FireEye hacked by nation-state | Huawei tested AI software that could alert police to Uighurs | AFP's new hacking powers referred to committee

Dec 8, 2020

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

FireEye revealed on Tuesday that its own systems were pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world. The New York Times
The Chinese tech giant Huawei has tested facial recognition software that could send automated “Uighur alarms” to government authorities when its camera systems identify members of the oppressed minority group, according to an internal document that provides further details about China’s artificial-intelligence surveillance regime. The Washington Post
The government will refer legislation handing sweeping hacking powers to the AFP to the Parliamentary intelligence and security committee amid concerns the extraordinary new powers would lead to “poisoned water hole” operations and make Australia an international outlier. InnovationAus

ASPI ICPC

Tweet storm shows China aims to project power through provocation
The Strategist
@arielbogle @AlbertYZhang @JakeWallis_ASPI
The CCP blocks Twitter for its citizens, but the country’s diplomats regularly use the platform to prosecute the party’s messages and narratives about topics including the Belt and Road Initiative, China’s economic recovery from the pandemic, Xinjiang and Hong Kong. They use it to address perceived double standards and slights.

China-Australia ties face new hit as Canberra gets veto on foreign deals
The South China Morning Post
@John_f_power
“It certainly is not going to help alleviate the current [fight] between the two governments but as Beijing has the right to decide the scope of China’s engagement with foreign countries, so does Canberra,” said Nathan Attrill, a researcher at the Australian Strategic Policy Institute, which is part-funded by the Australian, US and British governments.

World

FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State
The New York Times
FireEye revealed on Tuesday that its own systems were pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world.

FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community

Australia

AFP’s new hacking powers referred to committee
InnovationAus
The government will refer legislation handing sweeping hacking powers to the AFP to the Parliamentary intelligence and security committee amid concerns the extraordinary new powers would lead to “poisoned water hole” operations and make Australia an international outlier.

Vic govt health database plan is a problem
InnovationAus
The Victorian government is yet to consult with its own privacy office on a plan to store the health data of individuals in a database and share it with clinicians without consent, a proposal labelled “deeply disturbing” by digital rights advocates.

China

Huawei tested AI software that could recognize Uighur minorities and alert police, report says
The Washington Post
The Chinese tech giant Huawei has tested facial recognition software that could send automated “Uighur alarms” to government authorities when its camera systems identify members of the oppressed minority group, according to an internal document that provides further details about China’s artificial-intelligence surveillance regime.

Charles Rollet @CharlesRollet1

.@Huawei and @Megvii worked together to test and validate 'Uyghur alarms' in facial recognition software, per a document found by @ipvideo

USA

Social media bet on labels to combat election misinformation. Trump proved it's not enough
CNN
@b_fung
Social media platforms' misinformation labels, they've said, are inadequate and ill-matched for the torrent of false claims that continue to divide Americans and jeopardize their faith in democratic processes.

Dan York @danyork

On Friday, the @internetsociety joined with @EFF and @CenDemTech to file a brief of amici curiae in the US Ninth Circuit Court of Appeals providing a technical background of how this proposed #WeChat ban would damage the Internet and harm Internet users.

Internet Society Files Brief Arguing U.S. WeChat Ban Would Damage Internet, Harm Users | Internet SocietyOn Friday 4 December 2020, the Internet Society, the Electronic Frontier Foundation and the Center for Democracy & Technology filed a brief of amici curiae in the United States Ninth Circuit Court of Appeals in the U.S. WeChat Users Alliance case. This case challenges the U.S. Department of Commerce…internetsociety.org

Exclusive: Suspected Chinese spy targeted California politicians
Axios
Some of America’s most powerful politicians got their start in Bay Area politics, and China recognizes California’s importance. The MSS has a unit dedicated solely to political intelligence and influence operations in California. Silicon Valley is also the world’s most important center for the technology industry, making it a hotbed for Chinese economic espionage. Russian intelligence has also long targeted the Bay Area.

South and Central Asia

Covid-19 spurs national plans to give citizens digital identities
The Economist
When millions of migrant workers were forced by India’s sudden covid lockdown to return to their villages from the cities where they worked, many feared destitution. But Aadhaar, the country’s pioneering biometric ID system, came to the rescue. Under an income scheme for farmers launched in 2014 that would have been impossible without Aadhaar, $1.5bn was transferred digitally and at speed into the bank accounts of 30m people, with little waste or fraud and almost no distribution cost.

UK

Mark Zuckerberg threatened to pull UK investment in secret meeting with Matt Hancock
The Bureau of Investigative Journalism
@mattchapmanuk
The minutes, from May 2018, show that an obsequious Hancock was eager to please, offering “a new beginning” for the government’s relationship with social media platforms. He offered to change the government’s approach from “threatening regulation to encouraging collaborative working to ensure legislation is proportionate and innovation-friendly”.

Europe

The EU is making overtures about cybersecurity collaboration under Bidenian state hackers are using a VMware flaw to ransack networks
Cyber Scoop
@shanvav
European Union members convened a ministerial discussion Monday in an effort to take stock of the 2020 U.S. presidential election and plan how to best jumpstart cooperation with the incoming Biden administration on a whole host of issues, including cybersecurity matters.

Russia

NSA says Russian state hackers are using a VMware flaw to ransack networks
Ars Technica
The National Security Agency says that Russian state hackers are compromising multiple VMware systems in attacks that allow the hackers to install malware, gain unauthorized access to sensitive data, and maintain a persistent hold on widely used remote work platforms.

Michael Weiss @michaeldweiss

NEW: Several months ago I obtained a tranche of secret Russian military intelligence (GRU) files on psychological warfare. These documents are dated from within the decade and @4freerussia_org has translated them all. 4freerussia.org/aquarium-leaks…

The Americas

Christopher Parsons @caparsons

Today I released a report on Huawei and 5G, with a focus on clarifying the Canadian equities and outlining why the government of Canada needs to chart a strategic path forward

Huawei & 5G: Clarifying the Canadian Equities and Charting a Strategic Path Forward - The Citizen LabThe solution to Canada’s 5G problems will not be found in policies that principally address one company. Instead, a robust and vendor-neutral approach is required.citizenlab.ca

Africa

Covid is accelerating a quiet technology revolution in Africa
The Financial Times
In this guest post Victor Basta, CEO of boutique investment bank DAI Magister and a specialist in the technology sector, argues that nearly half of Africa’s economic growth over the next ten to twenty years will be driven by a group of still relatively unknown tech companies.

Misc

Online influencers have become powerful vectors in promoting false information and conspiracy theories
First Draft News
@aliabbasahmadi2
The role of celebrities and online influencers requires more scrutiny, especially from social platforms and media.

Meet ODoH, where privacy means just not knowing anything
Cyber Scoop
@timstarks
Being oblivious on the internet usually isn’t a recipe for protecting privacy. But Cloudflare announced Tuesday that it was launching support for a protocol that makes obliviousness its chief trait. Developed in conjunction with engineers from Apple and Fastly, it’s called Oblivious DNS over HTTPS, or ODoH for short.

Daily Cyber Digest