Legal scholars are working on new rules for international hacking conflicts | How North Korea almost pulled off a billion-dollar hack | New Australian bill would force companies to disclose ransomware

Jun 21, 2021

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

Top international legal experts are beginning work on a five-year project to hammer out what’s in and out of bounds in international cyber conflict.
The result will be the third version of a NATO-sponsored document called the “Tallinn Manual on the International Law Applicable to Cyber Operations.” The Washington Post
In 2016 North Korean hackers planned a $1bn raid on Bangladesh's national bank and came within an inch of success - it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee. But how did one of the world's poorest and most isolated countries train a team of elite cyber-criminals? BBC News
Australian lawmakers have filed on Monday a new bill that would mandate that local companies inform the Australian Cyber Security Centre (ACSC) of their intention to pay a ransomware gang. The Record by Recorded Future

ASPI ICPC

Fergus Ryan @fryan

New People's Bank of China statement: China's 5 major banks & Alipay have confirmed that they won't carry out or participate in business activities related to virtual currencies like Bitcoin. pbc.gov.cn/goutongjiaoliu…

Who is watching Australia’s academics?
Research Professional
Deputy director of ASPI’s international cyber policy centre, Danielle Cave, says that “the ARC has not engaged with us on any specific enquiries”. She told Research Professional News that the tracker is “a free, public tool to help support universities, governments and the business community with their due diligence efforts as they navigate their engagement and collaboration with research entities in China”. It focuses only on “Chinese institutions engaged in military or security-related science and technology research”. One of the key issues in undertaking due diligence, she said, is that “the number of Chinese universities involved in China’s military-civil fusion strategy is expanding quickly”. Also posing a challenge is the fact that “in China, many organisations—and of course the government—regularly delete and censor webpages, which means sensitive content is regularly altered and deleted”. Cave cautioned that her group’s advice to everyone conducting similar due diligence is to make sure they do their own Chinese-language research.

Explore our China Defence University Track project (which was updated in May 2021) here.

World

The Cybersecurity 202: Legal scholars are working on new rules for international hacking conflicts
The Washington Post
@Joseph_Marks_
Countries won’t all abide by the rules. But they could help hacking conflicts from escalating out of control, the lead author says.

Australia

New Australian bill would force companies to disclose ransomware payments
The Record by Recorded Future
@campuscodi
Australian lawmakers have filed on Monday a new bill that would mandate that local companies inform the Australian Cyber Security Centre (ACSC) of their intention to pay a ransomware gang. The Ransomware Payments Bill 2021 was put forward today by Tim Watts, Australia’s Shadow Assistant Minister for Cyber Security, and comes after Australian companies have seen an increased number of ransomware attacks over the past year, including high-profile attacks on multiple hospitals, Australian TV station Channel 9, beverage giant Lion, logistics giant Toll Group, and others.

Labor introduces bill to mandate ransomware payment reporting
itNews
Justin Hendry
The federal opposition has introduced a bill that would require businesses and government agencies to notify the Australian Cyber Security Centre before paying a ransomware gang.

How anti-vaxxers are weaponising pregnant women’s fears
The Sydney Morning Herald
@sopphie
Last week’s incident is one of several in which anti-vaxxers have deliberately pounced on vaccine-supporting social media posts in maternal health spaces, where mothers-to-be and new mums are likely to be. Groups co-ordinate the attacks by calling on others in their network to blitz a particular post with disparaging comments.

Former ASIO boss warns on energy sector cyber
InnovationAus
@joseph_brookes
Energy experts and a former ASIO chief have warned that Australia’s critical energy infrastructure was growing in complexity and vulnerability to cyber-attacks, but a commensurate uplift in resilience has not occurred.

‘The game is back on’: How does spying work in Australia?
The Sydney Morning Herald
@Gallo_Ways
Theresa May was less than two months into the British prime ministership when she met her Australian counterpart in September 2016, on the sidelines of the G20 summit in China. The encounter with her old friend from Oxford, Malcolm Turnbull, in the city of Hangzhou, would lead to one of the biggest shake-ups of Australia’s security and intelligence agencies in history. While Brexit dominated the discussion, Turnbull wanted to raise another matter with May: whether to create a “super department” modelled on the United Kingdom’s Home Office.

Govt risking IT wrecks without 'urgent' staffing boost: union
itNews
Justin Hendry
Government technology failures will continue without “urgent investment” in technical and professional staff, a technical union has warned, as the use of contractors continues to grow.

