Ex-US intelligence operatives in UAE hacking case face FBI charges | Chinese police use anti-fraud app to track access to overseas news sites | Wall Street and Chinese regulators plan to meet
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Three former U.S. intelligence operatives, who went to work as mercenary hackers for the United Arab Emirates, face federal charges of conspiring to violate hacking laws, according to Justice Department court documents filed on Tuesday. Reuters
Chinese police are using a new anti-fraud app installed on more than 200m mobile phones to identify and question people who have viewed overseas financial news sites, according to individuals summoned by the authorities. The app was launched in March by the public security ministry’s National Anti-Fraud Center and blocks suspicious phone calls and reports malware. Financial Times
Wall Street executives and top Chinese regulators plan to hold a virtual meeting to discuss topics including Beijing’s market-roiling crackdown on the private sector and U.S.-China relations. The meeting on Thursday marks a resumption of the China-U.S. Financial Roundtable that was first convened in September 2018, according to two people familiar with the matter, who asked not to be identified because the gathering is private. Bloomberg
ASPI ICPC
System Update: Towards a Women, Peace and Cybersecurity Agenda
UNIDIR
@LJSharland Netta Goussac @emilia_currey @genevievefeely @Sara_Lisabeth
As the Women, Peace and Security (WPS) agenda enters its third decade, it is crucial to ensure it is fit to address new and emerging security issues, such as cyberthreats and their gendered implications. To do so requires a shift in focus, moving beyond traditional conflict to encompass other settings where violence against women occurs, including cyberspace. The accessibility and unattributable nature of cyberspace has exposed women to a disproportionate amount of stalking and online harassment, as well as to targeted disinformation campaigns to dissuade their political participation. This has become even more pronounced in the face of the COVID-19 pandemic, as the world took a digital turn and saw an increase in online violence, misogyny and hate speech directed at women. This report - which the United Nations commissioned ASPI to write - provides further examination of cyber-related issues affecting the goals of the WPS agenda. It identifies six priority areas that need to be addressed to narrow the gap between WPS and cybersecurity.
Far-Right Fundraising on Telegram
Global Network on Extremism & Technology
@arielbogle
The Australian far-right is using a diverse range of online tools to fundraise and solicit donations. In this ecosystem, the messaging app Telegram plays a significant role — providing an entry point into a broader content and financial network, and facilitating international connections.
Read ASPI ICPC’s report ‘Buying and selling extremism’
Find out more on the Sydney Dialogue website.
The World
Apple issues security patch after Toronto-based Citizen Lab flags vulnerability
CBC
Apple released an emergency software patch to fix a security vulnerability that researchers said could allow hackers to directly infect Apple devices without any user action. The researchers at the University of Toronto's Citizen Lab said the flaw allowed spyware from the world's most infamous hacker-for-hire firm, NSO Group, to directly infect the iPhone of a Saudi activist.
Australia
Online activity during COVID lockdowns sees surge in cyber attacks and espionage
ABC News
@AndrewBGreene
A cybercrime is now reported every eight minutes in Australia with criminals and spies taking advantage of large numbers of people working from home during COVID-19 lockdowns. The federal government's latest official assessment shows malicious online actors are exploiting the pandemic and are actively targeting vulnerable Australians and health services.
Read ASPI ICPC’s report ‘Clean pipes: Should ISPS provide a more secure internet?’
Bullying on Twitter has become unhinged. It's time to call out the personal, sexist attacks
ABC News
@leighsales
It is a matter for a commercial entity like Twitter to ask itself — and my understanding is that it is — whether the treatment of journalists, in particular female journalists, on its platform is acceptable. Any good corporate citizen should examine its role in promoting sensible and open debate versus hate speech and misinformation.
PRC Minority Ethnicity Recognition Research Targeted Uyghurs, Breached Ethical Standards
IPVM
@CharlesRollet1
Australia's Curtin University determined that Wanquan Liu "did not gain informed consent" or "required ethical approvals" for the study which used AI-powered analysis of "ethnical facial features" to best predict whether a person is Uyghur, Tibetan, or Korean. Liu "refused to respond" to parts of Curtin University's investigation, resigning and moving to one of the PRC's top 10 universities. The study's academic publisher Wiley is "reviewing" whether to retract it, while a different study based on its data has already been retracted.
