Iranian hackers target Trump campaign / FB removes accounts targeting Iran & Qatar / U.S. puts Hikvision, Chinese security bureaus on economic blacklist
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference
ASPI ICPC
Australia's Cyber Strategy, version 2.0
ASPI ICPC
Back in 2016, Australia launched its first national cybersecurity strategy. The strategy covers a four-year period to 2020, and given the changes in the security environment, an update is now clearly warranted. To that end, the government has just launched a discussion paper to kick off the public consultation. The closing date for submissions on the discussion paper is 1 November. To complement the public submission process, ASPI’s International Cyber Policy Centre is initiating a public debate on what should be included in the next cybersecurity strategy. Contributions will be compiled into a report that we will deliver to the Department of Home Affairs to inform the strategy’s development. Follow the debate here.
China, Russia Deepen Technological Ties
Defense One
With joint dialogues, incubators, and technology parks, Beijing and Moscow are seeking to overcome deficiencies and compete with the United States. China and Russia are deepening and expanding their ties — economic, military, technological — as external pressures limit their access to overseas markets and technology. Both countries hope the collaboration will help to compensate for domestic deficiencies and to compete successfully with the United States in today’s critical technologies. This article previews the findings of a report to be released by the Australian Strategic Policy Institute later this fall that will offer a more detailed assessment of certain elements of Sino-Russian high-tech cooperation.
Cybersecurity and geopolitics: why Southeast Asia is wary of a Huawei ban
ASPI Strategist
@le2huong
‘The race to 5G is a race America must-win’, US President Donald Trump said on 12 April. Just over a month later, on 15 May, he issued an executive order banning Huawei equipment in US networks. That decision has since been rippling well beyond Sino-US relations and will have an impact on the digital future of many other countries.
Australia
US data deal to aid war on terrorism and pedophiles
The Australian
@bennpackham
Police and intelligence services will get rapid access to messages sent by terrorists, pedophiles and criminal gangs using US-owned technology platforms such as Google and Facebook under an access agreement being negotiated with the US government. Home Affairs Minister Peter Dutton and US Attorney-General William Barr began formal negotiations in Washington for a bilateral agreement under a US law known as the CLOUD Act, which compels US tech companies to hand over data on their servers when presented with a warrant of subpoena by law enforcement agencies or the courts. When finalised, the agreement will grant Australian law enforcement agencies the same ability to access data held by US technology companies and require Australian technology companies to release information sought by US authorities.
Encryption hands a new cloak to sexual predators
LinkedIn
@tweetinjules
There are times when the sheer volume and brutality of the child sexual exploitation material on the internet makes the problem seem insurmountable. In response, we are constantly seeking innovative ways to disrupt this online scourge — and over the past decade, we have made progress. But there are new developments afoot in the tech sector that threaten to arm the pedophile networks we are trying to disrupt.
Huawei hopes for brand boost from Raiders grand final appearance
SMH
@JennieDuke
Embattled Chinese tech giant Huawei hopes the exposure of its brand to millions of Australians watching Sunday's NRL grand final will help improve its public image after a difficult year in the country.
Victoria named nation's cybercrime hotspot
The Age
@Tate_13
Australians are reporting incidents of cybercrime about every 10 minutes, according to statistics released by the nation's cybersecurity watchdog. More than 13,500 reports of cybercrime have been received by the Australian Cyber Security Centre since July. Victoria made up the bulk of those reports at 26 per cent (3,027 reports), followed by NSW with 25 per cent (2,922).
China
A Concise Guide to Huawei’s Cybersecurity Risks and the Global Responses
NBR
@jonathon_marek
This backgrounder from Jonathon Marek and Ashley Dutta of NBR’s Center for Innovation, Trade, and Strategy examines the criticisms levelled against Huawei and how governments have responded. It provides a framework and key examples through which readers can better understand the policy challenges surrounding the company.
Apple reviews rejected Hong Kong app again amid controversy over whether it will be used by protesters
SCMP
Apple’s App Store has reviewed recent decision to reject a Hong Kong app designed to track police activity in the midst of increasingly violent pro-democracy protests in the city. The app, known as HKmap.live, is a mobile version of a website that helps users avoid potentially dangerous areas.
