Foreign actors spreading QAnon disinformation | Europe considers banning AI for mass surveillance and social scores | Russian hackers targeting Ukrainian government
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Foreign-based actors, principally in China and Russia, are spreading online disinformation rooted in QAnon conspiracy theories, fueling a movement that has become a mounting domestic terrorism threat, according to new analysis of online propaganda by a security firm. Yahoo News
Using artificial intelligence software for mass surveillance and ranking social behavior could soon be outlawed in Europe, according to draft legislation that has been shared online. CNBC
Russian hackers have a long history of going after organizations in Ukraine, but one group especially has tunnel vision for the former Soviet republic. And recently, it looks like those hackers returned with a new campaign targeting Ukrainian government officials, threat researchers say. CyberScoop
Australia
Australia’s Huawei ban ‘vindicated’ by Dutch spying reports: MPs
The Sydney Morning Herald
@latikambourke @MORGANMEAKER
Australian and British MPs who pressured Boris Johnson’s government to ban Huawei from the UK’s 5G network say they have been fully vindicated following reports the Chinese vendor was able to eavesdrop on conversations taking place on a Dutch telephone network.
China
How China is Leveraging Foreign Technology to Dominate the South China Sea
Radio Free Asia
@zacharyhaver
Cutting edge technology from the United States and other foreign countries is helping China assert its sweeping maritime and territorial claims in the contested South China Sea, a Radio Free Asia investigation has found. Chinese government procurement contracts reveal that Sansha City — which administers China’s outposts in the Paracel and Spratly islands — has acquired or plans to acquire hardware, equipment, software, and materials from at least 25 different companies based in the U.S. and other countries.
How China’s cybercrime underground is making money off big data
Intel 471
Through Intel 471’s observation and analysis of open source information and behavior on multiple closed forums, we found actors adopting the use of legitimate big data technology for cybercrime and monetizing the data they obtain on the Chinese-language underground.
When Clean Energy Is Powered by Dirty Labor
Foreign Policy
@elisabethbraw
Most solar panels come from China, and using them to fuel a clean energy transition risks reliance on Uyghur slave labor in Xinjiang.
This Company Monitors Prisoners In Xinjiang. It Won An “Innovation” Award At An Event Sponsored By Amazon.
BuzzFeed News
@meghara @alisonkilling
Renwei Electronics, helps authorities in China track prisoners and detainees — alerting guards to their movements and even fitting them with heart rate monitors. Renwei deploys its “smart prison” system in China’s Xinjiang region, where more than 1 million Muslim minorities have been locked up.
China is intensifying the third phase of its genocide denial
The Washington Post
@hiattf
At first... China’s Communist rulers denied that anything at all was taking place. Then, when satellite photos and survivor testimony became too overwhelming, the regime admitted that, yes, there are camps. But not concentration camps! Those are … vocational schools! Pay no attention to the barbed wire and guard towers. Now, even as it maintains its increasingly threadbare lies, the regime is intensifying the third phase of genocide denial: attacking the truth-tellers.
USA
Report: China, Russia fueling QAnon conspiracy theories
Yahoo News
Foreign-based actors, principally in China and Russia, are spreading online disinformation rooted in QAnon conspiracy theories, fueling a movement that has become a mounting domestic terrorism threat, according to new analysis of online propaganda by a security firm.
Why Spy Agencies Say the Future Is Bleak
The New York Times
Climate change, technology, disease and financial crises will pose big challenges for the world, an intelligence report concludes.
The Cybersecurity 202: Cybersecurity experts say elevating and supporting Black professionals is key to workforce shortage
The Washington Post
@TonyaJoRiley
The United States is facing a critical shortage of cybersecurity professionals, one that government watchdogs and experts say is only expected to grow in the coming years.
U.S. banks deploy AI to monitor customers, workers amid tech backlash
Reuters
@peard33 @JLDastin
Several U.S. banks have started deploying camera software that can analyze customer preferences, monitor workers and spot people sleeping near ATMs, even as they remain wary about possible backlash over increased surveillance.