China
China uses anti-fraud app to track access to overseas financial news sites
Financial Times
Sun Yu
Chinese police are using a new anti-fraud app installed on more than 200m mobile phones to identify and question people who have viewed overseas financial news sites, according to individuals summoned by the authorities. The app was launched in March by the public security ministry’s National Anti-Fraud Center and blocks suspicious phone calls and reports malware. Police said it was needed to combat a surge in fraud, often perpetrated by overseas operations managed by Chinese and Taiwanese nationals... A dozen individuals told the FT they were uncomfortable giving the app 29 permissions, including live monitoring of call logs, text messages and conversations, in order to install it on their phones.
Wall Street Chiefs to Meet China Regulators Amid Market Turmoil
Bloomberg
Cathy Chan
Wall Street executives and top Chinese regulators plan to hold a virtual meeting to discuss topics including Beijing’s market-roiling crackdown on the private sector and U.S.-China relations. The meeting on Thursday marks a resumption of the China-U.S. Financial Roundtable that was first convened in September 2018, according to two people familiar with the matter, who asked not to be identified because the gathering is private. The high-level meeting comes after investors were unnerved by a regulatory push by Beijing targeting its biggest technology companies and other industries and a pledge by President Xi Jinping to create “common prosperity.” Billions of dollars in potential profits are at stake for Wall Street, which has been pushing into China as the nation opens its financial markets to investment banks, wealth and money managers.
Wikipedia bans 7 mainland Chinese power users over ‘infiltration and exploitation’ in unprecedented clampdown
Hong Kong Free Press
@selina_cheng
The foundation that oversees Wikipedia has taken unprecedented action to ban seven mainland Chinese users from its websites globally and revoke administrator access and other privileges for 12 other users, following an HKFP report of alleged threats to Hong Kong users. HKFP also reported on fears among Hong Kong users over election canvassing within the online encyclopaedia as users from the mainland, Hong Kong and Taiwan angled for coveted administrator access. There were also “editing wars” over politically sensitive articles about current events in the city.
Data Privacy Chinese-Style
The Wire China
@AngelaZhangHK
China’s Personal Information Protection Law (PIPL) comprises a far-reaching set of rules governing how tech companies handle user data. And, on the surface, it seems pretty tough: in fact, The Wall Street Journal hailed the PIPL as “one of the world’s strictest data-privacy laws.” But it will probably do less to protect Chinese users than many believe, and it might even entrench further the dominance of China’s incumbent tech giants.
USA
Ex-U.S. intelligence operatives in UAE hacking case to cooperate with FBI to avoid prosecution
Reuters
@Bing_Chris @joel_schectman
Three former U.S. intelligence operatives, who went to work as mercenary hackers for the United Arab Emirates, face federal charges of conspiring to violate hacking laws, according to Justice Department court documents filed on Tuesday. The three men, Marc Baier, Ryan Adams, and Daniel Gericke, were part of a clandestine unit named Project Raven, first reported by Reuters, that helped the United Arab Emirates spy on its enemies. The defendants are being charged also with military export restriction violations.
The court documents can be access here.
Three Former U.S. Intelligence Community and Military Personnel Agree to Pay More Than $1.68 Million to Resolve Criminal Charges Arising from Their Provision of Hacking-Related Services to a Foreign Government
US Department of Justice
Services, Including a Sophisticated ‘Zero Click’ Exploit, Violated U.S. Export Control and Computer Fraud and Abuse LawsEx-U.S. Intelligence Officers Admit to Hacking Crimes in Work for Emiratis
The New York Times
@MarkMazzettiNYT @adamgoldmanNYT
The three men, Marc Baier, Ryan Adams and Daniel Gericke, admitted violating U.S. laws as part of a three-year deferred prosecution agreement. If the men comply with the agreement, the Justice Department will drop the criminal prosecution.U.S. Company Sold Zero-Click Hacking Tool to UAE Spy Operation
VICE
@josephfcox
A U.S. company sold a powerful exploit to a United Arab Emirates company which was involved in the country's hacking operations, including targeting people based in the U.S., according to a newly unsealed court filing.
Oversight Board overturns original Facebook decision: Case 2021-009-FB-UA
Oversight Board
The Oversight Board agrees that Facebook was correct to reverse its original decision to remove content on Facebook that shared a news post about a threat of violence from the Izz al-Din al-Qassam Brigades, the military wing of the Palestinian group Hamas. Facebook originally removed the content under the Dangerous Individuals and Organizations Community Standard, and restored it after the Board selected this case for review. The Board concludes that removing the content did not reduce offline harm and restricted freedom of expression on an issue of public interest.
