies could be listening in. Chinese-made components in devices certified for use on the federally managed FirstNet public safety network are designed to be able to send information back to servers in China and it's not clear how effective the security measures to prevent that are, according to engineers and industry sources with knowledge of the equipment who spoke to Newsweek. The components, or cellular connectivity modules, are generally used to connect objects, whether cars or medical equipment, to the internet.

Machines won't make decisions on their own, says Pentagon AI chief

CNN

In a television exclusive the U.S. Defense Department Chief Digital & AI Officer Craig Martell explains how it's integrating artificial intelligence, and why there will always be human oversight.

Georgia Republicans eyeing legislation requiring parents’ permission for kids’ social media accounts

The Hill

Olafimihan Oshin

A duo of Georgia Republicans have announced a legislative push to require children to have their parents’ permission to use certain social media accounts. In a news conference on Monday, Georgia Lt. Gov. Burt Jones and state Senate Majority Caucus Chair Senator Jason Anavitarte said they plan to introduce the bill during the state’s 2024 legislative session.

US tech groups back TikTok in challenge to Montana state ban

Reuters

David Shepardson

Two tech groups on Monday backed TikTok in its lawsuit seeking to block enforcement of a Montana state ban on use of the short video sharing app before it takes effect on Jan. 1. NetChoice, a national trade association that includes major tech platforms, and Chamber of Progress, a tech-industry coalition, said in a joint court filing that "Montana's effort to cut Montanans off from the global network of TikTok users ignores and undermines the structure, design, and purpose of the internet."

North Asia

Japan says cannot confirm leakage after report says China hacked defence networks

Reuters

Mariko Katsumura

Japan cannot confirm if any security information has been leaked, the top government spokesperson said on Tuesday when asked about a Washington Post report on Chinese hacking into its defence cyber networks. Chinese military hackers gained access to a classified defence network in Japan beginning in 2020, accessing information about the U.S. ally's military capabilities, plans and assessments of shortcomings, the Washington Post reported on Monday, citing senior officials.

Southeast Asia

New ransomware gang emerges in Vietnam

CyberScoop

Christian Vasquez

Cybersecurity researchers at Cisco Talos have discovered a new ransomware gang operating out of Vietnam, the latest addition to an increasingly crowded cybercriminal landscape in Southeast Asia. Targeting victims in English-speaking countries, as well as Bulgaria, China, and Vietnam, the gang uses a Yashma ransomware variant that downloads a ransomware note from an account dubbed “nguyenvietphat” on the code sharing platform Github, evading some endpoint detection and antivirus software, Cisco’s report finds.

South & Central Asia

The exclusive network behind India’s global tech success

Rest of World

Varsha Bansal

IIT Bombay, in Mumbai, is one of India’s most prestigious higher education institutes. It’s one of the five original IIT engineering schools established in the 1950s and ’60s as the Indian government’s attempt to emulate the success of the United States’ Massachusetts Institute of Technology. Major expansions since 2008 have grown the system to 23 schools in total. Becoming an IIT one-percenter is often a ticket to tech success. Many big names in India’s startup scene are IIT alums. Of the country’s 108 unicorns, 68 were founded by at least one IIT graduate, according to data from analytics firm Tracxn.

Ukraine - Russia

Ukraine says it thwarted attempt to breach military tablets

The Record by Recorded Future

Daryna Antoniuk

Ukrainian security services said they prevented an attempt by Russian state-controlled hackers to break into the battlefield management system used by the Ukrainian military. According to a technical report published on Tuesday, Russian hackers attempted to infect Ukrainian military networks with at least seven variants of new custom malware.

Europe

Polish Health Minister resigns amid outcry over data breach

Bloomberg

Piotr Bujnicki

Polish Health Minister Adam Niedzielski quit after he disclosed the sensitive medical data of a doctor, sparking a public outcry and calls for his resignation two months before a tightly contested parliamentary election. Last week, Niedzielski published a post in social media detailing the type of drugs a doctor prescribed to himself after the physician had spoken about problems with issuing digital prescriptions for patients.

Norway to fine Meta $98,500 a day over user privacy breach from 14 August

The Guardian

Facebook owner Meta Platforms will be fined 1m krone ($98,500) a day over privacy breaches from 14 August, Norway’s data protection authority told Reuters on Monday, a decision that could have wider European implications. The regulator, Datatilsynet, had said on 17 July that the company would be fined if it did not address privacy breaches the regulator had identified.

Taiwan’s TSMC to build first European chip plant in Germany

The Wall Street Journal

Yang Jie and Bertrand Benoit

Taiwan Semiconductor Manufacturing Co. will build its first European chip factory with support from the German government, the latest move to make the continent less dependent on high-tech imports out of Asia. TSMC said it had approved a $3.8 billion investment in the factory in Germany, with total investments in the plant expected to exceed 10 billion euros, equivalent to $11 billion, including government support.