Aiming for truth, fairness, and equity in your company’s use of AI
Federal Trade Commission
Advances in artificial intelligence (AI) technology promise to revolutionize our approach to medicine, finance, business operations, media, and more. But research has highlighted how apparently “neutral” technology can produce troubling outcomes – including discrimination by race or other legally protected classes. For example, COVID-19 prediction models can help health systems combat the virus through efficient allocation of ICU beds, ventilators, and other resources..The question, then, is how can we harness the benefits of AI without inadvertently introducing bias or other unfair outcomes? Fortunately, while the sophisticated technology may be new, the FTC’s attention to automated decision making is not.
There’s a Big Gap in Our Cyber Defenses. Here’s How to Close It.
Politico
Foreign adversaries who use U.S. servers are hiding in plain sight, but we can unveil them without violating the Constitution.
Geico data breach opens door to unemployment scams
CyberScoop
@snlyngaas
Over the course of six weeks earlier this year, fraudsters repeatedly stole driver’s license numbers from a database maintained by Geico. Now, the motor vehicle insurer is warning customers that the scammers could apply for unemployment benefits using the pilfered data.
North Asia
The Incredible Rise of North Korea’s Hacking Army
The New Yorker
@edcaesar
The North Korean government has produced some of the world’s most proficient hackers. At first glance, the situation is perverse, even comical—like Jamaica winning an Olympic gold in bobsledding—but the cyber threat from North Korea is real and growing.
UK
MI5 warns of spy threat from professional networking sites
Financial Times
@helenwarrell
In a campaign being launched this week, UK security agencies will warn 450,000 civil servants and partners in industry and academia that Britain’s adversaries are creating fake online accounts to ensnare people who are privy to classified information. Posing as recruiters, foreign spies lure their targets to meetings in person where they may be subjected to bribery or blackmail in order to obtain intelligence.
New powers to kick out spies from hostile states as concerns mount over Russia and China
The Times
@Steven_Swinford @EleniCourea
Foreign spies operating in Britain face being prosecuted and deported under new laws to protect the nation from hostile states such as China and Russia. The government will also update the “archaic” Official Secrets Act so it can be used against individuals who try to undermine Britain’s interests from abroad, including cyberhackers working on behalf of hostile states.
Proposed acquisition of ARM Limited by NVIDIA Corporation: public interest intervention
UK Government
On 13 September 2020, NVIDIA Corporation (NVIDIA) and SoftBank Group (SoftBank) announced an agreement under which NVIDIA will acquire ARM Limited (ARM) from SoftBank in a transaction valued at approximately $40 billion... On 19 April 2021, the Secretary of State issued a public interest intervention notice (PIIN), confirming that he is intervening in the sale on national security grounds.
Europe
EU to consider ban on using A.I. for mass surveillance and social credit scores
CNBC
@SAM_L_SHEAD
Using artificial intelligence software for mass surveillance and ranking social behavior could soon be outlawed in Europe, according to draft legislation that has been shared online.
EU tipped to court India in 5G security standards effort
Mobile World Live
@yanitsavb
European Commission (EC) EVP Margrethe Vestager (pictured) reportedly unveiled intentions to collaborate with India on creating global standards for security and transparency in 5G rollouts.. The Commissioner reportedly highlighted the EU’s desire to collaborate with democratic partners on establishing open standards for 5G rollouts and protect networks in the light of “a systematic rivalry”, supposedly hinting at heightened concerns around Chinese vendors.
Russia
Gamaredon' hackers target Ukrainian officials amid rising Russian tensions
CyberScoop
@timstarks
Russian hackers have a long history of going after organizations in Ukraine, but one group especially has tunnel vision for the former Soviet republic. And recently, it looks like those hackers returned with a new campaign targeting Ukrainian government officials, threat researchers say.
Americas
Toronto swaps Google-backed, not-so-smart city plans for people-centred vision
The Guardian
@LeylandCecco
Canada’s largest city is moving towards a new vision of the future, in which affordability, sustainability and environmentally friendly design are prioritized over the trappings of new and often untested technologies. In announcing its new vision this week for Quayside, Toronto has backed away from many of the previous plan’s most futuristic promises, a move experts say reflects growing skepticism over technology’s role in urban planning decisions.
