Google, YouTube to prohibit ads and monetization on climate denial content | Microsoft: Russia behind 58% of detected state-backed hacks | Togo: Prominent activist targeted with Indian-made spyware
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Google and YouTube on Thursday announced a new policy that prohibits climate deniers from being able to monetize their content on its platforms via ads or creator payments. Axios
Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said. AP News
Amnesty International reveals how fake Android applications and spyware-loaded emails tied to the notorious Donot Team hacker group were used to target a prominent Togolese human rights defender in an attempt to put them under unlawful surveillance. The discovery is the first time Donot Team spyware was found in attacks outside of South Asia. The investigation also discovered links between the spyware and infrastructure used in these attacks, and Innefu Labs, a cybersecurity company based in India. Amnesty International
World
Google, YouTube to prohibit ads and monetization on climate denial content
Axios
@sarafischer
Google and YouTube on Thursday announced a new policy that prohibits climate deniers from being able to monetize their content on its platforms via ads or creator payments.
TikTok's algorithm leads users from transphobic videos to far-right rabbit holes
Media Matters for America
@olivialittle @abbieasr
TikTok’s “For You” page (FYP) recommendation algorithm appears to be leading users down far-right rabbit holes. By analyzing and coding over 400 recommended videos after interacting solely with transphobic content, Media Matters traced how TikTok’s recommendation algorithm quickly began populating our research account’s FYP with hateful and far-right content.
Facebook is nearing a reputational point of no return
The Economist
Disaster struck the world’s biggest social network on October 4th when Facebook and its sister apps were knocked offline for six hours. It was one of the less embarrassing moments of the company’s week. The next day a whistleblower, Frances Haugen, told Congress of all manner of wickedness at the firm, from promoting eating disorders to endangering democracy. Some wondered whether the world would be a better place if the outage were permanent.
Facebook Will Not Fix Itself
Time
@Moonalice
Five years ago, I embarked on a mission to help Facebook change its culture, business model and algorithms. I had been involved with the company in its early days as an adviser and investor. Since then, I and countless others have pressed Facebook founder Mark Zuckerberg and chief operating officer Sheryl Sandberg to reform Facebook. I communicated with them privately. I spoke out in public. I wrote for TIME in 2019, urging Facebook and Silicon Valley to adopt human-driven technology over addictive, dangerous algorithms. Nothing happened.Facebook's own data is not as conclusive as you think about teens and mental health
NPR
@anya1anya
Researchers have worked for decades to tease out the relationship between teen media use and mental health. Although there is debate, they tend to agree that the evidence we've seen so far is complex, contradictory and ultimately inconclusive. That is equally true of Facebook's internal marketing data, leaked by Haugen, as it is of the validated studies on the topic.
Australia
‘Coward’s palace’: PM slams social media giants and anonymous trolls
The Sydney Morning Herald
@LisaVisentin
Mr Morrison has slammed the “lack of accountability” by the tech giants in enabling hate speech, saying the government would be “leaning further into this issue”.
Scott Morrison backs Barnaby Joyce on social media crackdown as defamation changes mooted
The Guardian
@Paul_Karp
Australia’s prime minister flags tougher regulations to force companies to identify ‘cowards’ who anonymously vilify or harass others on their platforms.
Government should better explain need for expanded police powers
The Strategist
@dr_westendorf
When the Australian parliament passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 (SLAID) in August, research institutes and news media voiced concerns about an erosion of civil liberties—for just a few days.
Aukus pact to deepen Australia, US collaboration on space technology
The Guardian
@ToryShepherd
The Aukus agreement will boost collaboration between the United States and Australia in space, Australian space agency chief Enrico Palermo says.
China
US electronics firm struck deal to transport and hire Uyghur workers
Reuters
@catecadell
U.S. remote-control maker Universal Electronics Inc (UEIC.O) told Reuters it struck a deal with authorities in Xinjiang to transport hundreds of Uyghur workers to its plant in the southern Chinese city of Qinzhou, the first confirmed instance of an American company participating in a transfer program described by some rights groups as forced labor.
USA
Navy secretary’s new strategic guidance focuses on deterring China from invading Taiwan
Defense News
@aeday22
The Navy secretary will release a strategic guidance document this week outlining how the U.S. Navy and U.S. Marine Corps will maintain maritime dominance globally, strengthen strategic partnerships and empower people to succeed against China..“Artificial intelligence. Cybersecurity. Unmanned platforms. Directed energy. Hypersonic weapons. Distributed power. These are the frontiers that will define your advantage against the People’s Republic of China, and it’s crucial that we field them expeditiously,” he said to the midshipmen.
