Daily Cyber Digest

Share this post
Dozens of Chinese companies added to US blacklist I Boris Johnson to reduce Huawei’s role in Britain’s 5G network I Hackers Just Dropped a Jailbreak They Say Works for All iPhones
aspiicpc.substack.com

Dozens of Chinese companies added to US blacklist I Boris Johnson to reduce Huawei’s role in Britain’s 5G network I Hackers Just Dropped a Jailbreak They Say Works for All iPhones

ASPI Cyber Policy
May 25, 2020
1
Share this post
Dozens of Chinese companies added to US blacklist I Boris Johnson to reduce Huawei’s role in Britain’s 5G network I Hackers Just Dropped a Jailbreak They Say Works for All iPhones
aspiicpc.substack.com

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

  • The United States said on Friday (May 22) it would add 33 Chinese firms and institutions to an economic blacklist for helping Beijing spy on its minority Uighur population or because of ties to weapons of mass destruction and China’s military.  The Straits Times

  • The UK Prime Minister plans to reduce Huawei’s involvement in Britain’s 5G network in the wake of the coronavirus outbreak. Boris Johnson has instructed officials to draw up plans that would see China’s involvement in the UK’s infrastructure scaled down to zero by 2023. The Telegraph

  • Hackers and developers released the first public jailbreak for Apple's iOS operating system that they say works at launch on all iOS devices. A hacker who worked on the jailbreak says it works by taking advantage of a vulnerability in iOS that Apple is not aware of, or a so-called zero day. Vice

ASPI ICPC

Twitter avatar for @alexjoskeAlex Joske @alexjoske
Strong and overdue move to put Harbin Institute of Tech and Harbin Engineering Uni on the US Entity List. Two of China's leading defence universities profiled in @ASPI_ICPC 's Universities Tracker (
unitracker.aspi.org.au). Commerce Department to Add Two Dozen Chinese Companies with Ties to WMD and Military Activities to the Entity ListThe Department of Commerce’s Bureau of Industry and Security (BIS) announced it will add 24 governmental and commercial organizations to the Entity List for engaging in activities contrary to the national security or foreign policy interests of the United States.commerce.gov

May 24th 2020

50 Retweets94 Likes

UK government reverses course on Huawei's involvement in 5G networks
TechCrunch
@jshieber
As TechCrunch had previously reported, the Australian government and the U.S. both have significant concerns about Huawei's ability to act independently of the interests of the Chinese national government. ‘The fundamental issue is one of trust between nations in cyberspace,’ wrote Simeon Gilding, until recently the head of the Australian Signals Directorate’s signals intelligence and offensive cyber missions. ‘It’s simply not reasonable to expect that Huawei would refuse a direction from the Chinese Communist Party.’

  • Read Simeon Gilding’s Strategist piece here.

Twitter avatar for @Nrg8000Nathan Ruser @Nrg8000
This thread shows the latest situation of Indian and Chinese forces in Ladakh since tensions errupted in the region last week over road construction about 5km from the LAC, using satellite imagery from Yesterday (May 22nd). The 2nd image shows the extent of the road construction.
Image
Image

May 23rd 2020

634 Retweets1,020 Likes

Australia

Twitter avatar for @ashleytownshendAshley Townshend @ashleytownshend
This is deeply unhelpful posturing by Mike Pompeo — directed against an ally that has done more to defend against Chinese interference than most. Many of us have concerns about possible BRI projects in Aussie states, but this isn’t the way to advance them.
NoCookies | The AustralianTo use this website, cookies must be enabled in your browser. To enable cookies, follow the instructions for your browser below.theaustralian.com.au

May 24th 2020

34 Retweets85 Likes

Call for cyber laws as COVID-19 highlights small business shortfall
Australian Financial Review
@SaysSmithy
New laws and cheaper cyber security solutions are needed, after the COVID-19 home working era highlighted a growing gap between the cyber capabilities of big and smaller businesses, which could pose an ongoing threat to the national supply chain.

Twitter avatar for @FergusHansonFergus Hanson @FergusHanson
New guidance from @CyberGovAU to critical infrastructure operators looking at work from home threats:
Safeguarding Australia’s Critical Infrastructure From Cyber Attack | Cyber.gov.auThe Australian Cyber Security Centre (ACSC) has produced advice to help critical infrastructure providers protect themselves from cyber attack as key staff work remotely during the COVID-19 pandemic.cyber.gov.au

May 22nd 2020

1 Retweet2 Likes

Summary of Tradecraft Trends for 2019-20: Tactics, Techniques and Procedures Used to Target Australian Networks
The Australian Cyber Security Centre
The Australian Cyber Security Centre (ACSC) investigated and responded to numerous cyber security incidents during 2019 and 2020 so far. This advisory provides a summary of notable tactics, techniques and procedures (TTPs) exploited by Advanced Persistent Threats (APT) and cybercriminals identified during the ACSC’s investigations. These TTPs are summarised practically in the framework of tactics and techniques provided by MITRE ATT&CK. This technical guidance is provided for IT security professionals at public and private sector organisations.