China

Behind the scenes at China TV: soft power and state propaganda
Financial Times
@patricianilsson Sun Yu @Mikepeeljourno
A digital strategy does, however, come with its own challenges. Tweets by CGTN are labelled “state-affiliated” by Twitter. Google-owned YouTube warns CGTN viewers that it is funded by the Chinese government — in contrast to the BBC’s World Service, which is independent from the government and simply labelled a public service broadcaster. Still, online rules are significantly less stringent than those that govern traditional broadcasting. CGTN’s broadcasts of allegedly forced confessions, which in March contributed to a £225,000 fine in the UK, are still available on YouTube, which told the FT the video of Cheng’s pre-trial confession did not violate its guidelines.

China claims it's leading the way in 6G mobile tech research, but the reality is still years away
ABC News
@samuelyang_
While Australia's 5G mobile network rollout is still in its infancy, China has announced its 6G will be ready for commercial use in nine years, according to an industry white paper released earlier this month.

Bitcoin Falls to Two-Week Low as China Cracks Down on Crypto
Yahoo
Joanna Ossinger
Bitcoin fell to a two-week low amid an intensifying cryptocurrency crackdown in China. The largest virtual currency fell 10% to $32,350 as of 8:50 a.m. in New York. Ether declined 13% to $1,950.

China to shut down over 90% of its Bitcoin mining capacity after local bans
Global Times
Many Bitcoin mines in Southwest China's Sichuan Province - one of China's largest cryptocurrency mining bases - were closed as of Sunday, according to after local authorities ordered a halt to mining in the region on Friday amid an intensified nationwide crackdown against cryptocurrency mining.

Bitcoin crackdown sends graphics cards prices plummeting in China after Sichuan terminated mining operations
South China Morning Post
@CocoF1026
China’s ongoing bitcoin mining crackdown has sent the price of graphics cards plummeting, making the critical component in mining operations much more affordable in the country but leaving miners with fewer places to set up shop.

USA

U.S. SEC probing SolarWinds clients over cyber breach disclosures -sources
Reuters
@kjspeakstruth
The U.S. Securities and Exchange Commission (SEC) has opened a probe into last year's SolarWinds (SWI.N) cyber breach, focusing on whether some companies failed to disclose that they had been affected by the unprecedented hack.

SolarWinds hackers could have been waylaid by simple countermeasure -US officials
Reuters
@razhael
Following a decade-old security recommendation could have helped stymie the Russian hackers who ran amok across federal government networks last year, the Department of Homeland Security's digital defense arm said in a letter sent earlier this month.

Google Executives See Cracks in Their Company’s Success
The New York Times
@daiwaka
Despite record profits, a number of them are worried that the company is suffering from both its size and leadership from its C.E.O., Sundar Pichai.

More bad news for Big Tech: Lina Khan’s a privacy hawk, too
Protocol
@issielapowsky
The incoming agency chair once likened widespread data collection to environmental pollution. What can she do about it now?

Do water-intensive data centers need to be built in the desert?
NBC News
@oliviasolon
As cash-strapped cities welcome Big Tech to build hundreds of million-dollar data centers in their backyards, critics question the environmental cost.

North-East Asia

The Lazarus heist: How North Korea almost pulled off a billion-dollar hack
BBC
@geoffwhite247 @newsjean
In 2016 North Korean hackers planned a $1bn raid on Bangladesh's national bank and came within an inch of success - it was only by a fluke that all but $81m of the transfers were halted.

North Korean hackers breach South Korean submarine builder (again)
The Record by Recorded Future
@campuscodi
North Korean hackers are believed to have breached South Korea’s top submarine builder for the second time in the past decade, South Korean news outlet JoongAng reported on Sunday.

South and Central Asia

A CCTV Company Is Paying Remote Workers in India to Yell at Armed Robbers
VICE News
Todd Feathers
Clerks at 7-Eleven and other convenience stores are being constantly monitored by a voice of god that can intervene from thousands of miles away.

Twitter restricts 50 tweets pertaining to Ghaziabad assault case
MediaNama
@Aroon Deep
Twitter has restricted fifty tweets featuring video and images from a viral clip of a Muslim man in Ghaziabad, Uttar Pradesh being assaulted, according to a recent filing with the Lumen Database by the social media platform. The tweets are withheld for users in India.

UK

Prime Minister sets out plans to realise and maximise the opportunities of scientific and technological breakthroughs
Prime Minister's Office
Prime Minister Boris Johnson has unveiled plans today (Monday 21 June) to ensure the UK’s world-leading science and ideas turn into solutions for public good, as part of ambitions to become a global science superpower.

Europe

Ulrike Franke @RikeFranke

CDU/CSU wants "a more strategic approach to foreign and security policy" and ask for a regular national security strategy to be published and to be discussed by parliament, and a national security council (💪) in the chancellery. I like.

