Meta delays plans to encrypt Facebook and Instagram messages until 2023 | Australia passes new offensive cyber laws | El Salvador plans to build a Bitcoin funded city
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The owner of Facebook and Instagram is delaying plans to encrypt users’ messages until 2023 amid warnings from child safety campaigners that its proposals would shield abusers from detection. The Guardian
Beefed up powers for Australian cyber spies to intervene in major attacks across a wide range of essential services have passed parliament. Cyber attacks on Australia's critical infrastructure will be expanded to include energy, communications, financial services, defence industry and higher education. The West Australian
El Salvador plans to build a Bitcoin city at the base of a volcano, with the cryptocurrency used to fund the project, its president has announced. BBC News
ASPI ICPC
New technology vital to security
The Australian
Former Japanese prime minister Shinzo Abe also emphasised the importance of technology in defence on Friday when he told the closing session of the Sydney Dialogue that Japan should co-operate with AUKUS in such areas as cyber capabilities, artificial intelligence and quantum technologies. As Mr Abe, a driving force in founding the Quad alliance of the US, Australia, Japan and India, said, the Quad’s strategic interests and those of the AUKUS pact coincide.
The power of Indigenous diplomacy as a strategic asset for Australia
The Strategist
Anastasia Kapetas & Huon Curtis
The key to effective public diplomacy is moving from monologue to dialogue, which means knowing when to speak and when to listen.
For China, technological superiority is about power and control
National Post
Samantha Hoffman
The myth that a digitally interconnected world would strengthen liberal democracy and undermine authoritarian regimes such as the Chinese party-state has been disproven. Digital connectivity has instead created a new competition space where neither liberal democratic nor authoritarian values have established clear dominance. The lines between them are increasingly blurred in the digital domain.
Australia
Beefed up cyber powers pass parliament
The West Australian
Dominic Giannini
Beefed up powers for Australian cyber spies to intervene in major attacks across a wide range of essential services have passed parliament. Cyber attacks on Australia's critical infrastructure will be expanded to include energy, communications, financial services, defence industry and higher education.
‘Problematic’ critical infrastructure law passes Parliament
InnovationAus
Denham Sadler
The Security Legislation Amendment (Critical Infrastructure) Bill 2020, which significantly expands the number of sectors classified as critical infrastructure, enforces mandatory reporting and gives “last resort” powers to the Australian Signals Directorate, passed the Senate on Monday night with bipartisan support.
Clear and present dangers: understanding and preparing for cyber threats
The Mandarin
Seamus Byrne
In its annual Cyber Threat Report, the Australian Cyber Security Centre (ACSC) say the pandemic environment has fuelled a significant increase in reported impacts of cybercrime.
Aussie companies Langs Building Supplies and Network Overdrive hit by cyber attacks
News.com.au
Sarah Sharples
The “traumatic event” brought entire systems down while hackers threatened to sell staff’s details on the black market – with Aussie businesses increasingly at risk.
Liberal MP Gerard Rennick floods Facebook with vaccine posts he admits may not be ‘100% accurate’
The Guardian
Michael McGowan & Christopher Knaus
An Australian government senator has shared content from an anti-vaccination leader who previously called for the execution of Jacinda Ardern, while posting a deluge of stories from other people about vaccine side-effects he admits he can’t verify.
China
China May Steal Encrypted Government Data Now to Decrypt with Quantum Computers Later
Nextgov
Brandi Vincent
Though they are years from being fully realized, quantum technologies are altering the U.S. cyber threat landscape in serious ways and organizations should start acting now to ensure their infrastructure and data will be protected as the field evolves, according to a new report from Booz Allen Hamilton.
China’s exiled crypto machines fuel global mining boom
Financial Times
Martha Muir
Fourteen of the biggest crypto mining companies in the world have moved more than 2m machines out of China in the months following the ban, according to data gathered by the Financial Times. The lion’s share of machines was hastily moved to the US, Canada, Kazakhstan and Russia.