How did the Covidsafe app go from being vital to almost irrelevant?
The Guardian
@joshgnosis
It was sold as the key to unlocking restrictions ‘like sunscreen to protect Australians from Covid-19’ but as the country begins to open up, the role of the Covidsafe app in the recovery seems to have dropped to marginal at best.

China

China chipmaker SMIC receives $2bn state help amid Huawei ban
Nikkei Asian Review
China's Semiconductor Manufacturing International Corp. will receive a $2.25 billion infusion from state investment funds to underwrite the development and production of chips intended to counter new sanctions levied by the U.S.

China's Crypto Is All About Tracing—and Power
Bloomberg Opinion 
@andymukherjee70
An official Chinese digital yuan, more than five years in the making, is now in pilot runs to slowly start replacing the physical legal tender. If the experiment succeeds, this new cash, valued the same as the familiar banknotes bearing Mao Zedong’s image, will become the world’s first sovereign token to reside exclusively in the ether.

USA

Twitter avatar for @BethanyAllenEbrB. Allen-Ebrahimian @BethanyAllenEbr
New: US Commerce Dept adds 9 new Chinese entities to the export control entities list: —Ministry of Forensic Science —Aksu Huafu Textiles —CloudWalk Tech —FiberHome Tech Group —Nanjing FiberHome — Starrysky Communication —NetPosa — SenseNets —Intellifusion —IS’Vision

May 22nd 2020

82 Retweets146 Likes

Dozens of Chinese companies added to US blacklist in latest Beijing rebuke
Straits Times 
The United States said on Friday (May 22) it would add 33 Chinese firms and institutions to an economic blacklist for helping Beijing spy on its minority Uighur population or because of ties to weapons of mass destruction and China’s military. 

  • Read the U.S. Department of Commerce’s press release here.

Twitter avatar for @LindsayPGormanLindsay P. Gorman @LindsayPGorman
A year after @tombschrader and I wrote this article, Netposa and SenseNets (computer vision and video surveillance firms with security contracts in Xinjiang) are finally added to the Entity List. 👏👏👏
foreignpolicy.com/2019/03/19/962…U.S. Firms Are Helping Build China’s Orwellian StateTech partnerships are empowering new methods of control.foreignpolicy.com

May 23rd 2020

16 Retweets55 Likes

Nearly half of Twitter accounts pushing to reopen America may be bots
MIT Technology Review
@_KarenHao
Researchers have found that bots may account for between 45 and 60% of Twitter accounts discussing covid-19. Many of those accounts were created in February and have since been spreading and amplifying misinformation, including false medical advice, conspiracy theories about the origin of the virus, and pushes to end stay-at-home orders and reopen America.

Twitter avatar for @yoyoelYoel Roth @yoyoel
We've seen no evidence to support the claim that "nearly half of the accounts Tweeting about #COVID19 are likely bots.” 🧵 with a few thoughts on the subject...
npr.org/sections/coron…Researchers: Nearly Half Of Accounts Tweeting About Coronavirus Are Likely BotsResearchers culled through more than 200 million tweets discussing the virus since January and found that about 45% were sent by accounts that behave more like computerized robots than humans.npr.org

May 24th 2020

89 Retweets200 Likes

U.S. Panel Orders Breakup of California Exoskeleton Firm’s Venture With Chinese Investors
The Wall Street Journal
@katystech
A U.S. national security panel has ordered the breakup of a joint venture formed between Chinese investors and a California firm that makes exoskeletons, robotic devices that can help disabled people walk but can also help soldiers carry heavy loads.

Commander Discusses a Decade of DOD Cyber Power
U.S. Dept of Defense
Ten years ago, U.S. Cyber Command passed its first milestone: the ability to conduct cyberspace operations as the new sub-unified combatant command.

Cyber reserves are not a silver bullet 
War on the Rocks
@TheCollierJam
The most significant long-term challenge facing American and British cyber agencies is not China or Russia—it’s a shortage of cyber talent.

NZ & Pacific Islands

Boston Dynamics' Robodog Roams New Zealand Countryside with a New Purpose: Sheep Herding
Gizmodo
New Zealand software firm Rocos announced a partnership with Boston Dynamics to give the latter’s famous robotic dog/four-legged nightmare automaton a new gig: herding sheep.