Who is behind Spanish Telegram’s storm of Covid-19 disinformation?
Coda Story
@DarrenLoucaides
A complex web of fake news and foreign propaganda has fueled vaccine skepticism and anti-lockdown riots

Wikimedia bans admin of Wikipedia Croatia for pushing radical right agendas
The Record by Recorded Future
@campuscodi
The Wikimedia Foundation has banned the administrator of the Croatian version of Wikipedia after an investigation revealed that together with other admins, they edited and distorted content on the site with radical right views.

Digital euro will protect consumer privacy, ECB executive pledges
Financial Times
@MAmdorsky
The introduction of a digital euro would boost consumers’ privacy and protect the eurozone from the “threat” of competing cryptocurrencies that could undermine the bloc’s monetary sovereignty, according to the central banker overseeing its development.

Dr. Gabriela Zanfir-Fortuna @gabrielazanfir

'@EU_EDPB & @EU_EDPS call for a general ban on any use of AI for automated recognition of human features in publicly accessible spaces, such as recognition of faces, gait, fingerprints, DNA, voice, keystrokes & other biometric or behavioural signals, in any context.' 1/2

Bundeskartellamt examines Apple’s significance for competition across markets
Bundeskartellamt
The Bundeskartellamt has today initiated a proceeding against the technology company Apple based on the new competition law rules for large digital companies. This is the fourth large digital company against which the authority is taking action based on this new competition law tool.

EU tech policy is not anti-American, says Vestager
Financial Times
Digital chief insists regulation will have wider focus than Silicon Valley companies.

Africa

3 things to know about Nigeria’s Twitter ban
The Washington Post
@Lindsay Hundley @Hakeem Bishi @Shelby Grossman
Governments around the world are using social media’s language on content moderation to crack down on these platforms.

Misc

Amazon Snaps Up Option to Buy Stake in AI Truck-Driving Startup
Bloomberg
@luluyilun @GillianTan
Amazon.com Inc. has placed an order for 1,000 autonomous driving systems from self-driving truck technology startup Plus and has acquired the option to buy a stake of as much as 20%, Plus said in a regulatory filing, confirming an earlier Bloomberg report.

A very brief history of every Google messaging app
The Verge
@cgartenberg
Over the past 15 years, Google has introduced more than a dozen messaging services spanning text, voice, and video calling. This week, the company’s efforts culminated in the general availability of Google Chat, a combination of Slack / Discord-style rooms with more traditional messaging.

Michael Geist @mgeist

The @PrivacyPrivee recent report on the RCMP, Clearview AI and surveillance captured attention, but the issue is even bigger than most think. Lex Gill (@lex_is) of @citizenlab joins the @lawbytespod podcast to provide the much needed history and context. michaelgeist.ca/2021/06/law-by…

Facebook officially launches Live Audio Rooms and podcasts in the US
TechCrunch
@sarahintampa
In April, Facebook announced a series of planned investments in new audio products, including a Clubhouse live audio competitor as well as new support for podcasts. Today, Facebook is officially rolling out these products with the launch of Live Audio Rooms in the U.S. on iOS, starting with public figures and select Facebook Groups, and the debut of an initial set of U.S. podcast partners.

How the Next Layer of the Internet is Going to be Standardised
mnot's blog
@mnot
A big change in how the Internet is defined - and who defines it - is underway.

Events

ASPI @ASPI_org

🚨 EVENT ALERT 🚨 'Mapping China’s Tech Giants: Covid-19, supply chains & strategic competition' Join us on June 23 for a discussion on growing 🇨🇳-🇺🇸 technological competition, the PRC’s evolving data ecosystem & the impacts of Covid-19 Register now: bit.ly/3gCChTM

Ryerson University @RyersonU

On June 24th, 1-2pm ET @cyberpolicyx is hosting @nytime reporter @nicoleperlroth for a virtual talk on her book, This Is How They Tell Me the World Ends: The Cyberweapons Arms Race 💾⚠️ All attendees can get a book discount! 📚 Register for free: eventbrite.ca/e/this-is-how-…

This is How They Tell Me the World Ends: Virtual Book TalkOn Thurs. June 24, join a book talk with New York Times reporter Nicole Perlroth, author of This is How They Tell Me the World Endseventbrite.ca

Research

THE FUTURE OF CONFLICT PREVENTION
European Union Institute for Security Studies
@KMustasilta
Looking ahead to the horizon of 2030, this Chaillot Paper analyses the need for a conflict prevention approach in the face of three megatrends that will have far-reaching global repercussions.

Jobs

ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. Please note that interviews have commenced for this position and will continue until the end of June. This role will focus on policy relevant cybersecurity analysis, informed public commentary and either original data-heavy research and/or technical analysis. Analysts usually have around 7-15 years work experience. Senior analysts usually have a minimum of 15 years relevant work experience and tend to be involved in staff and project management, fundraising and stakeholder engagement.

ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.