USA
Meta delays encrypted messages on Facebook and Instagram to 2023
The Guardian
Dan Milmo
The owner of Facebook and Instagram is delaying plans to encrypt users’ messages until 2023 amid warnings from child safety campaigners that its proposals would shield abusers from detection.
We’re Making the Facebook Papers Public. Here’s Why and How
Gizmodo
Dell Cameron, Andrew Couts & Shoshana Wodinsky
Independent experts from NYU, UMass Amherst, Columbia, Marquette, and the ACLU are partnering with Gizmodo to responsibly publish this historic leak.
Facebook’s race-blind practices around hate speech came at the expense of Black users, new documents show
The Washington Post
Elizabeth Dwoskin, Nitasha Tiku & Craig Timberg
Researchers proposed a fix to the biased algorithm, but one internal document predicted pushback from ‘conservative partners’
GoDaddy data breach impacts 1.2 million WordPress site owners
The Record by Recorded Future
Catalin Cimpanu
Internet infrastructure company GoDaddy said on Monday that a hacker gained access to the personal information of more than 1.2 million customers of its WordPress hosting service.
Can Twitter warnings actually curb hate speech? A new study says yes.
Protocol
Issie Lapowsky
Researchers found that warning Twitter users that someone they follow has been suspended — and they could be next — cuts down on hate speech.
The Pentagon needs a new AI strategy to catch up with China
Financial Times
Nicolas Chaillan
Defence leaders unfamiliar with artificial intelligence, cyber or hypersonics should educate themselves or get out of the way.
Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends
CISA
As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you.
North Asia
North Korean Hackers Caught Snooping on China’s Cyber Squad
The Daily Beast
Shannon Vavra
North Korean hackers are under fierce pressure to raise revenue to fund regime goals. Now they’re trying to spy on Chinese security researchers to get better hacking tools.
Southeast Asia
Singapore’s tech-utopia dream is turning into a surveillance state nightmare
Rest of World
Peter Guest
In the “smart nation,” robot dogs enforce social distancing and flying taxis are just over the horizon. The reality is very different.
UK
UK and US join forces to strike back in cyber-space
BBC News
Gordon Corera
The US and UK are joining forces to "impose consequences" on their shared adversaries who conduct malicious cyber-activities. The combined action would address "evolving threats with a full range of capabilities", they said.
UK Ministry of Defense "Guidance Is Not To Use / Install Hikvision"
IPVM
Charles Rollet
The UK Ministry of Defence has quietly issued guidance "not to use/install Hikvision equipment", though other government departments are using Hikvision cameras anyway, official documents reveal.
UK govt warns thousands of SMBs their online stores were hacked
BleepingComputer
Sergiu Gatlan
The UK's National Cyber Security Centre (NCSC) says it warned the owners of more than 4,000 online stores that their sites were compromised in Magecart attacks to steal customers' payment info.
Europe
How Fake News on Facebook Helped Fuel a Border Crisis in Europe
The New York Times
Andrew Higgins, Adam Satariano & Jane Arraf
Social media worsened a migrant crisis on the border of Belarus and Poland and helped smugglers profit off desperate people trying to reach Europe.
Vestas data 'compromised' by cyber attack
Reuters
Stine Jacobsen
Wind turbine maker Vestas on Monday said the cyber attack it reported at the weekend has affected parts of its internal IT infrastructure and that data has been "compromised".
Impact of AUKUS on US-EU Relations
The Diplomat
AUKUS is officially an arrangement between Australia, the United States, and the United Kingdom, three allied countries, who have decided to reinforce their security cooperation in the Indo-Pacific through a series of technology transfers related to cyber capabilities, quantum technologies, artificial intelligence, and nuclear-powered submarines. As such it did not signal any divergence between U.S. and European allies, nor did it question per se the U.S. commitment to the security of Europe. However, it would be foolish to believe that the episode will have no impact on the transatlantic alliance.
