Dalai Lama advisors targeted by Indian Government | US-Asia digital pact held up by internal US officials skirmish | Chinese hackers stole Mekong data From Cambodian Foreign Ministry
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The phone numbers of a top ring of advisers around the Dalai Lama are believed to have been selected as those of people of interest by government clients of NSO Group. Analysis strongly indicates that the Indian government was selecting the potential targets. The Guardian
A skirmish between national security and trade officials in the Biden administration is hindering efforts to forge a digital-services pact with Asian countries, according to people involved in the talks. The Wall Street Journal
Buried in a long U.S. indictment accusing China of a global cyberespionage campaign was a curious detail: Among the governments targeted by Chinese hackers was Cambodia, one of Beijing's most loyal Asian allies. The target of the hack, which two sources with knowledge of the indictment said was Cambodia's foreign ministry, was also revealing - discussions between China and Cambodia over the use of the Mekong River, a new battleground for U.S. and Chinese influence in Southeast Asia. U.S. News
ASPI ICPC
The U.S.-China Data Fight Is Only Getting Started
Foreign Policy
@He_Shumei
The Trump administration’s efforts to ban TikTok made headlines in 2020—but the focus was on the wrong place. Discussion centered around whether the Chinese government could apply pressure on TikTok to censure or influence content in the United States. But the biggest worry should have been how TikTok’s data could be fed back into the data ecosystem being built by the Chinese government. For the Chinese government, the global data it seeks can be harvested from multiple source types and through various means. An obvious source is malicious cyber intrusions—like the January Microsoft Exchange hack allegedly perpetrated by Chinese security agencies. But data can also be sourced from less visible and far more normalized means of data collection, which leverage legitimate downstream data access through digital supply chains..The onus shouldn’t just fall on governments alone. As I’ve argued in “Mapping China’s Tech Giants: Supply chains & the global data collection ecosystem,” organizations must know and assess the value of their data. They must also determine the value of that data to any potential party in their supply chain that may have access to it or that might be granted access. Risk needs to be understood in a way that keeps up with the current threat landscape, in which otherwise innocuous data can be aggregated to carry meaning that can undermine a society or individuals.
Read our new report Mapping China's Tech Giants: Supply chains & the global data collection ecosystem
World
Dalai Lama’s inner circle listed in Pegasus project data
The Guardian
@safimichael
The phone numbers of a top ring of advisers around the Dalai Lama are believed to have been selected as those of people of interest by government clients of NSO Group. Analysis strongly indicates that the Indian government was selecting the potential targets.
‘If You’re Not A Criminal, Don’t Be Afraid’—NSO CEO On ‘Insane’ Hacking Allegations Facing $1 Billion Spyware Business
Forbes
@iblametom
Shalev Hulio, 39, is the CEO and cofounder of NSO Group, one of Israel's most successful cybersurveillance companies valued at over $1 billion, and the man ultimately responsible for smartphone hacks of high-profile journalists and world leaders, according to allegations made this week. Hulio was in good spirits as he attacked the research that underpinned the so-called Pegasus Project, a coalition of nonprofit and media organizations trying to shine a light on NSO’s operations.
Voice clone of Anthony Bourdain prompts synthetic media ethics questions
Tech Policy Press
@justinhendrix
A New Yorker review of “Roadrunner,” a documentary about the deceased celebrity chef Anthony Bourdain by the Oscar-winning filmmaker Morgan Neville, reveals that a peculiar method was used to create a voice over of an email written by Bourdain. In addition to using clips of Bourdain’s voice from various media appearances, the filmmaker says he had an “A.I. model” of Bourdain’s voice created in order to complete the effect of Bourdain ‘reading’ from his own email in the film. “If you watch the film, other than that line you mentioned, you probably don’t know what the other lines are that were spoken by the A.I., and you’re not going to know,” Neville told the reviewer, Helen Rosner. “We can have a documentary-ethics panel about it later.”
Australia
Australia wants to buy Digicel Pacific to block Chinese influence, but are they really interested?
The Australian
@CameronEngland
Australia and Telstra could be entangled in a fake bidding war for regional telco Digicel Pacific, whose strategic importance to China might be being overstated, a strategic expert has warned.