Digicel files for bankruptcy
Australian Financial Review
Digicel, the mobile phone and TV home entertainment company which dominates mobile phones in the western Pacific, including Papua New Guinea, has filed for bankruptcy in Bermuda.

UK

Boris Johnson to reduce Huawei’s role in Britain’s 5G network in the wake of coronavirus outbreak
The Telegraph
@CamillaTominey
The Prime Minister plans to reduce Huawei’s involvement in Britain’s 5G network in the wake of the coronavirus outbreak, the Telegraph has learned. The rethinking of the Huawei deal follows a growing backlash among Tory MPs against Chinese investment following the global pandemic, which originated in Wuhan.

Huge rise in hacking attacks on home workers during lockdown
The Guardian
@jjpjolly
Hackers have launched a wave of cyber-attacks trying to exploit British people working from home, as the coronavirus lockdown forces people to use often unfamiliar computer systems. The proportion of attacks targeting home workers increased from 12% of malicious email traffic before the UK’s lockdown began in March to more than 60% six weeks later. 

Truth twisters’: rouge civil service tweet causes storm
The Guardian
@peterwalker99
Post on official civil service account apparently critical of Johnson’s press conference spreads like wildfire before being deleted

Canada

Opinion: In Canada, the tide of opinion is turning on China
The Globe and Mail 
@cburton001
An Angus Reid poll last week found four in five Canadians want Huawei banned from any role in building this country’s 5G network, and just 11 per cent of respondents felt Canada should focus its trade efforts on China—down from 40 per cent in 2015. And 76 per cent said Canada should prioritize human rights and the rule of law over economic opportunity. If Ottawa has been delaying a decision all these months while it awaits the ‘right moment’ to announce that the future of Canadian telecommunications lies with Huawei, it is now clear that moment will never come.

Middle East

Qatar makes COVID-19 app mandatory, experts question efficiency 
Al Jazeera
Qatari public health officials try to quell privacy concerns as contact-tracing app Ehteraz comes into force.

Israel limits coronavirus cellphone surveillance to 'special cases'
Reuters
The Israeli cabinet limited on Sunday the involvement of the Shin Bet security service in the cellphone-tracking of people infected by the coronavirus, saying the measure would be a last resort where epidemiological investigation proves insufficient.

Gender and Women in Cyber

The lack of women in cybersecurity leaves the online world at greater risk
The Conversation
@nircj
Women are highly underrepresented in the field of cybersecurity. In 2017, women’s share in the U.S. cybersecurity field was 14%, compared to 48% in the general workforce. The problem is more acute outside the U.S. In 2018, women accounted for 10% of the cybersecurity workforce in the Asia-Pacific region, 9% in Africa, 8% in Latin America, 7% in Europe and 5% in the Middle East.

Misc

Hackers Just Dropped a Jailbreak They Say Works for All iPhones
Motherboard
@josephfcox
On Saturday, hackers and developers released the first public jailbreak for Apple's iOS operating system that they say works at launch on all iOS devices. A hacker who worked on the jailbreak says it works by taking advantage of a vulnerability in iOS that Apple is not aware of, or a so-called zero day.

Are AI-Powered Killer Robots Inevitable?
WIRED
@paul_scharre
Terminators aren't rolling off the assembly line just yet, but each new generation of weapons seems to get us closer. And while no nation has declared its intention to build fully autonomous weapons, few have forsworn them either.

Twitter’s new reply-limiting feature is already changing how we talk on the platform
The Verge
@jaypeters 
Twitter is testing a new feature that lets users decide who can reply to their tweets, the company announced on Wednesday, and some accounts are already using it in some interesting new ways.

Twitter avatar for @alexstamosAlex Stamos @alexstamos
Yesterday's release of an end-to-end design for Zoom has spawned a long thread about doing E2E in a web browser. While I respect all the participants, I think several of them are succumbing to a common affliction: security nihilism. Root of the thread:

Chris Palmer @fugueish

@alexstamos @sleevi_ @durumcrustulum @LeaKissner My version of this question: what's the new hotness in protecting against any malicious dynamic code changes (including auto-updated code, which of course is a baseline security practice now), on any platform? E.g. is anyone really verifying Signal's reproducible builds...?

May 23rd 2020

30 Retweets133 Likes
Share this post
Dozens of Chinese companies added to US blacklist I Boris Johnson to reduce Huawei’s role in Britain’s 5G network I Hackers Just Dropped a Jailbreak They Say Works for All iPhones
aspiicpc.substack.com
Comments

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNewCommunity

No posts

Ready for more?

© 2022 ASPI Cyber Policy
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing