FBI warns Zoom vulnerable to hijacking | 5.2 million of Marriott guests' personal info likely breached | Huawei’s P40 phone contains US parts despite blacklisting

Senetas.com

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

  • As remote work surges amid the coronavirus pandemic, the FBI issued a public bulletin Tuesday warning Zoom and other video teleconferencing services may not be as private, or as secure, as users may assume. CyberScoop

  • Marriott International said Tuesday that the personal information for at least 5.2 million guests could have been accessed by unauthorised people at two of its hotels for more than a month earlier this year. Business Insider

  • Huawei is still using components made by US companies in its newest flagship smartphone, a Financial Times teardown has found, despite the US all but blacklisting the Chinese telecoms company. Financial Times

On Thursday, 2 April at noon (AEDT), ASPI’s International Cyber Policy Centre is running an online Q&A with the co-authors of the ‘Uyghurs for sale’ report.

Co-authors Vicky Xiuzhong Xu, Dr James Leibold, Kelsey Munro & Nathan Ruser will be on hand to take your questions for an hour on what has quickly become ASPI’s most-read report ever.

If you would like to take part, please email fergusryan@aspi.org.au with your name and ‘Q&A’ as the subject line.

ASPI ICPC

Gender equality in Australia’s intelligence community must come out of the shadows
ASPI Strategist
The Lowy Institute’s groundbreaking 2019 report, Foreign territory: women in international relations, revealed that, of the 233 respondents (male and female) who expressed a view on the Australian intelligence community’s commitment to ‘achieving real progress on gender equality’, only 6% said that the agencies were ‘very committed’, 42% said they were ‘somewhat committed’, and 51% answered that they were ‘not committed’. Those figures should sound as a clarion call for the agencies. Moreover, a recent piece on The Interpreter asserts that the lack of independent and in-depth investigation over many decades has allowed a community to evolve in which women haven’t risen to the top at nearly the same rate as their male counterparts. This has produced a culture far less diverse than Australian society more broadly. The authors call for an independent review to be conducted.

  • Read the report and Lowy Interpreter post co-authored by ICPC Deputy Director Danielle Cave.

Cyber crime threat advice updated over coronavirus scams
The Age
Fergus Hanson, the director of the Australian Strategic Policy Institute's International Cyber Policy Centre, said working-from-home arrangements provided additional access points to a network. Companies and organisations should limit access to parts of the network to those employees who actually needed it, use VPNs for remote log-ons and separate work and personal computers.

Regulatory flexibility needed to allow Covid-19 innovations to succeed
ASPI Strategist
@elisethoma5 
The Covid-19 crisis has sparked a truly inspiring wave of citizen-led, open-source innovation, from 3D-printed medical devices and open-source designs for personal protective equipment, to virus tests which could allow for more rapid, large-scale testing. It may well be that the answers to some of the biggest challenges countries around the world are facing are found not in large corporate labs or government research facilities, but in open-source technologist communities, creative collaboration spaces and citizen science labs.

The World

Marriott says at least 5.2 million guests' personal information was likely breached — the company's second major security incident in 2 years
Business Insider
@g_rapier
Marriott International said Tuesday that the personal information for at least 5.2 million guests could have been accessed by unauthorised people at two of its hotels for more than a month earlier this year. The accessible information included full names, email and postal addresses, phone numbers, account numbers and points balance, birthday, gender, and any linked loyalty affiliations, like with airlines. ID and passport numbers, credit card information, and account passwords were not affected, the company said.. It’s the second time in as many years that the company has disclosed a data security lapse. The company in 2018 said 500 million customers’ data from its Sherwood subsidiary had been improperly accessed in an event that also included some guests’ credit card details. The breach remains one of the largest in history.

For Autocrats, and Others, Coronavirus Is a Chance to Grab Even More Power
The New York Times
As the coronavirus pandemic brings the world to a juddering halt and anxious citizens demand action, leaders across the globe are invoking executive powers and seizing virtually dictatorial authority with scant resistance. Governments and rights groups agree that these extraordinary times call for extraordinary measures. States need new powers to shut their borders, enforce quarantines and track infected people.

  • Read ICPC’s Kelsey Munro’s Strategist piece on the topic here.

Australia

Federal court data breach sees names of protection visa applicants made public
ABC
@DanielMOakes
The names of hundreds of people seeking protection visas have been published on the website of the Federal Court in a catastrophic data breach that potentially puts asylum seekers at risk of harm.

Screenshot of the Commonwealth Courts portal website with details blurred

PHOTO: The Commonwealth Courts portal made public the names of people whose identity should have been protected.

COVID-19 phishing and email scams surge in Australia
Tech Wire Asia
@RahimAdlina
Australia, in particular, has seen an increase in cyber risks and threats amid the intensifying outbreak. That’s led the Australian Cyber Security Centre (ACSC) to release a new threat update exposing the patterns of these schemes through a series of case studies.

China

In China, a young diplomat rises as aggressive foreign policy takes root
Reuters
Over the past year, more than 60 Chinese diplomats and diplomatic missions set up Twitter or Facebook accounts, by Reuters' count, even though both platforms are banned in China, often using them to attack Beijing's critics around the world. Zhao this month promoted a conspiracy theory on his personal Twitter account that the U.S. military brought the coronavirus to the central Chinese city of Wuhan, where the outbreak began late last year. U.S. President Donald Trump escalated the spat, infuriating Beijing by repeatedly citing the "Chinese virus".