UK

Cyber-attack on UK's electoral registers revealed

BBC

Paul Seddon

The UK's elections watchdog has revealed it has been the victim of a "complex cyber-attack" potentially affecting millions of voters. The Electoral Commission said unspecified "hostile actors" had managed to gain access to copies of the electoral registers, from August 2021. Hackers also broke into its emails and "control systems" but the attack was not discovered until October last year.

Snapchat under scrutiny from UK watchdog over underage users - sources

Reuters

Martin Coulter

Britain's data regulator is gathering information on Snapchat to establish whether the U.S. instant messaging app is doing enough to remove underage users from its platform, two people familiar with the matter said. Reuters reported exclusively in March that Snapchat owner Snap Inc had only removed a few dozen children aged under-13 from its platform in Britain last year, while UK media regulator Ofcom estimates it has thousands of underage users.

Big Tech

X Corp accuses climate group of helping anti-hate researchers target Twitter

The Guardian

Dan Milmo and Hibaq Farah

Elon Musk’s X Corp has accused the European Climate Foundation of helping an anti-hate speech campaign group conduct research against its rebranded Twitter platform. The claim was made in a blogpost on Monday that alleged the ECF had given the Center for Countering Digital Hate access to Brandwatch, a software tool that allows organisations to monitor posts on Twitter, which Musk last month renamed X.

Artificial Intelligence

Pope warns against potential dangers of artificial intelligence

Reuters

Federico Maccioni

Pope Francis on Tuesday called for a global reflection on the potential dangers of artificial intelligence, noting the new technology's "disruptive possibilities and ambivalent effects." Francis, who is 86 and said in the past he does not know how to use a computer, issued the warning in a message for the next World Day of Peace of the Catholic Church, falling on New Year's Day.

AI language models are rife with different political biases

MIT Technology Review

Melissa Heikkilä

Should companies have social responsibilities? Or do they exist only to deliver profit to their shareholders? If you ask an AI you might get wildly different answers depending on which one you ask. While OpenAI’s older GPT-2 and GPT-3 Ada models would advance the former statement, GPT-3 Da Vinci, the company’s more capable model, would agree with the latter. That’s because AI language models contain different political biases, according to new research from the University of Washington, Carnegie Mellon University, and Xi’an Jiaotong University. Researchers conducted tests on 14 large language models and found that OpenAI’s ChatGPT and GPT-4 were the most left-wing libertarian, while Meta’s LLaMA was the most right-wing authoritarian.

What can you do when A.I. lies about you?

The New York Times

Tiffany Hsu

Artificial intelligence’s struggles with accuracy are now well documented. The list of falsehoods and fabrications produced by the technology includes fake legal decisions that disrupted a court case, a pseudo-historical image of a 20-foot-tall monster standing next to two humans, even sham scientific papers. In its first public demonstration, Google’s Bard chatbot flubbed a question about the James Webb Space Telescope. The harm is often minimal, involving easily disproved hallucinatory hiccups. Sometimes, however, the technology creates and spreads fiction about specific people that threatens their reputations and leaves them with few options for protection or recourse. Many of the companies behind the technology have made changes in recent months to improve the accuracy of artificial intelligence, but some of the problems persist.

Meet the brains behind the malware-friendly AI chat service ‘WormGPT’

Krebs on Security

Chris Krebs

WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence to help write malicious software without all the pesky prohibitions on such activity enforced by the likes of ChatGPT and Google Bard, has started adding restrictions of its own on how the service can be used. Faced with customers trying to use WormGPT to create ransomware and phishing scams, the 23-year-old Portuguese programmer who created the project now says his service is slowly morphing into “a more controlled environment.”

Misc

Crypto’s next craze? Orbs that scan your eyeballs.

The New York Times

David Yaffe-Bellany

Every Worldcoin orb contains a camera designed to record images of a person’s irises. The orbs convert those scans into bits of numerical code, which are supposed to serve as a new type of digital ID. In the short term, Tools for Humanity plans to generate revenue by offering its iris-based system as an alternative to security technologies like CAPTCHA, the photographic test that is used to sort humans from spam accounts.

Cyber conflict in international relations: A policymaker’s perspective

Atlantic Council

Simon Handler

In last month’s edition of the 5×5, we featured a group of leading scholars to share their views on cyber conflict in international relations. Contributors discussed the important interplay between the scholarly community and the policymaking sphere, as scholarly debate over cyber conflict’s place in international relations has driven seminal government strategies. For instance, key underpinnings of US Cyber Command’s 2018 decision to shift its strategy away from a deterrence-based approach and toward the concepts of Defend Forward and Persistent Engagement—which has improved effectiveness since—can be traced back to a series of scholarly articles embodied in a recent book by Michael Fischerkeller, Emily Goldman, and Richard Harknett. This time around, we brought together a group of distinguished individuals with past and present cyber policy experience across a range of government organizations to share their perspective on the topic. They address cyber conflict’s fundamental place in international relations, some of their recommended readings for aspiring policymakers, disconnects between scholars and policymakers, and ideas for how both communities can more effectively engage one another.

Events & Podcasts

Share

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.