CIA creates new ‘mission center’ to counter China
The Washington Post
@shaneharris
CIA Director William Burns called the country “the most important geopolitical threat we face in the 21st century.”
Justice Department to Fine Contractors for Not Reporting Cyber Incidents
The Wall Street Journal
@JimRundle @knash99
The Justice Department will impose large fines on federal contractors that fail to meet what its second in command said are “required cybersecurity standards,” including the disclosure of cybersecurity breaches.
Ransomware hackers find vulnerable target in US grain supply
NBC News
@kevincollier
The attacks have slowed the distributors’ operations by hampering their ability to quickly process grain as it comes in.
Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes
Reuters
@josephmenn @Bing_Chris
The suspected Russian hackers who used SolarWinds and Microsoft software to burrow into U.S. federal agencies emerged with information about counter-intelligence investigations, policy on sanctioning Russian individuals and the country’s response to COVID-19, people involved in the investigation told Reuters.
New cybersecurity regulations released by TSA for trains and planes
ZDNet
@greigj
Emergency cybersecurity regulations for pipeline operators issued this summer were also released publicly this week.
U.S. prosecution of alleged WikiLeaks 'Vault 7' source hits multiple roadblocks
Yahoo! News
@zachsdorfman
The prosecution of the former CIA operative accused of providing WikiLeaks with the biggest theft of agency documents in U.S. history continues to be mired in delays and legal issues, drawing out a painful chapter for the agency.
Tesla faces investor test after big jury award over racism
Reuters
@Hyunjoo Jin @Ross Kerber @Rick Linsk
A contract worker has won a $137 million jury award over workplace racism against Tesla Inc (TSLA.O), raising pressure on the electric vehicle maker whose shareholders will vote on Thursday on a proposal to review how it addresses similar complaints for full-time employees.
U.S. Justice Dept launches new initiatives on cryptocurrencies, contractor hacks
Reuters
@Bing_Chris @SarahNLynch
U.S. Deputy Attorney General Lisa Monaco on Wednesday unveiled two new Justice Department enforcement initiatives aimed at targeting cryptocurrencies and government contractors who fail to report cyber breaches.
Anyone Seen Tether’s Billions?
Bloomberg
@ZekeFaux
A wild search for the U.S. dollars supposedly backing the stablecoin at the center of the global cryptocurrency trade—and in the crosshairs of U.S. regulators and prosecutors.
Zuckerberg’s Early Notes on Privacy Now Haunt Facebook in Suit
Bloomberg
Peter Blumberg
If Mark Zuckerberg’s “juvenile jottings” on privacy from 15 years ago still exist, they’re about to be pored over by lawyers.
North-East Asia
TSMC won't share sensitive client data with the U.S.
Protocol
@Zeyi Yang
Taiwan Semiconductor Manufacturing Company, the largest chipmaker in the world, said it is reviewing a U.S. request for global chip companies to voluntarily disclose their supply chain information.
U.S. and Japan dominate patents for chip material favored by Tesla
Nikkei Asia
Hideaki Ryugen
The U.S. and Japan are home to the five top-ranked companies in patents for silicon carbide, a next-generation semiconductor material that can extend the range of electric vehicles.
Europe
Dutch watchdog finds Apple app store payment rules anti-competitive - sources
Reuters
@FooYunChee @lbsterling @StephenNellis
The Dutch antitrust authority has found that Apple’s rules requiring software developers to use its in-app payment system are anti-competitive and ordered it to make changes, four people familiar with the matter said, in the latest regulatory setback for the iPhone maker.
Google rivals want EU lawmakers to act via new tech rules
Reuters
@FooYunChee
DuckDuckGo and three other search engine rivals to Google on Thursday urged EU lawmakers to take action against the Alphabet unit via new tech rules, saying they have yet to see positive results from an antitrust ruling against Google.
Ireland Signs On to Global Deal Seeking to Curb Tax Avoidance
The Wall Street Journal
@PaulHannon29 @RichardRubinDC
A global agreement to set a minimum 15% corporate tax rate cleared its last major hurdle Thursday after Ireland, a low-tax country that is the European headquarters for some of the largest U.S. tech companies, said it would join the overhaul effort.
Netherlands can use intelligence or armed forces to respond to ransomware attacks
The Record
@campuscodi
The Dutch government said it would use its intelligence or military services to counter cyber-attacks, including ransomware attacks, that threaten its national security.
Russia
Microsoft: Russia behind 58% of detected state-backed hacks
AP News
@fbajak
Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said.
Russian cyberattacks pose greater risk to governments and other insights from our annual report - Microsoft On the Issues
Microsoft On the Issues
During the past year, 58% of all cyberattacks observed by Microsoft from nation-states have come from Russia. And attacks from Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate last year to a 32% rate this year.
