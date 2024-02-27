Good morning. It's Wednesday 28th February.

The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.

Follow us on Twitter and on LinkedIn.

A vital subsea cable linking Europe to India, managed by Seacom Ltd., has suffered damage off the coast of Yemen. The telecommunications carrier faces the challenge of repairing the cable in a war-torn region. Chief Digital Officer Prenesh Padayachee stated that the fault, detected on Saturday, likely lies in waters targeted by Iran-backed Houthi fighters. Bloomberg

The Supreme Court questioned laws in Florida and Texas restricting social media platforms' editorial control. The outcome, expected by June, holds profound implications for the First Amendment's relevance in the digital era. The New York Times

OpenAI has taken legal action in federal court to request the dismissal of certain aspects of a lawsuit initiated by The New York Times Company. The Times alleges copyright infringement against OpenAI and Microsoft, claiming the unauthorized use of millions of its articles to train A.I. models, including ChatGPT. The New York Times

World

Damaged subsea cable in Red Sea highlights telecom vulnerability

Bloomberg

Olivia Solon

A subsea cable off the coast of Yemen that connects Europe to India has been damaged, and the telecommunications carrier that owns it must now figure out how to make underwater repairs in a war zone. Seacom Ltd., the South African company that controls the cable, detected a fault on Saturday, Chief Digital Officer Prenesh Padayachee said in an interview with Bloomberg on Monday. He estimated the problem is in waters about 150 meters (492 feet) to 170 meters deep in an area where Iran-backed Houthi fighters have been targeting ships with drones and missiles. The incident highlights how vulnerable critical subsea infrastructure can be, particularly in shallow waters with lots of cables.

Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments

CyberScoop

AJ Vicens

Longstanding cyberespionage and data collection units tied to Russia’s Foreign Intelligence Service (SVR) are evolving their techniques to gain access to cloud environments, the British, U.S. and partner governments said in an advisory Monday. The advisory — issued by the U.K.’s National Cyber Security Centre and co-signed by a range of counterpart agencies in the U.S., Australia, Canada and New Zealand — details the evolving tactics, techniques and procedures that SVR hacking operations, tracked widely under the “APT29” and “Cozy Bear” monikers, are employing to penetrate the increasing number of cloud environments used by both private and public organizations.

China

Leaked hacking documents show China’s focus on tracking ethnic minorities

The Wall Street Journal

Liza Lin

A man living in New York got a call in 2020 from police in the southern Chinese city of Shenzhen, who wanted to know if he knew anything about an account on Twitter, the social media site now known as X. The man had immigrated to the U.S. after being born in China’s western region of Xinjiang, where the ethnic minority Uyghurs and other groups have faced mass detentions and other rights abuses. After arriving in the U.S., he began speaking out about the plight faced by Uyghurs. He didn’t know at the time he got the call that he had been targeted for a hack. A trove of documents that were purportedly leaked from a cybersecurity firm in China this month includes a chat log dated March 2020—weeks before he got the call—in which a representative of the company discusses digging up information on a number of people behind social-media accounts.

China to increase protections against hacking for key industries

Reuters

China's ministry of industry and information technology (MIIT) unveiled a plan on Monday that aims to improve data security in China's industrial sector and effectively contain "major risks" by the end of 2026. The plan comes at a time when China and the United States both frequently accuse each other of cyberattacks and industrial espionage.

USA

Supreme Court seems wary of state laws regulating social media platforms

The New York Times

Adam Liptak

The Supreme Court seemed skeptical on Monday of laws in Florida and Texas that bar major social media companies from making editorial judgments about which messages to allow. The laws were enacted in an effort to shield conservative voices on the sites, but a decision by the court, expected by June, will almost certainly be its most important statement on the scope of the First Amendment in the internet era, with broad political and economic implications.

Social media cases head to SCOTUS — but conservatives may have already won

POLITICO

Rebecca Kern

Big Tech platforms and their Republican critics are bracing for a faceoff in the Supreme Court on Monday over the policing of online speech. But in the real-world argument over who gets to post their views on social media, conservatives have largely won. The two cases in front of the court have their roots in the post-Jan. 6 banning of Donald Trump from multiple social media platforms. When the then-president was kicked off for violating policies against incitement to violence, state lawmakers in Florida and Texas jumped in. They passed laws later in 2021 to tie the hands of tech companies and force them to keep all views online, and not deplatform political candidates.

Sen. Warner: U.S. is less prepared to secure the 2024 election than 2020

CyberScoop

Christian Vasquez

The U.S. is less prepared to mitigate misinformation ahead of the 2024 election than it was during the 2020 cycle, the chair of the Senate Select Committee on Intelligence said Tuesday. Citing the expected deluge of misinformation powered by artificial intelligence and some “cautious” choices by Biden administration lawyers, Sen. Mark Warner, D-Va., said he is concerned that this election cycle — which includes more than half of the global population — will face more threats than the last presidential election.

