Five Chinese companies designated US national security threat | Surveillance threatens rights in Myanmar | French researchers recover sensitive data from PDFs on global security agencies websites
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The Federal Communications Commission (FCC) on Friday designated five Chinese companies as posing a threat to national security under a 2019 law aimed at protecting U.S. communications networks. The FCC said the companies included Huawei Technologies Co, ZTE Corp, Hytera Communications Corp, Hangzhou Hikvision Digital Technology Co and Dahua Technology Co. Reuters
On December 14, 2020, Myanmar authorities rolled out the first phase of its “Safe City” initiative and started using a system of 335 surveillance cameras in eight townships in the capital, Naypyidaw. The cameras, from the technology company Huawei, come installed with artificial intelligence technology that automatically scans faces and vehicle license plates in public places and alerts authorities to those on a wanted list. Human Rights Watch
In a research paper published this month, the French National Institute for Research in Computer Science and Automation (INRIA) said it collected and analyzed 39,664 PDF files published on the websites of 75 security agencies from 47 countries. INRIA researchers Supriya Adhatarao and Cédric Lauradoux said they were able to recover sensitive data from 76% of the files they analyzed. The Record
ASPI ICPC
Weibo diplomacy is an impossible problem for China
Quartz
@Jane_Li911 @BelleTimsit
But while the platforms give foreign diplomats the ability to speak more freely, most still choose not to say anything “outside the CCP [Chinese Communist Party]’s frame of acceptable public discourse,” according to a 2018 report written by Australian Strategic Policy Institute (ASPI) analyst Fergus Ryan. When they do speak out, it’s created a headache for censors, who want to prevent engagement with critical content, but are wary of deleting the posts outright and creating a backlash. “I think it is an increasingly difficult balance that platforms are trying to maintain,” Daria Impiombato, a researcher at the International Cyber Policy Centre at ASPI, told Quartz. “Not necessarily due to changes in the censorship regime, but mainly because these embassies have significantly increased the amount of sensitive posts they share on Chinese social media.”
Read ASPI ICPC's 'Weibo diplomacy and censorship in China' report here.
Media goes on trial in China as Beijing escalates attacks on journalists
The Sydney Morning Herald
@erykbagshaw
China has unleashed a torrent of videos, photos and articles accusing foreign journalists of fabricating grey skies, media companies of being proxies for foreign intelligence services, and manufacturing suppression in Xinjiang, where up to 1 million Uighurs have been detained. “There’s clear temporal and narrative alignment across diplomatic and state media messaging as well as among pro-CCP [Chinese Communist Party] influencers and patriotic Twitter accounts,” said Australian Strategic Policy Institute researchers Albert Zhang and Jacob Wallis, who have reported a sharp rise in Chinese online attacks on the BBC since the start of this year. “From which we can infer a level of coordination and a willingness to target international audiences.”
Read ASPI ICPC's 'Trigger warning: The CCP’s coordinated information effort to discredit the BBC' report here.
World
As firms race to patch Microsoft Exchange flaws, security pros brace for ransomware outbreak
CyberScoop
@shanvav
Security professionals are urging vulnerable organizations to protect themselves against a cavalcade of nation-state and criminal hacking groups reportedly working to exploit Microsoft Exchange Server flaws that were announced earlier this month.
Ransom-seeking hackers are taking advantage of Microsoft flaw -expert
Reuters
@razhael
Ransom-seeking hackers have begun taking advantage of a recently disclosed flaw in Microsoft’s widely used mail server software, a researcher said late Wednesday - a serious escalation that could portend widespread digital disruption.
Hackers Rushed in as Microsoft Raced to Avert Cyber-Attack
Bloomberg
@KartikayM @asebenius
Microsoft is now investigating the possibility of a leak that may have triggered these mass Exchange compromises ahead of its patch release, according to two sources with knowledge of the company’s response to the attack.
See ASPI ICPC’s downloadable ‘UN cyber norms’ resources here.
Australia
Hackers say they've gained access to surveillance cameras in Australian childcare centres, schools and aged care
ABC News
@JamesPurtill
A group of hackers claims to have breached a popular surveillance company and gained access to live feeds from thousands of cameras around the world, including Australian childcare centres, schools and aged care residential facilities.
Federal agencies seek more powers
The Saturday Paper
@KarenMMiddleton
People who use social media platforms that others may use for crime, such as WhatsApp, Twitter, Instagram or Facebook, could be deemed part of a criminal network and have their bank, email and other online accounts disrupted or seized under sweeping proposed police powers. The new legislation creates three new kinds of warrants that would give the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) sweeping disruption and surveillance powers.