Russian hackers behind SolarWinds hack are trying to infiltrate US and European government networks
CNN
@snlyngaas
The Russian hackers behind a successful 2020 breach of US federal agencies have in recent months tried to infiltrate US and European government networks, cybersecurity analysts tracking the group told CNN.
Google Blocked Russian Government Phishing Emails Targeting 14,000 Users
Vice News
@lorenzofb
The company said it blocked an unusually high number of phishing emails from the hacking group known as APT28 or Fancy Bear.
The Lawfare Podcast: Russia Cracks Down on Social Media
Lawfare
In the last few weeks, the Russian government has been turning up the heat on tech platforms in an escalation of its long-standing efforts to bring the internet under its control. First, Russia forced Apple and Google to remove an app from their app stores that would have helped voters select non-Kremlin-backed candidates in the country’s recent parliamentary elections. Then, the government threatened to block YouTube within Russia if the platform refused to reinstate two German-language channels run by the state-backed outlet RT. And after we recorded this podcast, the Russian government announced that it would fine Facebook for not being quick enough in removing content that Russia identified as illegal.
Middle East
Iran’s Armed-Drone Prowess Reshapes Security in Middle East
The Wall Street Journal
@benoitfaucon @DionNissenbaum
Tehran’s rapidly developing ability to build and deploy drones, some of which mimic designs used in the U.S. and Israeli militaries, is changing the security equation in a region already on edge.
Manager of fund that owns Israeli spyware firm not yet given access to sensitive info
The Guardian
@skirchy
US-based Berkeley Research Group, which took on oversight of fund that has majority stake in NSO, has not had clearance from Israel.
Africa
Togo: Prominent activist targeted with Indian-made spyware linked to notorious hacker group
Amnesty International
Amnesty International reveals how fake Android applications and spyware-loaded emails tied to the notorious Donot Team hacker group were used to target a prominent Togolese human rights defender in an attempt to put them under unlawful surveillance. The discovery is the first time Donot Team spyware was found in attacks outside of South Asia. The investigation also discovered links between the spyware and infrastructure used in these attacks, and Innefu Labs, a cybersecurity company based in India.
Misc
Twitch hack reveals multi-million-dollar sums top streamers earn from playing computer games
ABC News
@JamesPurtill
The top earner on game-streaming platform Twitch made $US9.6 million from August 2019 to October 2021, according to leaked data obtained in a massive hack.
Updates on the Twitch Security Incident
Twitch
We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.
Stablecoins to face same safeguards as traditional payments
Reuters
Huw Jones
Stablecoins would have to comply with the same safeguards as their more traditional competitors in payments under proposals from regulators on Wednesday as authorities get to grips with a rapidly evolving sector.
After 20 years of drone strikes, it’s time to admit they’ve failed
MIT Technology Review
@Emran_Feroz
The very first drone attack missed its target, and two decades on civilians are still being killed. Why can't we accept that the technology doesn't work?
Botnet abuses TP-Link routers for years in SMS messaging-as-a-service scheme
The Record
@campuscodi
Since at least 2016, a threat actor has hijacked TP-Link routers as part of a botnet that abused a built-in SMS capability to run an underground Messaging-as-a-Service operation.
It’s Time to Stop Paying for a VPN
The New York Times
@bxchen
Many virtual private network services that were meant to protect your web browsing can no longer be trusted. Here are other ways.
Facebook Banned Me for Life Because I Help People Use It Less
Slate
@louisbarclay
If someone built a tool that made Facebook less addictive—a tool that allowed users to benefit from Facebook’s positive features while limiting their exposure to its negative ones—how would Facebook respond?
Facebook Renews Its Ambitions to Connect the World
WIRED
@LaurenGoode
The social media behemoth outlines plans to bring speedy internet access to hard-to-reach places.
Facebook Connectivity unveils robot that can speed fiber deployment
VentureBeat
@deantak
Facebook Connectivity showed off new technologies designed to help bring the next billion people online to a faster internet. The tech includes a robot called Bombyx that can rapidly install fiber-optic cable over telephone wires in a fraction of the time it usually takes.
Events
Research
China’s Data Strategy: Creating a state-led market
ISS
@Camille Boullenois
In 2019 and 2020, the European Union (1), the United Kingdom (2) and the United States (3)issued strategy papers on data governance acknowledging the importance of data to their economic development and national security. With different emphases, four competing objectives dominate these data strategies: innovation (using data to create new business models and boost economic growth); security (ensuring that sensitive data is not used by a hostile foreign power); privacy (protecting citizens from abusive use of personal data); and surveillance (using data to monitor and control citizens’ and companies’ behaviour).
Jobs
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.