China is turning the coronavirus crisis into a soft power bonanza
Wired
As Wuhan goes back to work, China is ramping up its efforts to provide aid to the rest of the world.

USA

Huawei’s P40 phone contains US parts despite blacklisting
Financial Times
Huawei is still using components made by US companies in its newest flagship smartphone, a Financial Times teardown has found, despite the US all but blacklisting the Chinese telecoms company. On Thursday, Huawei launched its P40 smartphone — one of the first flagship devices the company has launched since Washington’s introduction of sanctions last May that bar US companies from selling to the Chinese group unless specifically licensed to do so.

FBI warns Zoom, teleconference meetings vulnerable to hijacking
CyberScoop
@shanvav
As remote work surges amid the coronavirus pandemic, the FBI issued a public bulletin Tuesday warning Zoom and other video teleconferencing services may not be as private, or as secure, as users may assume.

zoom-ui

When mousing over the green lock in the top left of the Zoom desktop app, it says, “Zoom is using an end to end encrypted connection”. Source: The Intercept

Trump on coronavirus misinformation from China: "Every country does it"
Axios
President Trump brushed aside allegations that China — as well as Russia and Iran — are spreading misinformation about the origin of the coronavirus during a 64-minute call with "Fox & Friends" on Monday, telling the hosts that "every country does it." Why it matters: Multiple verified Chinese government Twitter accounts have promoted different conspiracy theories, and Chinese foreign ministry deputy spokesperson Zhao Lijian suggested that the virus come from a U.S. military lab, Axios' Bethany Allen-Ebrahimian reports.

DARPA’s bets paying off in fight against COVID-19: Lessons for Australia
United States Study Centre
With the COVID-19 disease sweeping the world, a global race is underway to develop therapies to help alleviate the illness, but more importantly, a vaccine to cure it.

The Newest US Sanctions on China's Huawei Could Backfire
Wired
@willknight
Besides providing fresh impetus for Chinese technology development, Thomas believes the restrictions might harm US companies. He notes that US firms account for 42 percent of the global market for semiconductor manufacturing equipment by revenue. “Chipmakers in places like Taiwan, South Korea, and Europe that want to continue selling to China could try to eliminate American inputs from their supply chains,” Thomas says, pushing them away from using US equipment.

Health Surveillance Is Here to Stay
Wall Street Journal
How much privacy will Americans be willing to give up for a better chance of defeating the new coronavirus?

Southeast Asia

Cyber chief's warning as hackers target PM's Covid fund
Economic Times
In a stern warning to Cyber Criminals, India’s National Cyber Security Coordinator (NCSC) in Prime Minister’s Office, Lt General Rajesh Pant has issued a cautioning statement to cyber criminals not to take advantage of the present COVID-19 crisis and commit financial frauds against unsuspecting citizens and enterprises.

UK

New MI5 head promises to focus on China and harness AI
The Guardian
@dansabbagh
MI5’s deputy head will take the top job at the spy agency next month promising a sharper focus on China and to work more closely with the private sector in harnessing artificial intelligence in tackling hostile state and terrorist activity..Insiders said that McCallum wanted to be clearer about the threat posed by China – particularly in terms of industrial espionage and cyberwarfare – in the belief that the level of spying by Bejiing in the UK was not appreciated more widely.. MI5 is expected to continue to support the decision to allow Huawei to supply 5G mobile phone equipment, even if highlighting other threats from China could provide further ammunition to Bejing’s critics on the Conservative backbenches, who are threatening to try to block the Chinese company’s involvement.

Europe

China Isn’t Helping Italy. It’s Waging Information Warfare.
Foreign Policy
@mattiaferraresi
The populist Five Star Movement has become China’s chief enabler as Beijing spreads disinformation about the origins of the coronavirus while sending aid shipments to EU countries where it seeks influence.

Africa

Misc

Houseparty offers $1m reward for proof of sabotage
BBC News
The owner of video chat and game app Houseparty is offering a $1m (£810,750) reward for evidence the company was the victim of a commercial smear campaign.

They Were Opposed To Government Surveillance. Then The Coronavirus Pandemic Began.
Buzzfeed News
The coronavirus pandemic, which has grown to over 740,000 cases and 35,000 deaths around the world, has been so singular an event that even some staunch advocates for civil liberties say they’re willing to accept previously unthinkable surveillance measures.

No longer neutral: Tech companies embrace moderation on coronavirus
NCB News
Now, facing the prospect that hoaxes or misinformation could worsen a global pandemic, tech platforms are taking control of the information ecosystem like never before. It's a shift that may finally dispose of the idea that Big Tech provides a "neutral platform" where the most-liked idea wins, even if it's a conspiracy theory.

Jobs

Fellowship Opportunity - June 2020 to May 2022
National Security Archive
Through a generous grant from the Hewlett Foundation, the National Security Archive has an opening for a Cyber Fellow to help run the Cyber Vault Project for a two-year period (June 1, 2020 – May 31, 2022).