Australian taxpayers could help buy Pacific arm of telecommunications giant Digicel to stop China from nabbing it first
ABC News
@andrewprobyn
What business does the Australian taxpayer have in buying a telecommunications service from an Irish billionaire in the Pacific? A lot, it turns out. Not that anyone really wants to talk about it — at least until the deal's inked. But it's all about China and making sure that Beijing doesn't get its mitts on a key strategic asset.
Archives at risk of cyber attack, security expert warns
The Sydney Morning Herald
@katinacurtis @swrighteconomy
A cybersecurity expert warns Australia’s enemies could take advantage of the National Archives’ less-secure technology to gain access to some of our most sensitive government documents and potentially change or delete records.
Pulling the drawbridge can’t save us from health or cyber pandemics
The Australian Financial Review
@lesleyseebeck
Investigations into the Pegasus spyware show how some governments are using technology to reach into the lives of individuals, while statements by allied governments against Chinese hacking – just as China sends ships to monitor defence exercises in Queensland – illustrate an increasingly heated geopolitical environment.
Govt releases highly redacted COVIDSafe report
Innovation Aus
@denhamsadler
The federal government has been forced to release a report on the effectiveness of its controversial contact tracing app COVIDSafe, but has removed all parts relating to this and left only basic information and positive comments.
China
China weighing unprecedented penalty for Didi after US IPO
Bloomberg
@business
Chinese regulators are considering serious, perhaps unprecedented, penalties for Didi Global after its controversial initial public offering last month, according to people familiar with the matter.
Read our new report Mapping China's Tech Giants: Supply chains & the global data collection ecosystem
Chinese hacking group APT31 uses mesh of home routers to disguise attacks
The Record
@campuscodi
A Chinese cyber-espionage group known as APT31 (or Zirconium) has been seen hijacking home routers to form a proxy mesh around its server infrastructure in order to relay and disguise the origins of their attacks.
Chinese web users are writing a new playbook for disaster response
Protocol
@shenlulushen
Severe floods caused by torrential rains in Central China's Henan province have killed dozens and displaced tens of thousands of residents since last weekend. In parallel with local and central governments' disaster relief and rescue efforts, Chinese web users have organized online, using technology in novel ways to mitigate risks and rescue those who were trapped in subway cars and neighborhoods submerged in floodwaters.
USA
U.S.-Asia Digital Pact Held Up by Squabble Among Biden Officials
The Wall Street Journal
@bobdavis187
A skirmish between national security and trade officials in the Biden administration is hindering efforts to forge a digital-services pact with Asian countries, according to people involved in the talks.
U.S. Weighs Deploying Balloons To Provide Internet Access To Cubans During Crackdown
The Drive
@BrettTingley
In the aftermath of the Cuban government's response to protests throughout the country, the United States government is weighing what options it has for restoring communication services on the island nation. Internet service is currently suspended throughout Cuba, and some ham radio frequencies are even being jammed in Florida, preventing even rudimentary communications with the island.
The White House Responded to the Chinese Hacks of the Microsoft Exchange Servers This Week. Is It Enough?
Lawfare
@DAlperovitch Ian Ward
The Biden administration formally accused the Chinese government this week of carrying out the hacks of the Microsoft Exchange email server software, the details of which came to light in early March. In a joint statement with the European Union, NATO and several other U.S. allies, the White House placed blame for the hacks squarely on the shoulders of the contractors of China’s civilian intelligence agency, the Ministry of State Security (MSS), and accused the Chinese government of supporting “irresponsible and destabilizing behavior in cyberspace.” In conjunction with the White House’s statement, the Justice Department on July 19 unsealed criminal charges against four hackers working with the MSS, albeit for unrelated cyber intrusions.
Wikipedia Is Finally Asking Big Tech to Pay Up
WIRED
@noamcohen
The Big Four all lean on the encyclopedia at no cost. With the launch of Wikimedia Enterprise, the volunteer project will change that—and possibly itself too.
Biden’s China Policy Borrows From Trump and Adds Allies to Raise Pressure
The Wall Street Journal
@willmauldin @vmsalama
The Biden administration is raising the pressure on China, confronting it on cyberattacks and human rights and making tentative progress rallying allies to its side, while so far avoiding deep engagement with Beijing.