Adani Wants To Make Doxxing Illegal Using The Online Safety Act
Gizmodo
@cameronwilson
In response to the initial exposure draft of the Online Safety Act, the Department of Communications called for people’s responses to the proposed bill. Among the civil groups concerned about how it affects citizen’s digital rights, and sex workers who believe it threatens their work, was a letter from Adani Australia’s CEO Lucas Dow.
Flaws in new online safety laws
The Saturday Paper
@Lizzie_OShea @nomadiclucie
So far the bill sounds uncomplicated, noble and necessary. Indeed, protecting children and ensuring they can safely engage online is imperative... But what might be appropriate for protecting children can have very different effects when it comes to the rights of adults online. The rhetoric about safety too easily masks the dangers of wide-ranging powers without accountability.
China
Jack Ma Crackdown Casts a Chill on China’s Tech Entrepreneurs
Bloomberg
@pelstrom @cocojournalist
Now, President Xi Jinping is making ambitious plans to pull ahead of rivals by turning his country into a digital powerhouse. But Xi’s drive toward tech dominance is being threatened by an unexpected speed bump: China’s forceful crackdown on Jack Ma’s business empire. The abrupt fall from grace of the Alibaba Group Holding Ltd. co-founder has cast a chill over parts of China’s technology sector, according to local entrepreneurs and venture capitalists, even as Xi prepares to pour trillions of dollars into making the country self-sufficient in everything from semiconductors to software.
Tencent Faces Broad China Clampdown on Fintech, Deals
Bloomberg
@cocojournalist @luluyilun
Asia’s largest conglomerate was censured by China’s antitrust watchdog on Friday as Beijing expands a crackdown that began with Jack Ma’s online empire.
China market regulator fines 12 firms for violating anti-monopoly law
Reuters
China’s market regulator said on Friday it had fined 12 companies related to 10 deals that violated anti-monopoly rules. The companies included Baidu Inc, Tencent Holdings, Didi Chuxing, SoftBank and a ByteDance-backed firm, the State Administration for Market Regulation (SAMR) said in a statement on Friday.
We analyzed what Chinese Big Tech wants from Beijing
Protocol
@shenlulushen
Chinese elites are currently gathering in Beijing for the country's biggest annual political meeting, the National People's Congress and the Chinese People's Political Consultative Conference, known colloquially as the Two Sessions. Among the participants: CEOs from Chinese Big Tech.
The disinformation tactics used by China
BBC News
@krassitwigg @kerrya11en
The Chinese embassy in London has criticised the BBC following a documentary about Chinese disinformation campaigns.
USA
Five Chinese companies pose threat to U.S. national security: FCC
Reuters
@davidshepardson
The Federal Communications Commission (FCC) on Friday designated five Chinese companies as posing a threat to national security under a 2019 law aimed at protecting U.S. communications networks. The FCC said the companies included Huawei Technologies Co, ZTE Corp, Hytera Communications Corp, Hangzhou Hikvision Digital Technology Co and Dahua Technology Co.
China Chip Industry Group Says Working With U.S. Counterpart
Bloomberg
@Colum_M @GaoYuan86 @LucilleLiu @BrodyFord_
A Chinese semiconductor industry group said it has agreed to work with its U.S. counterpart on chip-related issues, a rare example of bilateral cooperation in an area that has become a focal point of tensions between Washington and Beijing.
To maintain tech supremacy the US must avoid ‘military-civil fusion’
Financial Times
@johnthornhillft
During the cold war it was said that the US had a military-industrial complex, while the Soviet Union was one. The question today is how far the US must develop a military-technological complex, just as China is turning into one. This month, the US National Security Commission on Artificial Intelligence published a 752-page report highlighting the seriousness of China’s strategic threat and US unpreparedness. “Within the next decade, China could surpass the United States as the world’s AI superpower,” it concludes.
The US Is Building Walls Around Science, and We’re All Poorer for It
VICE
@yangyang_cheng
To rank nations by technological prowess is to accept artificial boundaries, to assign knowledge with a passport, to assume progress moves in a single direction—that of capital accumulation—and growth is always benign. The narrative of great power competition in the sciences has obscured urgent issues of ethics.
Biden administration adds new limits on Huawei's suppliers
Reuters
@karen_freifeld
The Biden administration this week amended licenses for companies to sell to China’s Huawei Technologies Co Ltd , further restricting companies from supplying items that can be used with 5G devices.
Are Telegram and Signal Havens for Right-Wing Extremists?
Foreign Policy
@SteveJFeldstein @sarahjoygordon_
Since the violent storming of Capitol Hill and subsequent ban of former U.S. President Donald Trump from Facebook and Twitter, the removal of Parler from Amazon’s servers, and the de-platforming of incendiary right-wing content, messaging services Telegram and Signal have seen a deluge of new users.