US judge halts government effort to monitor crypto mining energy use

The Guardian

Oliver Milman

The US government has suspended its effort to survey cryptocurrency mining operations over their ballooning energy use following a lawsuit from an industry that has been accused by environmental groups of fueling the climate crisis. A federal judge in Texas has granted a temporary order blocking the new requirements that would ascertain the energy use of the crypto miners, stating that the industry had shown it would suffer “irreparable injury” if it was made to comply.

US blacklists Sandvine for censorship, web monitoring abroad

Bloomberg

Ryan Gallagher

The US Commerce Department is adding computer networking company Sandvine Inc. to a blacklist that will effectively ban it from obtaining US technology, according to a government disclosure. The Commerce Department’s Bureau of Industry and Security made the determination to add Sandvine to its “Entity List” on the basis that the company had supplied equipment to the government of Egypt. Sandvine’s technology enabled “mass web-monitoring and censorship to block news as well as target political actors and human rights activists,” according to a notice made available Monday in the Federal Register. Such activities were “contrary to the national security and foreign policy interests of the United States,” the notice added.

How the Pentagon learned to use targeted ads to find its targets—and Vladimir Putin

WIRED

Byron Tau

In 2019, A government contractor and technologist named Mike Yeagley began making the rounds in Washington, DC. He had a blunt warning for anyone in the country’s national security establishment who would listen: The US government had a Grindr problem. In its 10 years of operation, Grindr had amassed millions of users and become a central cog in gay culture around the globe. But to Yeagley, Grindr was something else: one of the tens of thousands of carelessly designed mobile phone apps that leaked massive amounts of data into the opaque world of online advertisers.

Updated NIST cybersecurity framework adds core function, focuses on supply chain risk management

CyberScoop

Caroline Hill

Adecade after releasing its landmark national cybersecurity framework, the National Institute of Standards and Technology on Monday released version 2.0, an updated document that emphasizes governance and supply chain issues for both public and private sector entities. The new guidance, which outlines “high-level cybersecurity outcomes that can be used by any organization … to better understand, assess, prioritize and communicate its cybersecurity efforts,” adds a sixth core function — “govern” — to the previously stated pillars: “identify,” “protect,” “detect,” “respond,” and “recover.”

DOE announces $45 million investment for cybersecurity research

CyberScoop

Christian Vasquez

The Department of Energy on Monday announced a $45 million investment into cybersecurity research for the energy sector, including projects on artificial intelligence detection and response and quantum communication for the grid. DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will fund 16 projects with organizations headquartered in six states, covering six topics that are largely aimed at reducing cyber risks and improving the resilience of the electricity, oil, and natural gas sectors.

Southeast Asia

Japan eyes new security clearances to aid overseas tech cooperation

Nikkei Asia

Yuki Fujita

Japan's cabinet on Tuesday backed the creation of a new security clearance system for people who handle confidential information related to economic security, moving the country in line with international standards and easing cross-border cooperation in critical fields like advanced chips. "The purpose is to strengthen information security and expand international business opportunities for Japanese companies," Economic Security Minister Sanae Takaichi said at a press conference. The government and ruling parties aim to pass related legislation in the current session of the Diet.

Europe

France advances quantum technology export controls under new EU regulation framework

The Quantum Insider

Matt Swayne

France enacted a comprehensive national control list, directly responding to the emerging disruptive potential — both constructive and destructive — of quantum computing, along with associated disruptive technologies in both civilian and military realms, according to recent information from the French government and computer translated into English.

Steel giant ThyssenKrupp confirms cyberattack on automotive division

Bleeping Computer

Bill Toulas

Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort. ThyssenKrupp AG is one of the world's largest steel producers, employing over 100,000 personnel and having an annual revenue of over $44.4 billion (2022).

NZ & Pacific Islands

New Zealanders call for stronger cybersecurity breach penalties, survey finds

Insurance Business America

Roxanne Libatique

A recent survey has revealed that a majority of New Zealanders want stricter penalties for companies suffering cybersecurity breaches. The research, orchestrated by Anthem alongside Talbot Mills Research, involved feedback from over 1,000 participants to understand public sentiment regarding corporate accountability in the wake of cyber incidents. The survey's results pointed to a clear demand for more stringent actions against cyber threats, with a significant portion of respondents signalling that the current maximum fine of $10,000 for cybersecurity breaches in New Zealand is too lenient.

How a man faked Kiribati government's X account

ABC News

News Radio

On social media, a user account which called itself 'The Official Account for the Republic of Kiribati' has gone viral in recent weeks. Starting with fairly normal posts, @KiribatiGov gathered half a million likes after it told one social media user that they weren't invited to visit, after the user made fun of the fact that Kiribati has a city called Banana.

Big Tech

Microsoft’s Mistral AI investment to be examined by EU watchdog

Bloomberg

Samuel Stolton

Microsoft Corp.’s Mistral AI investment is set to be analyzed by the European Union’s competition watchdog at the same time that its deep ties to OpenAI Inc come under regulatory scrutiny. Mistral announced a “strategic partnership” with Microsoft on Monday that includes making the startup’s latest artificial intelligence models available to customers of Microsoft’s Azure cloud. Microsoft said the investment amounted to €15 million ($16.3 million.)