Facebook Just Blocked the #VaccinesKill Hashtag Two Years Too Late
GIZMODO
@briannap
At least two years after it would have been politically prudent to do so, Facebook moved to block content under the #VaccinesKill hashtag on Wednesday. Searches for posts that would have normally appeared under the hashtag now redirect to a “keeping our community safe” banner, alongside a message alerting users to the fact that “some content in those posts goes against our Community Standards.” According to CNN, #VaccinesKill was still functional as recently as last Saturday — a full 18 months after Covid-19 bore down upon the global community in earnest.
Havana Syndrome Task Force to Be Led by Veteran of Hunt for Bin Laden
The Wall Street Journal
@wstrobel
CIA Director William Burns has tapped a veteran of the agency’s hunt for Osama bin Laden to head a task force aimed at finding the cause of unexplained health incidents suffered by U.S. spies and diplomats around the world, current and former officials familiar with the matter said.
Biden’s vaccine misinformation road not taken
POLITICO
@Ali_Lev
President Joe Biden didn’t heed pleas from activists and congressional Democrats last year that he put a dedicated czar or task force in charge of countering falsehoods about Covid vaccines — despite warnings that conspiracy theories about public health were creating “tragic consequences.”
Anti-vaccine groups changing into 'dance parties' on Facebook to avoid detection
NCN News
@oneunderscore__ @BrandyZadrozny
Some anti-vaccination groups on Facebook are changing their names to euphemisms like “Dance Party” or “Dinner Party,” and using code words to fit those themes in order to skirt bans from Facebook, as the company attempts to crack down on misinformation about Covid-19 vaccines.
Mark in the Metaverse
THE VERGE
@CaseyNewton
As June came to an end, Facebook CEO Mark Zuckerberg told his employees about an ambitious new initiative. The future of the company would go far beyond its current project of building a set of connected social apps and some hardware to support them. Instead, he said, Facebook would strive to build a maximalist, interconnected set of experiences straight out of sci-fi — a world known as the metaverse.
Investigation: How TikTok's Algorithm Figures Out Your Deepest Desires
The Wall Street Journal
@WSJ
A Wall Street Journal investigation found that TikTok only needs one important piece of information to figure out what you want: the amount of time you linger over a piece of content. Every second you hesitate or rewatch, the app is tracking you. Photo illustration: Laura Kammermann/The Wall Street Journal
North Asia
Tokyo Olympic ticket purchaser information leaked online
Kyodo News
@kyodo_english
Login IDs and passwords of Tokyo Olympic ticket purchasers have been leaked on the internet, a government official said Wednesday, in the latest in a series of setbacks for the organizing committee.
Southeast Asia
Chinese Hackers Stole Mekong Data From Cambodian Foreign Ministry
U.S. News
@prakchanthul @jamespearson88
The target of the hack, which two sources with knowledge of the indictment said was Cambodia's foreign ministry, was also revealing: discussions between China and Cambodia over the use of the Mekong River, a new battleground for U.S. and Chinese influence in Southeast Asia.
South & Central Asia
Serdar Berdimuhamedov and Turkmenistan’s Digital Transformation
The Diplomat
Rustam Muhamedov
On February 12, 2021, Serdar Berdimuhamedov was given a number of top positions by his father, Turkmenistan’s President Gurbanguly Berdimuhamedov. The appointments ushered in the penultimate stage of a hereditary power transition that has been underway for several years now. Serdar was appointed the head of the Supreme Control Chamber, a member of the State Security Council, and more importantly the post of deputy chairman of the Cabinet of Ministers (Gurbanguly Berdimuhamedov is the chairman), responsible for the implementation of the country’s digitalization policy and integration of innovative technologies in the economy, public governance and social spheres.
UK
U.K. man arrested for July 2020 Twitter hack of Joe Biden and others
NBC News
@PeteWilliamsNBC
Police in Spain arrested a British man Wednesday on U.S. charges accusing him of hacking the Twitter accounts of several prominent Americans and a foreign leader last year.
UK should be concerned at Chinese gene data harvesting, lawmaker says
Reuters
@asmo17
Britain should be concerned about the harvesting of genetic data from millions of women by a Chinese company through prenatal tests, a senior British lawmaker told Reuters.
