Huawei to be stripped of role in UK's 5G network by 2027 | Spain is Customer of NSO Group | The Microsoft Police State: Mass Surveillance, Facial Recognition, and the Azure Cloud

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

• Huawei is to be stripped out of Britain’s 5G phone networks by 2027, a date that puts Boris Johnson on collision course with a group of Conservative rebels who want the Chinese company eliminated quicker and more comprehensively. The Guardian

• The Guardian and El Pais reported NSO Group's malware was used to target prominent politicians in Spain. Now a former employee says that Spain has been an NSO Group customer. Vice

• Microsoft is knee-deep in services for law enforcement, fostering an ecosystem of companies that provide police with software using Microsoft’s cloud and other platforms. The Intercept

ASPI ICPC

How to stay cyber-secure when working from home during Covid-19.
ASPI International Cyber Policy Centre
Cyber-security and cyber safety continue to be important as we shuttle between our offices and work from home arrangements. Hear from ASPI staff and a range of experts for tips on how to stay secure and safe during Covid-19.

Forward Slash podcast: Coronavirus vaccine the No 1 target for state-based hackers
The Australian
Australian Strategic Policy Institute senior analyst Tom Uren said COVID-19 had fast become the highest priority target for hackers. “It’s thrown a whole lot of priorities out the window, so all of a sudden COVID-19 is the most important thing out there,” he said. “Intelligence agencies are looking for answers that may help with COVID-19, and that may be vaccine research, drug research — and that kind of information can be fed into how you prepare to ­recover from COVID-19. “If there’s a particular drug that you need to manufacture, let’s start getting the supply chains in place for that. And if there’s a particular vaccine, perhaps start investing in a factory to make it. These are the kinds of things that are going on.”

Australia

Why the government cyber security strategy needs a shake-up
The Australian Financial Review
The Australian government will soon release its 2020 Cyber Security Strategy and while some may be hoping the release will unleash a new wave of energy across the market, I am pessimistic.

Cyber attacks: Australia the sixth most targeted country in world
9 News
Australia is one of the world's most hacked countries, according to recently released data. The data was compiled by the Centre for Strategic and International Studies and shows Australia coming in at equal sixth place, with 16 major cyber attacks in the period between May 2006 and June 2020.

Google detecting 18m malware and phishing messages per day related to Covid-19
The Guardian
The Covid-19 crisis has led to a significant increase in phishing attacks and scams as “bad actors” look to either frighten or motivate unsuspecting recipients of fake material, according to the search engine giant, Google. Google has used a submission to Australia’s Senate’s select committee on foreign interference through social media to highlight a pandemic-related spike in online activity as “bad actors use Covid-related themes to create urgency so that people respond to phishing attacks and scams”.

Cyber defences not up to scratch says Labor
The Australian
Labor has called on Scott Morrison to immediately boost the cap­acity of commonwealth agencies to withstand cyber attacks, saying the vast majority of organisations had failed to introduce basic measures to protect sensitive ­information.

Qld electoral roll 'at risk' after Labor govt outsources coding role to China
Sky News
The Palaszczuk Labor government is being accused of “recklessly causing a security risk by allowing Chinese-based coders to write critical software for the Electoral Commission of Queensland,” according to Sky News host Peta Credlin.

Should Australia press pause on facial recognition technology?
The New Daily
From Amazon to Google, Microsoft and IBM, the world’s biggest tech companies have pressed pause on facial recognition technology, and experts say Australia should follow suit. The calls follow revelations earlier this year that the Australian Federal Police trialled a controversial facial recognition tool by Clearview AI, despite having previously denied doing so.

Cyberattack could cost Australia $30b
Information Age
The digital economy has become so fundamental to Australia’s economy that widespread interruptions from a major cybersecurity incident could cost $30b and 163,000 jobs, modelling from a “critical and deliberate” analysis of Australia’s cybersecurity industry has concluded.

Cyber bullying content targeting children pulled from TikTok
The Sydney Morning Herald
TikTok has been forced to removed harmful content from its platform in Australia, with the eSafety Commissioner turning up the heat on the Chinese social media giant to take down cyber bullying material targeting children.

China

The TikTok War
Stratechery
Over the last week, as the idea of banning TikTok in the U.S. has shifted from a fringe idea to a seeming inevitability (thanks in no small part to India’s decision to do just that), those opposed to the idea and those in support seem to be talking past each other. The reasons for this disconnect go beyond the usual divisions in tech, culture, and national security: what makes TikTok so unique is that it is the culmination of two trends: one about humans and the Internet, and the other about China and ideology.

Hong Kong’s protest movement keeps getting stymied by Apple
Quartz
Hong Kong’s protesters have a tortured relationship with Apple. While the iPhone’s AirDrop function has helped protesters spread messages quickly in crowded situations, the US tech giant has also thrown obstacles in their way, most notably when it removed a real-time protest map app from its app store last year.

USA

The Microsoft Police State: Mass Surveillance, Facial Recognition, and the Azure Cloud
The Intercept
Nationwide protests against racist policing have brought new scrutiny onto big tech companies like Facebook, which is under boycott by advertisers over hate speech directed at people of color, and Amazon, called out for aiding police surveillance. But Microsoft, which has largely escaped criticism, is knee-deep in services for law enforcement, fostering an ecosystem of companies that provide police with software using Microsoft’s cloud and other platforms. The full story of these ties highlights how the tech sector is increasingly entangled in intimate, ongoing relationships with police departments.