Southeast Asia
Facial Recognition System Threatens Rights
Human Rights Watch
On December 14, 2020, Myanmar authorities rolled out the first phase of its “Safe City” initiative and started using a system of 335 surveillance cameras in eight townships in the capital, Naypyidaw. The cameras, from the technology company Huawei, come installed with artificial intelligence technology that automatically scans faces and vehicle license plates in public places and alerts authorities to those on a wanted list.
South and Central Asia
India's New Internet Rules Are a Step Toward 'Digital Authoritarianism,' Activists Say. Here's What They Will Mean
TIME
@billyperrigo
The Indian government must suspend sweeping new Internet regulations, 10 international NGOs said in an open letter Thursday. The new rules, brought in by executive order in late February, give the Indian government an arsenal of muscular new powers that will force tech companies and news outlets to comply with government surveillance and censorship demands.
UK
Britain must boost cyber-attack capacity, PM Johnson says
Reuters
Britain needs to boost its capacity to conduct cyber attacks on foreign enemies, Prime Minister Boris Johnson said before the publication of a national security review next week.
International Policy Review Puts Cyber at the centre of the UK’s Security
UK Government
This week’s Integrated Review will commit to a new, full spectrum approach to the UK’s cyber capability – keeping our people safe, staying ahead of our enemies and improving the lives of the British people.
Europe
Security agencies leak sensitive data by failing to sanitize PDF files
The Record
@campuscodi
In a research paper published this month, the French National Institute for Research in Computer Science and Automation (INRIA) said it collected and analyzed 39,664 PDF files published on the websites of 75 security agencies from 47 countries. INRIA researchers Supriya Adhatarao and Cédric Lauradoux said they were able to recover sensitive data from 76% of the files they analyzed.
EU deal cements China’s advantage in media war
Politico
@stuartklau @HankeVela
Despite growing concerns about Chinese disinformation and propaganda in Europe, the EU's trade deal with Beijing makes no attempt to rectify the stark differences in access rights between European and Chinese investors when it comes to media and news operations.
Gender and Women in Cyber
Online harassment of female journalists is real, and it’s increasingly hard to endure
The Washington Post
@sulliview
Misogyny, often racist misogyny, is at the heart of the more recent attacks on journalists, too. And it’s happening all over the world.
Misc
Gab: hack gives unprecedented look into platform used by far right
The Guardian
@jason_a_w
A data breach at the fringe social media site Gab has for the first time offered a picture of the user base and inner workings of a platform that has been opaque about its operation.
Massive Facebook study on users' doubt in vaccines finds a small group appears to play a big role in pushing the skepticism
The Washington Post
@lizzadwoskin
Facebook is conducting a vast behind-the-scenes study of doubts expressed by U.S. users about vaccines, a major project that attempts to probe and teach software to identify the medical attitudes of millions of Americans.
Facebook’s Moderators Took Down the Tech Giant’s Own Pro-Equality Ads
The Daily Beast
@blakersdozen
Just weeks after Facebook purged its own Black History Month ads by mistake, Women’s History Month ads are also being flagged and deleted.
Facebook Created An Employee “Playbook” To Respond To Accusations Of Polarization
BuzzFeed
@RMac18 @CraigSilverman
In a Thursday presentation, Facebook executives told employees the company isn’t to blame for social division in the country. One researcher said some polarization can be a good thing, citing the civil rights movement.
Google might ask questions about AI ethics, but it doesn't want answers
The Guardian
@jjn1
The departure of two members of the tech firm’s ethical artificial intelligence team exposes the conflict at the heart of its business model.
Research
Accelerating 5G in the United States
CSIS
The goal for a 5G strategy is to ensure that the United States can maximize economic returns while minimizing national security risk. This report emphasizes market-driven decisions rather than a Washington-centric approach. None of the major networks America has built—canals, railroads, telecommunications, or the internet—was based on a federal strategy. Instead, they were the product of commercial imperatives and market forces.
Ground Safe
The Oxen Privacy Tech Foundation
The Ground Safe report, produced by the OPTF in collaboration with key partners, presents the current state of digital security threats facing HRDs — and the knowledge and skills needed to counter them. Based on this analysis, the report makes recommendations for improving digital security knowledge and practice on the ground.
Events
ASPI Webinar: Are you ready for the new critical infrastructure law?
ASPI ICPC
With amendments to the Critical Infrastructure Act currently before parliament, impacted industry sectors are racing to get ready. ASPI's International Cyber Policy Centre is delighted to invite you to a panel discussion on 18 March at 4pm where representatives from Home Affairs, the cybersecurity sector and industry will discuss the impact of the changes and answer your questions. Register here.
Jobs
Adviser on new digitial technologies of warfare
International Red Cross and Red Crescent Movement
Acting as an in-house reference, the Adviser provides scientific and policy expertise to support the ICRC’s effects-based approach to weapons and IHL.