Americas
El Salvador Bitcoin city planned at base of Conchagua volcano
BBC News
El Salvador plans to build a Bitcoin city at the base of a volcano, with the cryptocurrency used to fund the project, its president has announced.
Middle East
Hackers hit Iran's Mahan airline, claim confidential data theft
BleepingComputer
Bill Toulas
One of Iran's largest privately-owned airlines, Mahan Air, has announced a cybersecurity incident that has resulted in its website going offline and potentially data loss.
The Saudi women’s rights activist who found freedom and horror on the internet
TechRadar
Joel Khalili
Born into a devout Muslim family in Saudi Arabia, Manal al-Sharif spent her childhood under the impression that women were second-class citizens. In her small world, every piece of information she met was curated carefully, censored in such a way as to crush any spirit of rebellion. Courtesy of the internet, which arrived in her country in 1999, she was able to dispossess herself of these inherited misconceptions and came to understand the oppression under which she was living.
Africa
Facebook fails to curb the spread of hate speech in Ethiopia
Mail & Guardian
Simon Allison, Samuel Gebre, Claire Wilmot
The Facebook team that had discovered Disarming Lucy recommended that all the accounts associated with it be taken down. This was in March 2021. But as of today, every single one of those accounts is still active — and many are still spreading hate speech and inciting violence.
Misc
Devious ‘Tardigrade’ Malware Hits Biomanufacturing Facilities
WIRED
Lily Hay Newman
As the researchers at biomedical and cybersecurity firm BioBright dug further, they discovered that Tardigrade did more than simply lock down computers throughout the facility. The found that the malware could adapt to its environment, conceal itself, and even operate autonomously when cut off from its command and control server. This was something new.
Attackers don’t bother brute-forcing long passwords, Microsoft engineer says
The Record by Recorded Future
Catalin Cimpanu
According to data collected by Microsoft’s network of honeypot servers, most brute-force attackers primarily attempt to guess short passwords, with very few attacks targeting credentials that are either long or contain complex characters.
Biometric auth bypassed using fingerprint photo, printer, and glue
BleepingComputer
Bill Toulas
Researchers demonstrated that fingerprints could be cloned for biometric authentication for as little as $5 without using any sophisticated or uncommon tools. Although fingerprint-based biometric authentication is generally considered superior to PINs and passwords in terms of security, the fact that imprints can be left in numerous public places makes it ripe for abuse.
Your Fingerprint Can Be Hacked For $5. Here’s How.
Kraken
In this article, the Kraken Security Labs Team demonstrates just how easy it is for malicious actors to bypass your favorite login method.
Research
The Future of Digital Spaces and Their Role in Democracy
Pew Research Center
Janna Anderson & Lee Rainie
Many experts say public online spaces will significantly improve by 2035 if reformers, big technology firms, governments and activists tackle the problems created by misinformation, disinformation and toxic discourse. Others expect continuing troubles as digital tools and forums are used to exploit people’s frailties, stoke their rage and drive them apart.
How Mobilisation by Climate Sceptic Actors on Facebook During COP26 Undermined the Summit
Institute for Strategic Dialogue
Cécile Simmons & Francesca Arcostanzo
Over the course of COP26 (31 October – 12 November 2021), ISD researchers tracked posts about climate change produced by Facebook’s official Climate Science Center alongside those by a sample of accounts known to spread climate scepticism, ‘discourses of delay’ and/or content which contains mis- or disinformation in relation to climate science.
Jobs
ICPC Analyst & Project Manager - Coercive diplomacy
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an Analyst and Project Manager to manage, and help lead, a project on coercive diplomacy in the Indo-Pacific region... This new role will focus on analysis, workshops and stakeholder engagement centred around coercive diplomacy, including how countries in the Indo-Pacific can work together to tackle this complicated policy challenge.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.