North Asia

IssueMakersLab @issuemakerslab

The personal information of doctors, including license numbers and account information, was stolen from the Korean Academy of Medical Sciences website.

IssueMakersLab @issuemakerslab

North Korea's Lazarus Group registered malicious HWP document in a notice on the Korean Academy of Medical Sciences(KAMS) website and distributed malware. It is a notice about temporary permission for online academic conferences. https://t.co/R52zgTbojl https://t.co/DfdOMqXRcZ

July 14th 2020

1 Retweet1 Like

Cybersecurity in Japan
CSIS
Jim Lewis talks with Mihoko Matsubara, Chief Cybersecurity Strategist at NTT Corporation in Tokyo and a key player in Japan's cybersecurity efforts. They discuss the state of cybersecurity in Japan, how the Japanese government had been preparing for the Olympics, and the way COVID-19 and work-from-home creating new cyber risks for Japanese citizens and businesses.

Southeast Asia

Lennon Chang @lennoncyc

My co-authored paper reflecting my work on cyber security capacity building project in Myanmar has finally been accepted and published by Computers and Security. It was a long wait but glad to see a positive result! @MonashCrim @MonArtsResearch @Monash_Arts

July 14th 2020

1 Retweet7 Likes

UK

Huawei to be stripped of role in UK's 5G network by 2027, Dowden confirms
The Guardian
@dansabbagh @lilkuo
Huawei is to be stripped out of Britain’s 5G phone networks by 2027, a date that puts Boris Johnson on collision course with a group of Conservative rebels who want the Chinese company eliminated quicker and more comprehensively. Oliver Dowden, the UK culture secretary, will also announce that no new Huawei 5G kit can be bought after 31 December this year – but disappointed the rebels by saying that older 2G, 3G and 4G kit can remain until it is no longer needed.

• Huawei advice: what you need to know National Cyber Security Centre

• Huawei 5G kit must be removed from UK by 2027 BBC News

• Britain bars Huawei from its 5G wireless networks, part of a growing shift away from the Chinese tech giant The Washington Post

• Lord Browne quits as Huawei UK chairman as government ban looms Sky News

• Huawei: The company and the security risks explained Sky News

Europe

Spain is Customer of NSO Group
Vice
The Guardian and El Pais reported NSO Group's malware was used to target prominent politicians in Spain. Now a former employee says that Spain has been an NSO Group customer.

• Phone of top Catalan politician 'targeted by government-grade spyware' The Guardian

Europe divided on Huawei as US pressure to drop company grows
The Guardian
Robert O’Brien, the US national security adviser, will meet his counterparts from France, Italy, the UK and Germany in Paris this week to urge European nations to debar the Chinese technology company Huawei from Europe’s 5G networks.

Russia

Carnegie Russia @CarnegieRussia

Beijing’s reliance on #AI -powered digital surveillance and facial recognition technology for tracking and controlling the spread of the #coronavirus has triggered widespread Russian interest in emulating the Chinese model of societal control: tinyurl.com/y8l5mwlj

July 13th 2020

9 Retweets8 Likes

Misc

17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers
The Hacker News
Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019.

A plan to redesign the internet could make apps that no one controls
Technology Review
Dfinity wants to allow the creation of apps that can run on the network itself rather than on servers owned by Facebook, Google or Amazon. Can it succeed where others have failed?

Fragmenting Internet Governance: Digital Sovereignty and Global Constitutionalism
Media Laws
Recent attempts to challenge the decentralized Internet architecture by proposing corporate alternatives and increased state control have shed light on the tensions between digital sovereignty and globally-exported values embedded in the infrastructure.

Taha Karim @lordx64

Analysis of in the wild exploitation of CVE-2019-1367 by DarkHotel #APT and Magnitude EK. The exploit introduced a Write-What-Where bug that works in every version of jscript engine.. Internet Explorer CVE-2019–1367 In the wild Exploitation — preludeCVE-2019–1367 background and in-the-wild exploitationsblog.confiant.com

July 13th 2020

30 Retweets50 Likes

Events

SecuriDay | Canberra 2020
Kids SecuriDay
K​ids SecuriDay is going digital! Our August event is tied to National Science Week which will be going entirely digital so we will be too. The National Science Week schools theme this year is 'Deep Blue: innovations for the future of our oceans' so our theme will be pirates! We've got a stack of fun talks, workshops, competitions and games planned so keep an eye out for our upcoming announcements.

Closing the Gap - EU Cyber Direct
EU Cyber Direct
As part of the European Cyber Diplomacy Initiative, the EU Cyber Direct project joined forces with the Belgian Ministry of Foreign Affairs and numerous research institutions to organise an international conference that contributes to closing the gap between scholars and practitioners working on cyber-related issues. The conference aimed to foster productive exchanges between different generations of scholars, disciplines, sectors and regions. As an expression of ‘academic diplomacy’, the conference brought together researchers from around the world.