Read our report Genomic Surveillance: Inside China’s DNA Dragnet
The Government’s secrecy over cyber attacks leaves us vulnerable and deluded
The Telegraph
@ciaranmartinoxf
On Tuesday James Cleverly, a Foreign Office minister, answered MPs’ questions about the Chinese state’s hacking of some of Microsoft’s digital infrastructure. This followed a carefully coordinated statement by 39 countries, led by the US and the UK, calling out Beijing for this egregious attack which not only facilitated large-scale spying, but left thousands of US organisations vulnerable to further attack from criminals. Only a very sophisticated FBI operation removed the latter risk.
Actors Behind UK Misinformation Site The Daily Expose Revealed
Logically.
@whoisernie
A Logically investigation can reveal that Jonathan Allen-Walker of Scunthorpe, Lincolnshire is behind the conspiracy news site, The Daily Expose. The Daily Expose is a U.K.-focused conspiracy site created in November of last year, and since its establishment, it has promoted a standard portfolio of COVID-denialist, anti-vaxxer, and Great Reset myths framed as breaking news. It has grown to be extremely influential in the alt-news ecosystem, with its articles getting thousands of shares per day on Telegram, Twitter, and other private chat channels. Although the website is less than a year old, it has grown by more than 300,000 page views per month since January, with the last data available suggesting it had more than 1.5 million total cumulative views.
Europe
Dutch data protection authority fines TikTok over privacy
Daily Journal
@DailyJournalNet
The Netherlands’ Data Protection Authority said Thursday it has fined TikTok 750,000 euros ($885,000) for not offering a privacy statement in Dutch, saying many children who use the popular video sharing app would be unable to understand the information.
Russia
Why Is Russia Not Using Pegasus Spyware?
The Moscow Times
@AndreiSoldatov
Russia’s government bodies — the secret services — are known to actively spy on journalists, activists, and lawyers. The NSO Group said it only sold spyware to vetted government bodies, not to private actors. And the relationship between Israel and Russia has been sufficiently close for years. So why is the FSB, or any other Russian agency, not on the list of NSO clients?
Americas
Canada’s domestic spy agency said it countered foreign threats to 2019 election, document reveals
Toronto Star
@alexboutilier
Canada’s domestic intelligence agency said it intervened to counter perceived foreign threats to the 2019 federal election, a newly unearthed government document reveals. In August 2019, the Canadian Security Intelligence Service (CSIS) told then-public safety minister Ralph Goodale that the agency had used its broad “threat-reduction” powers “to reduce the threat posed by foreign interference activities to Canada’s democratic institutions and processes.”
Read our report Cyber-enabled foreign interference in elections and referendums
Middle East
‘Somebody has to do the dirty work’: NSO founders defend the spyware they built
The Washington Post
@lizzadwoskin @shira_rubin
CEO Shalev Hulio said he would ‘shut Pegasus down’ if there were a better alternative. In lengthy interviews, Hulio and co-founder Omri Lavie traced a journey launched from an Israeli kibbutz and said the company’s technology had saved lives.
Africa
Cyber attack disrupts major South African port operations
Reuters
@Zandi_S @TanishaHeiberg
South African state-owned logistics firm Transnet was hit by a suspected cyber attack, three sources with direct knowledge of the matter told Reuters on Thursday, affecting some of its container terminal operations.
Misc
Learning in the grey zone: how democracies can meet the authoritarian challenge
The Strategist
@matthew_sussex
Innovation by authoritarian nations in the ‘grey zone’ is becoming one of the most serious challenges facing contemporary democracies. It has long been recognised that future conflicts might be won before any shots are fired. But knowing that is cold comfort, because authoritarian states are continually evolving their capacity to develop and deploy offensive tools in their cyber-enabled, information and hybrid warfare arsenals.
Tech support scams adapt and persist in 2021, per new Microsoft research
Microsoft
Mary Jo Schrade
Each month, Microsoft receives about 6,500 complaints from people who’ve been victims of tech support scams, which is down from 13,000 reports in an average month in prior years. But it’s not just Microsoft’s brand that the scammers leverage; fraudsters have pretended to be from a number of other reputable tech companies and service providers. To measure the scope of this problem globally, Microsoft commissioned YouGov for a new 2021 survey across 16 countries to look at tech support scams and their impact on consumers
A Defunct Video Hosting Site Is Flooding Normal Websites With Hardcore Porn
Vice
@mjgault @jason_koebler
Hardcore porn is embedded all over regular-ass websites because a porn company has purchased the domain of a popular, defunct video hosting site. As pointed out by Twitter user @dox_gay, hardcore porn is now embedded on the pages of the Huffington Post, New York magazine, The Washington Post, and a host of other websites. This is because a porn site called 5 Star Porn HD bought the domain for Vidme, a brief YouTube competitor founded in 2014 and shuttered in 2017. Its Twitter account is still up, but the domain lapsed.