Google Mired in controversy over AI chatbot push

The Wall Street Journal

Miles Kruppa

Google’s artificial-intelligence push is turning into a reputational headache. Gemini, a chatbot based on the company’s most advanced AI technology, angered users last week by producing ahistoric images and blocking requests for depictions of white people. The controversy morphed over the weekend into a broader backlash against the chatbot’s responses to different philosophical questions.

EU seeks to investigate Apple over cutting off web apps

Financial Times

Javier Espinoza

The EU has taken the first steps towards a formal investigation into Apple, over a decision to cut off access to some applications that bypass its app store as Brussels steps up scrutiny over the iPhone-maker’s business. The bloc’s competition regulators sent questions to developers last week seeking to determine the impact of Apple’s decision to disable so-called “progressive web apps” in the EU, in a move seen as a precursor towards an in-depth probe.

Apple adds PQ3 protocol into iMessage

Tech Wire Asia

Dashveenjit Kaur

In an era where digital privacy is paramount, Apple is integrating PQ3 into iMessage. This announcement marks a watershed moment in messaging security, propelling iMessage to unprecedented heights of protection. At the heart of Apple’s PQ3 integration lies a revolutionary cryptographic protocol designed to withstand the challenges posed by quantum computing. Unlike traditional encryption methods, which may be vulnerable to future quantum attacks, PQ3 provides robust protection against even the most sophisticated adversaries.

Artificial Intelligence

OpenAI seeks to dismiss parts of The New York Times’s lawsuit

The New York Times

Cade Metz and Katie Robertson

OpenAI filed a motion in federal court on Monday that seeks to dismiss some key elements of a lawsuit brought by The New York Times Company. The Times sued OpenAI and its partner Microsoft on Dec. 27, accusing them of infringing on its copyrights by using millions of its articles to train A.I. technologies like the online chatbot ChatGPT. Chatbots now compete with the news outlet as a source of reliable information, the lawsuit said.

US used AI to help find Middle East targets for airstrikes

Bloomberg

Katrina Manson

The US used artificial intelligence to identify targets hit by air strikes in the Middle East this month, a defense official said, revealing growing military use of the technology for combat. Machine learning algorithms that can teach themselves to identify objects helped to narrow down targets for more than 85 US air strikes on Feb. 2, according to Schuyler Moore, chief technology officer for US Central Command, which runs US military operations in the Middle East. The Pentagon said those strikes were conducted by US bombers and fighter aircraft against seven facilities in Iraq and Syria.

Google is paying publishers to test an unreleased Gen AI platform

Adweek

Mark Stenberg

Google launched a private program for a handful of independent publishers last month, providing the news organizations with beta access to an unreleased generative artificial intelligence platform in exchange for receiving analytics and feedback, according to documents seen by ADWEEK. As part of the agreement, the publishers are expected to use the suite of tools to produce a fixed volume of content for 12 months. In return, the news outlets receive a monthly stipend amounting to a five-figure sum annually, as well as the means to produce content relevant to their readership at no cost.

Smile, you’re on AI camera … and it could save your life

The Australian

Mikaela Mulveney

Surf lifesavers at South Australian beaches are using emerging video technology that incorporates AI to help monitor swimmers. Similarly, shopping centres and aged-care homes – among other industries – are applying the new technology to ensure public safety. Video Management Systems assist in gaining a deeper insight into patterns of behaviour and awareness, as well as advanced health and safety solutions. Smart cameras at popular beaches are one of the potential applications of AI and are assisting surf lifesavers to monitor and keep the public safe.

Tumblr’s owner is striking deals with OpenAI and Midjourney for training data, says report

The Verge

Adi Robertson

The owner of Tumblr and WordPress.com is in talks with AI companies Midjourney and OpenAI to provide training data scraped from users’ posts, a report from 404 Media alleges. The report, based on an anonymous source inside the company, says that deals between Automattic and the two AI companies are “imminent.” It follows nebulous rumors that have spread on Tumblr over the past week, suggesting a deal with Midjourney could provide a new revenue stream for the site.

Jobs

China Analyst or Senior Analyst

ASPI

ASPI has an exciting opportunity for an analyst or senior analyst to explore China's evolving foreign and security policy, political economy and impact on the Indo-Pacific and the world. ASPI’s China analysts conduct rigorous data-driven research, publish impactful reports that shape the public policy discourse and contribute to the wide catalogue of influential China work published by ASPI. The difference between the analyst and senior analyst levels will depend on experience level and demonstration of past work.

Professional Development Program Coordinator

ASPI

Our Program Coordinators are fundamental to the success of our professional development programs. As a key team member, you will be tasked with nurturing collaborative relationships across Defence, National Security, the National Intelligence Community, and the broader ASPI community. Success demands adept communication and interpersonal skills, a focus on client service, exceptional organisational abilities coupled with keen attention to detail, and the capability to think on your feet, problem-solve, and meet deadlines effectively.

Share

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.