Chinese troops apparently wore QR codes on their body armour in the massive 70th-anniversary parade
Business Insider
As Chinese service members were paraded out for their country's National Day Parade in Beijing on Tuesday, several of them wore a distinct marking on their uniforms: Affixed on their ballistic vests were what appeared to be a Quick Response (QR) code.
Taiwan flag emoji disappears from the latest Apple iPhone keyboard
Hong Kong FP
@krislc
The Republic of China flag emoji has disappeared from Apple iPhone’s keyboard for Hong Kong and Macau users. The change happened for users who updated their phones to the latest operating system. Updating iPhones to iOS 13.1.1 or above caused the flag emoji to disappear from the emoji keyboard.
China and Taiwan clash over Wikipedia edits
BBC
Ask Google or Siri: "What is Taiwan?” “A state", they will answer, "in East Asia". But earlier in September, it would have been a "province in the People's Republic of China". For questions of fact, many search engines, digital assistants and phones all point to one place: Wikipedia. And Wikipedia had suddenly changed... BBC Click's investigation has found almost 1,600 tendentious edits across 22 politically sensitive articles. We cannot verify who made each of these edits, why, or whether they reflect a more widespread practice. However, there are indications that they are not all necessarily organic, nor random.
Blocking research with China would 'hurt', Microsoft boss says
BBC
Microsoft does more research and development in China than it does anywhere else outside the United States. But, as US-China relations continue to sour on issues of trade and cyber-security, the decades-long ties Microsoft has in China are coming under close scrutiny. In an interview with BBC News, Microsoft's chief executive Satya Nadella has said that despite national security concerns, backing out of China would “hurt more” than it solved.
Getting a new mobile number in China will involve a facial-recognition test
Quartz
@Jane_Li911
China is taking every measure it can to verify the identities of its over 850 million mobile internet users. From Dec. 1, people applying for new mobile and data services will have to have their faces scanned by telecom providers, the Ministry of Industry and Information Technology said in a Sept. 27 statement.
USA
U.S. puts Hikvision, Chinese security bureaus on economic blacklist
Reuters
The U.S. Commerce Department said on Monday it was putting 28 Chinese public security bureaus and companies - including video surveillance company Hikvision - on a U.S. trade blacklist over Beijing’s treatment of Uighur Muslims and other predominantly Muslim ethnic minorities. Those added to the so-called “Entity List” include the Xinjiang Uighur Autonomous Region People’s Government Public Security Bureau, 19 subordinate government agencies and eight commercial firms, according to a Commerce Department filing. The companies include Zhejiang Dahua Technology, IFLYTEK Co, Xiamen Meiya Pico Information Co and Yixin Science and Technology Co.
Amid Huawei warnings, FBI making quiet rounds as U.S. researchers seen serving on the front line of battle against Chinese theft
Japan Times
As the U.S. warned allies around the world that Chinese tech giant Huawei was a security threat, the FBI was making the same point quietly to a Midwestern university. In an email to the associate vice chancellor for research at the University of Illinois-Urbana-Champaign, an agent wanted to know if administrators believed Huawei had stolen any intellectual property from the school.
FBI investigating if attempted 2018 voting app hack was linked to Michigan college course
CNN
@kevincollier
An attempted hack into a mobile voting app used during the 2018 midterm elections may have been a student's attempt to research security vulnerabilities rather than an attempt to alter any votes, three people familiar with the matter told CNN.
Google contractors reportedly targeted homeless people for Pixel 4 facial recognition
Verge
@StarFire2258
A Google contractor may be using some questionable methods to get those facial scans, including targeting groups of homeless people and tricking college students who didn’t know they were being recorded.