D.C. attorney general targets Amazon’s wholesale biz in expanded antitrust suit
The Washington Post
@viaCristiano
D.C. Attorney General Karl A. Racine sued Amazon in May over allegations it fixes prices online by preventing the third-party sellers that use its marketplace from offering their products at lower prices elsewhere. Now the Democratic attorney general is widening the scope of the suit, accusing the tech giant of maintaining its monopoly by locking the wholesalers that provide the company with goods into anti-competitive agreements.
The U.S. Should Get Serious About Submarine Cable Security
Council on Foreign Relations
@jshermcyber
Washington should increase its investment in protecting submarine cable security and resilience. As the White House increasingly focuses on cybersecurity threats to the nation and the global community, including from the Chinese and Russian governments, it should prioritize investing in the security and resilience of the physical infrastructure that underpins internet communication worldwide.
Cyber defense across the ocean floor: The geopolitics of submarine cable security
Atlantic Council
@jshermcyber
The security and resilience of undersea cables and the data and services that move across them are an often understudied and underappreciated element of modern Internet geopolitics. The construction of new submarine cables is a key part of the constantly changing physical topology of the Internet worldwide.
Facebook Knows Instagram Is Toxic for Teen Girls, Company Documents Show
The Wall Street Journal
@georgia_wells @JeffHorwitz @dseetharaman
The Instagram documents form part of a trove of internal communications reviewed by the Journal, on areas including teen mental health, political discourse and human trafficking. They offer an unparalleled picture of how Facebook is acutely aware that the products and systems central to its business success routinely fail.
SEC charges App Annie with securities fraud in $10 million settlement
Protocol
@issielapowsky
The Securities and Exchange Commission announced Tuesday that it's charging App Annie, the mobile app data provider, with securities fraud, accusing the company of "engaging in deceptive practices" and misrepresenting the origins of its data.
Cyber insurance may not be making companies more secure
The Washington Post
@Joseph_Marks_
Insurers are sometimes doing more harm than good as U.S. companies are pummeled with ransomware and other cyberattacks. Yes, these firms provide policies that pay out in the event of a cyber attack. But often, there's insufficient focus on prevention.
North Asia
South Korea Fines Google for Abusing Smartphone Dominance
Bloomberg
@soheefication @vladsavov
South Korea fined Alphabet Inc.’s Google $177 million for hampering the development of rivals to its Android operating system, sustaining a campaign targeting the U.S. search giant’s dominance in smartphone software.
South & Central Asia
US-China technology competition through the prism of the reflexive games framework
Observer Research Foundation
Samyak Rai Leekha
While in the short to medium term, India is constrained strategically by the threat posed by the PRC, and, thus, must rely on US tech, however; in the long run, India must decide whether it sees itself as a potential superpower or is content with being a US ally. Being the only member of the Quad that is not a part of the US-led ‘Five Eyes’ intelligence-sharing alliance, India is in a peculiar position to decide its place in the evolving world.
UK
Big Tech cloud services could face resilience test, says Bank of England
Reuters
@reutersHuwJ
Amazon, Google and other tech companies providing cloud computing to banks in Britain may have to comply with minimum resilience standards and testing, a senior Bank of England official said on Monday.
Europe
Ireland fails to enforce EU law against Big Tech
Financial Times
@madhumita29 @JavierespFT
Ireland is failing to apply the EU’s privacy laws to US Big Tech companies, with 98 per cent of 164 significant complaints about privacy abuses still unresolved by its regulator. Google, Facebook, Apple, Microsoft and Twitter all have their European headquarters in Dublin, making Ireland’s Data Protection Commissioner the lead EU regulator responsible for holding them to the law.
Discontent Simmers Over How to Police EU Privacy Rules
The Wall Street Journal
@catstupp
The European Union’s recent $270 million fine against WhatsApp was held up for months by disagreements among national authorities, ratcheting up tensions over how to enforce the bloc’s privacy rules. The varied approaches to policing the EU’s strict General Data Protection Regulation are fueling calls to redesign how national authorities from the 27 EU countries can intervene in each others’ cases and to explore creating a broader EU-wide regulatory system.