Cyber-attacks: what is hybrid warfare and why is it such a threat?
The Conversation
@eilbiz Christian Kaunert
Washington and Moscow are engaged in a war of words over a spate of ransomware attacks against organisations and businesses in the US and other countries. These increasingly sophisticated cyber-attacks represent a new type of warfare aimed at disorganising and even destroying a nation’s economy.
Research
The Huawei Moment
For the first time, a Chinese company—Huawei—is set to lead the global transition from one key national security infrastructure technology to the next. How did Washington, at the beginning of the twenty-first century, fail to protect U.S. firms in this strategic technology and allow a geopolitical competitor to take a leadership position in a national security relevant critical infrastructure such as telecommunications? This policy brief highlights the characteristics of 5G development that China leveraged, exploited, and supported to take the lead in this key technology. The Huawei case study is in some ways the canary in the coal mine for emerging technologies and an illustration of what can happen to U.S. competitiveness when China’s companies do not have to base decisions on market forces.
Events & Podcasts
ASPI Webinar: In-Conversation with Marietje Schaake
ASPI ICPC
SPI's International Cyber Policy Centre is delighted to invite you to an in-conversation with Marietje Schaake, President of the Cyber Peace Institute, the International Policy Director at Stanford's Cyber Policy Center and International Policy Fellow at Stanford’s Institute for Human-Centered Artificial Intelligence. Join Fergus Hanson for an online ‘fireside chat’ with Marietje focusing on technology, democracy and the question of accountability. They will discuss how democracies can cooperate amidst rising authoritarianism and the privatised governance of technologies. They will also consider the rule of law and how it relates to the oversight of existing and emerging technologies. 27 July 2021 5:00 pm - 6:00 pm
Digital Politics in the Asia Pacific Seminar Series
ANU Coral Bell School of Asia Pacific Affairs
The role of technology in political and social movements like the Arab Spring is widely considered by scholars to be important, but not revolutionary. But significant political upheaval in Asia is powered by highly online protest communities operating in media environments unique to our region. Does tech power protest differently in Asia? Join the second seminar in the Digital Politics in the Asia Pacific series to find out. 4 August 2021 11:00 AM – 12:30 PM
Reacting to Chinese Cyberattacks
The New York Times
@mikiebarb
The Biden administration has tried to orchestrate a muscular and coordinated response with Western allies. But while the SolarWinds attack prompted Washington to impose economic sanctions on Moscow, with Beijing, the approach is more complicated.
Jobs
ICPC Senior Analyst or Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre has an outstanding opportunity for a talented and proactive senior analyst or analyst to join its centre. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by state and non-state actors. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.
Director of Research
Data & Society Research Institute
The Director of Research (DoR) at Data & Society is a senior scholar with a commitment to empirical, multidisciplinary, and intersectional research to advance scholarship on the social and cultural implications of data-centric and automated technologies. The DoR is a rotational role, designed for a tenured academic with an interest in leading Data & Society’s public scholarship. They will bring their own disciplinary and topical expertise to the team while developing and supporting research across a range of themes, disciplines, methods, epistemic frames, and topics. The DoR is both an accomplished scholar in their own right, a dedicated academic mentor, and an administrator capable of, and committed to leading a research enterprise consistent with Data & Society’s collective organizational development.
Deputy Director, Digital Investigations Lab
Human Rights Watch
HRW is seeking an experienced, innovative and strategic Deputy Director to lead our Digital Investigations Lab, which deploys non-qualitative research methodologies, such as data analysis, remote sensing and open source techniques, to our human rights investigations. The position will oversee an experienced, multi-disciplinary team, and reports to the director of the Technology and Human Rights division. The person will be based in a location where HRW has a larger office, such as Beirut, Berlin, Brussels, Geneva, London, Nairobi, New York, San Francisco, or Washington D.C.