Foreign interference in Canada hitting Cold War levels thanks to COVID-19, says spy agency
Reuters
@reutersLjungg
Foreign spying and interference in Canada last year hit levels not seen since the Cold War, in part because of vulnerabilities caused by the COVID-19 pandemic, the main Canadian spy agency said on Monday, The Canadian Security Intelligence Service (CSIS) singled out Russia and China as particular causes for concern and said key national security threats such as violent extremism, foreign interference, espionage and malicious cyber activity grew in 2020 and "in many ways became much more serious for Canadians."
Africa
How Twitter activism turned the fight against Boko Haram upside down
The Washington Post
@JoeWSJ @drewhinshaw
The hashtag #BringBackOurGirls had a profound effect. Just not the intended one.
Misc
GREAT POWER CYBER PARTY
War on the Rocks
Will we remember early 2021 as a key escalatory moment in offensive cyber operations? Three top experts join us to unpack the implications of two major recent cyber operations — the SolarWinds hack attributed to Russia and the Microsoft Exchange hack by China.
No surprise: Spying from space is a good thing
The Interpreter
@B_R_Early
No one likes being watched, but there is one important benefit of satellite reconnaissance that has yet to be widely appreciated, even as we often fail to note the reconnaissance itself. Spying from space makes it harder to engage in surprise military attacks and thus for most nations to invade other countries successfully. Because of this, the rise of space reconnaissance appears to have contributed to increased international stability and peace.
WhatsApp Spying Site Blames WhatsApp for Letting It Spy
VICE
@josephfcox
The administrator of a website that let anyone enter the phone numbers of two or more WhatsApp users, and see in an easy to understand visualization when each person was using the app, potentially indicating who was talking to who, has blamed WhatsApp for allowing such a capability to exist.
Apple will let Parler back on the App Store
CNN
@b_fung
Apple has approved Parler's return to the iOS app store following improvements the social media company made to better detect and moderate hate speech and incitement.
Vulnerability Spotlight: Remote code execution vulnerabilities in Cosori smart air fryer
Cisco Talos Intelligence Group
Cisco Talos recently discovered two code execution vulnerabilities in the Cosori smart air fryer.
Research
“Break Their Lineage, Break Their Roots”
Human Rights Watch
Given the gravity of the abuses against Turkic Muslims, there is a pressing need for concerned governments to take strong, coordinated action to advance accountability. One approach would be for a United Nations commission of inquiry (COI) to be established to investigate alleged violations in Xinjiang. The COI should have a mandate to establish the facts, identify the perpetrators, and make recommendations to provide accountability. The COI should be comprised of eminent persons, including experts in international human rights law, crimes against humanity, the rights of ethnic and religious minorities, and gender issues. This COI could be established through a resolution adopted by the UN Human Rights Council, though the UN General Assembly, the UN Security Council, and the UN secretary-general are also empowered to take such an action.
Events
Let’s talk to Sen. Ed Markey about fixing the internet
The Verge
In a new Verge Live event on May 12th, we’ll dive into the net neutrality fight and the broader progressive effort to upgrade America’s internet. With so much of Washington focused on infrastructure, there’s never been a better time to take stock of the broadband gap and the various ways the government can make sure America stays online.
Jobs
ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. Candidates must have the ability to synthesis complex cyber and technology developments and explain these developments to media and key stakeholders in plain language. The ability to engage with and brief seniors across parliaments, governments, civil society and the business community.
International Cyber Policy Centre – Program Coordinator
ASPI ICPC
The Coordinator’s primary focus will be the organisation and execution of ICPC’s sponsorship program. The Program Coordinator will work closely with internal and external stakeholders to maintain and develop these relationships. The coordinator will also support the Director and the Deputy Director with the coordination and delivery of ICPC's global research program. This will be a busy, fast-paced and varied role that would suit a highly organised and energetic individual who thinks and acts strategically.
Visiting Senior Fellow, Digital Anthropology & Messaging Platform Analysis, Digital Forensic Research Lab
Atlantic Council
This contract position will lead a research project on encrypted peer-to-peer (P2P) and centralized messaging platforms in the United States. The one-year project aims to produce the most comprehensive body of research on encrypted messaging platform activity in the US to date, with particular focus on identifying future research questions.