Southeast Asia
Chinese Cyber Espionage Group Attacking Asia
Palo Alto
@AlexHinchliffe
For three years, Unit 42 has tracked a set of cyber espionage attack campaigns across Asia, which used a mix of publicly available and custom malware..We believe victims lay mainly in and around the Southeast Asia region, particularly Myanmar, Taiwan, Vietnam, and Indonesia; and likely also in various other areas in Asia, such as Tibet, Xinjiang, and Mongolia. Based on targeting, content in some of the malware and ties to infrastructure previously documented publicly as being linked to Chinese nation-state adversaries, Unit 42 believes with high confidence that PKPLUG has similar origins.
New ASEAN cyber-security centre launched to train response teams to combat online threats
Straights Times
ASEAN member states cyber experts have been discussing the 11 norms at various Asean capacity building workshops throughout the year. They have identified areas where progress has been made, as well as other areas in need of capacity building for the successful implementation of norms.
Co-Chairs’ Statement on the Inaugural ASEAN-U.S. Cyber Policy Dialogue
US Government
The following is the text of the Co-Chairs’ statement from the ASEAN-U.S. Cyber Policy Dialogue released by the Dialogue Co-Chairs: the Governments of the United States of America and Lao PDR. The ASEAN-U.S. Cyber Policy Dialogue was held in Singapore on October 3.
Middle East
Iranian Hackers Target Trump Campaign as Threats to 2020 Mount
NYT
@SangerNYT
Iranian hackers targeted hundreds of email accounts associated with at least one presidential campaign, as well as those of American journalists and current and former United States government officials, Microsoft said Friday, in a sign of how cyberattacks will become a fixture of the 2020 presidential election. Microsoft said in a report that hackers, with apparent backing from Iran’s government, had made more than 2,700 attempts to identify the email accounts of current and former government officials, journalists covering political campaigns and accounts associated with one major presidential campaign. In at least four cases, the hackers successfully infiltrated inboxes.
Hundreds Of Propaganda Accounts Targeting Iran And Qatar Have Been Removed From Facebook
Buzzfeed News
@janelytv
A BuzzFeed News investigation uncovered a network of websites and accounts using Facebook, Twitter, YouTube, and other social platforms to sow propaganda targeting Iran and Qatar. The accounts, which have now been taken down, appear to have been professionally run by PR firms based in the Middle East and Africa.
Removing Coordinated Inauthentic Behavior in UAE, Nigeria, Indonesia and Egypt - Facebook Newsroom
Heavily censored internet briefly returns to Iraq 28 hours after nationwide blackout
Netblocks
Network data from the NetBlocks internet observatory show that connectivity is returning to parts of Iraq 28 hours after the country imposed a nationwide information blackout. As of 9:20 p.m. UTC, leading providers started to come back online, however access to social media, messaging apps remain highly restricted with some network providers.
Misc
Signal Bug Could Have Let Hackers Listen to Android Users Via Microphone
Vice
On Friday, a researcher at Google's elite vulnerability hunting team Project Zero published details about an issue in the Android version of Signal. The bug allowed a hacker to phone a target device, and the call would be answered without the recipient needing to even accept the call, essentially letting the hacker listen-in on the victim.
Sam Gregory, program director at the human rights nonprofit WITNESS, talks about the implications of Deepfake videos and how we can adjust to this new and improving technology.
Events
The rise of information warfare: in-conversation with Peter W. Singer
ASPI ICPC
International Cyber Policy Centre invites you to an in-conversation with Peter W. Singer and Danielle Cave to consider the rise of information warfare. Peter Warren Singer is a strategist and senior fellow at New America. He has been named by the Smithsonian as one of the nation’s 100 leading innovators, by Defense News as one of the 100 most influential people in defence issues, by Foreign Policy to their Top 100 Global Thinkers List, and as an official “Mad Scientist” for the U.S. Army’s Training and Doctrine Command. A drinks and canapes reception will conclude the event. This event is kindly supported by Microsoft.
Cyber Security Hypothetical – Panel
UNSW
We invite you to join us on 22 October, in challenging paradigms and provoking discussion around this important topic that impacts and targets us all. Cyber Security Hypothetical will be led and moderated by Mr Steve Wilson and panellists will include MAJGEN Marcus Thompson, Professor Michael Frater, Mr Alastair MacGibbon, Ms Kate Carruthers and Mr Justin Warren.