Labour Party hit by second cyber-attack | Advancing Cyberstability, final report 2019 | Sri Lankans sound alarm over Facebook fake news
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The Labour Party says there has been a "sophisticated and large-scale cyber-attack" on its digital platforms. A Labour spokeswoman said the attack had "failed" because of the party's "robust security systems" and they were confident that no data breach occurred. BBC
The Global Commission on the Stability of Cyberspace (GCSC) issued today its final report Advancing Cyberstability, as part of a panel held at the 2019 Paris Peace Forum…This report represents the culmination of the Commission's work over the last three years, offering a cyberstability framework, principles, norms of behavior, and recommendations for the international community and wider ecosystem. PR Newswire
Sri Lankan civil society groups are sounding alarms about Facebook’s policies in advance of the country’s 16 November presidential election, with warnings that the company’s controversial decision to allow politicians to advertise misinformation is “inappropriate and incendiary to boot”. Yahoo News
ASPI ICPC
Australia: the campus fight over Beijing’s influence
Financial Times
But the violent scenes have alarmed Australia’s conservative government, which rebuked Mr Xu for his comments and has created a foreign interference task force staffed by security service personnel and academics to monitor the university sector. It is expected to issue guidelines by the end of November on how to strengthen cyber security on campuses, reduce the risk of sensitive military and dual-use intellectual property being obtained by the Chinese government or military, and safeguard academic freedom at colleges.. A report by the Australian Strategic Policy Institute, a Canberra think-tank, detailed how China’s People’s Liberation Army has sponsored 2,500 military scientists and engineers in western universities since 2007. Nearly all were CCP members, who returned to China after completing their research. “Helping a rival military develop its expertise and technology isn’t in the national interest,” says Alex Joske, author of the report. “Yet it’s not clear that western universities and governments are fully aware of this phenomenon.”
The World
Advancing Cyberstability: Final Report 2019
Global Commission on the Stability of Cyberspace
We have reached the end of a twenty-five-year period of strategic stability and relative peace among major powers. Conflict between states has taken new forms, and cyber activities are playing a leading role in this newly volatile environment.. Against this backdrop, the Global Commission on the Stability of Cyberspace (GCSC) was convened to make recommendations for advancing cyberstability.
We began by identifying a seven element Cyberstability Framework.. Some continue to believe that ensuring international security and stability is almost exclusively the responsibility of states. In practice, however, the cyber battlefield (i.e., cyberspace) is designed, deployed, and operated primarily by non-state actors, and we believe their participation is necessary to ensure the stability of cyberspace. Moreover, their participation is inevitable, as non-state actors often are the first to respond to—and even to attribute—cyber attacks.
The Commission concluded that these non-state actors were not only critical for ensuring the stability of cyberspace, but that they too should be guided by principles and bound by norms. The four principles reflect this view, calling on all parties to be responsible, exercise restraint, take actions, and respect human rights.
The President of the CyberPeace Institute, Marietje Schaake, shares her thoughts on the current state of affairs in cyberspace and the gap that the Institute aims to fill.
CyberPeace Institute
The President of the CyberPeace Institute, Marietje Schaake, shares her thoughts on the current state of affairs in cyberspace and the gap that the Institute aims to fill.
China
China's digital currency not seeking 'full control' of individuals' details: central bank official
Reuters
China’s proposed digitized domestic currency is not a bid to gain full control of information belonging to the general public, a senior central bank official said on Tuesday, adding that the goal was to balance privacy concerns and the authorities’ need for information.
Huawei to pay staff $286m bonus for helping counter sanctions
Financial Times
Huawei will pay out Rmb2bn ($286m) in bonuses and double almost all employees’ monthly salaries for October as a reward for helping the world’s largest telecoms equipment maker counter US sanctions imposed by the Trump administration.
USA
Election vendors should be vetted for security risks, says watchdog group
Washington Post
@Joseph_Marks_
The federal government should start vetting companies that sell election systems as seriously as it does defense contractors and energy firms, a top election security group argues in a proposal out this morning.
Conservatives most likely to be duped by scary new AI Text Generator released by Salesforce.
Lawsuit
Text generated by Artificial Intelligence can now be used to replicate a specific speaker's style of writing. This technology represents great risk to those who are unaware of it's potential for manipulation and fake news generation.
The above paragraph was written by artificial intelligence, called “RoboTrump.” Source
North Asia
Cyber Command flags North Korean-linked hackers behind ongoing financial heists
Cyber Scoop
@shanvav
The Department of Defense has once again called out North Korean hackers by exposing malware samples researchers say are linked to regime-backed financial heists, including past attacks on the interbank messaging system known as the Society for Worldwide Interbank Financial Telecommunication (SWIFT), CyberScoop has learned. Cyber Command assessed that the malware, which it posted to the information sharing platform VirusTotal, is being used in ongoing cyberattacks aimed at the financial sector.