In Germany's election hashtag debate, activists win battle for 'likes'
Reuters
David Latona
As the main contenders in the race to succeed Angela Merkel as Germany's next chancellor faced off in a televised debate on Sunday night, their political parties deployed social media teams in a parallel battle online.
Germany Braces for Election Disinformation
Foreign Policy
@jessicabateman
A growing conspiracy movement is likely to spread false narratives about the results, with echoes of Trump.
Russia
‘No indication’ Russia has cracked down on ransomware gangs, top FBI official says
The Record
@martinmatishak
The FBI’s No. 2 on Tuesday said the agency has seen no evidence that the Russian government has moved against ransomware gangs operating on its soil.
Americas
Brazil debates creation of national strategy to tackle cybercrime
ZDNet
@angelicamari
Amid growing concerns about increasing threats in the cybersecurity space, the Brazilian government and the banking sector are discussing the creation of a strategy to address crime in digital environments.
Chinese state interference in Canada's 2021 election
DisinfoWatch
The Chinese Communist Party (CCP) and actors aligned with it appear to be targeting the credibility of Chinese-Canadian federal candidates and Conservative Party leader Erin O’Toole in the fall 2021 federal election.
Misc
Sharing Knowledge, Technology Critical to Curb Covid-19
Human Rights Watch
Wealthy governments and pharmaceutical companies are undermining a rapid and equitable public health response to Covid-19 vaccines, therapeutic drugs, and tests, Human Rights Watch researchers said in a paper published ahead of a World Trade Organization (WTO) meeting this week.
How wellness influencers are fueling the anti-vaccine movement
The Washington Post
@AshleyFetters @GerritD
For many, the term “misinformation” conjures up images of conspiracy-theory chat forums and Russian bots. But an alarming amount of it is reaching audiences in the health and wellness realms. Many social media influencers who focus on natural remedies, holistic health and new age spirituality have been sharing posts and videos questioning the wisdom of vaccinating against the coronavirus.
Rolling Stone’s botched ivermectin story raises questions about what is misinformation
First Draft
@estherswchan
The debate about ivermectin has led to a surge in demand for the medicine in multiple countries, including the US and Australia. But a misreport on one Oklahoma doctor’s claim about patients overdosing on ivermectin has been framed as an attempt by mainstream media to discredit the drug as a Covid-19 treatment.
A Stanford Proposal Over AI's 'Foundations' Ignites Debate
WIRED
@willknight
Last month, Stanford researchers declared that a new era of artificial intelligence had arrived, one built atop colossal neural networks and oceans of data. They said a new research center at Stanford would build—and study—these “foundational models” of AI. Critics of the idea surfaced quickly—including at the workshop organized to mark the launch of the new center. Some object to the limited capabilities and sometimes freakish behavior of these models; others warn of focusing too heavily on one way of making machines smarter.
TikTok Is Removing Educational Hacking Videos
VICE
@josephfcox
Multiple creators showed that TikTok is particularly aggressive at removing videos that are designed to educate viewers about hacking.
Research
Events & Podcasts
S3 Episode 1: Big Data and Global Security
War & Peace
As rapidly developing data technology outpaces governance structures and their ability to adapt, the long-term impact of increasingly data-driven economies on security and society remains uncertain. What happens when personal data ends up in the hands of those in power?
Jobs
New ICPC Program on Critical Technologies - 3 positions
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for three exceptional and experienced senior analysts and analysts to join its large team from October 2021. These new roles will focus on original research, analysis and stakeholder engagement centred around international critical technology development, including analysis of which countries are leading on what technologies.
ICPC Pacific Islands Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has an outstanding opportunity for a talented and proactive Pacific Islands analyst who will work with the Centre’s information operations and disinformation program. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by actors in the Pacific Islands region. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies. Candidates must have a demonstrated background in, and strong knowledge of, the Pacific Islands region, including the region’s digital, media and social media landscape.
ICPC Analyst & Project Manager - Coercive diplomacy
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an Analyst and Project Manager to manage, and help lead, a project on coercive diplomacy in the Indo-Pacific region. This new role will focus on analysis, workshops and stakeholder engagement centred around coercive diplomacy, including how countries in the Indo-Pacific can work together to tackle this complicated policy challenge. Candidates must have excellent coordination, project management and stakeholder engagement skills.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.