US Cyber Command uploads new malware samples linked to North Korean state-backed financial heists Computing
South Asia
Sri Lankans sound alarm over Facebook fake news ahead of election
Yahoo News
@juliacarriew
Sri Lankan civil society groups are sounding alarms about Facebook’s policies in advance of the country’s 16 November presidential election, with warnings that the company’s controversial decision to allow politicians to advertise misinformation is “inappropriate and incendiary to boot”.
India Briefs Russia After Reported Cyber-Attack On Kudankulam Plant
NDTV
Following reports of a cyber-attack on the Kudankulam nuclear power plant in Tamil Nadu, Indian authorities have told Russia that necessary steps have been taken to prevent similar incidents in future, a senior Russian diplomat said on Tuesday. The Kudankulam nuclear power plant is a joint venture between India and Russia.
UK
Labour Party hit by second cyber-attack
BBC
The Labour Party says there has been a "sophisticated and large-scale cyber-attack" on its digital platforms. A Labour spokeswoman said the attack had "failed" because of the party's "robust security systems" and they were confident that no data breach occurred.
Europe
Germany’s Faustian Bargain With China
The Diplomat
Chancellor Angela Merkel’s decision to allow Huawei to take part in Germany’s 5G bidding procedure has exposed a deep divide between Europe’s leading nation and the European Commission. Has she struck a Faustian bargain with China, pursuing business and markets for Germany in the short term at the cost of regional integration and commitments to international security in the longer term? Or is she simply muddling through, with the immediate interests of German business as her main compass?
Americas
Mexico's Pemex says operations normal after cyber attack
Reuters
Mexico’s state oil firm Pemex said on Monday that attempted cyber attacks the day before were “neutralized” in a timely matter and affected less than 5% of its computers.
Middle East
Israel Launches Project ‘Hercules’ to Counter Cyber Threats to Aviation
Defense World
The Israel National Cyber Directorate (INCD) recently launched project ‘Hercules’ to counter cyber threats to aviation such as airports, control towers, airspace control, airlines, and airplane maintenance. The project, led by Matrix IT Ltd., began in September and will continue for 14 months. The relevant cyber risks will be rated, and recommendations will be given for coping with them in the short and long term.
Misc
Twitter Is Banning Political Ads. But It Will Allow Those That Don't Mention Candidates Or Bills.
Buzzfeed News
@Kantrowitz
Representatives from Twitter met with advertisers last week to discuss the specifics of what might be — and won’t be — included in its ban on political advertising. In those meetings, Twitter staffers suggested that ads that spread awareness about issues of national significance would still be allowed after the ban takes effect.
How to navigate cybersecurity in a 5G world
TechRepublic
@lilyhnewman
With 5G comes a larger attack surface and more devices accessing the network. Companies must ramp up security strategies to stay protected, an AT&T Cybersecurity report finds.
As 5G Rolls Out, Troubling New Security Flaws Emerge
Wired
@lilyhnewman
It's not yet prime time for 5G networks, which still face logistical and technical hurdles, but they're increasingly coming online in major cities worldwide. Which is why it's especially worrying that new 5G vulnerabilities are being discovered almost by the dozen.
Google's secret cache of medical data includes names and full details of millions
The Guardian
@edpilkington
A whistleblower who works in Project Nightingale, the secret transfer of the personal medical data of up to 50 million Americans from one of the largest healthcare providers in the US to Google, has expressed anger to the Guardian that patients are being kept in the dark about the massive deal.
How 18 Malware Apps Snuck Into Apple's App Store
Wired
@brbarrett
Despite some recent pronounced lapses, the iPhone remains one of the most secure consumer devices you can buy, thanks in large part to the locked-down ecosystem of the iOS App Store. But things do slip through the cracks—including 18 apps that used evasive maneuvers to sneak past Apple’s defenses.
Research
The Governance of Turkey’s Cyberspace: Between Cyber Security and Information Security
T&F Online
This article explores Turkey’s multifaceted cyberspace governance policy and argues that positioned between two opposites of cyberspace governance that has close military and security ties to the West, and domestic Internet policies more similar of Russia-China axis, Turkey should be considered as a swing state in global cyberspace governance debates.
Australian businesses that support Indigenous pathways into Cyber Security careers
ASPI is looking for business which have a program, grant or any other initiative in place to facilitate entry into Cyber Security careers for our Indigenous students. We'd really appreciate a share to your networks, if possible.