MI5 head shrugs off risk to intelligence sharing from Huawei links | Congress struggles on rules for cyber warfare with Iran | Iran's disinformation machine

Produced by the ASPI International Cyber Policy CentreSenetas.com

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

  • Andrew Parker, head of MI5, says he has “no reason to think” that the UK’s intelligence-sharing relationship with the US would be hit if Britain adopted Huawei technology in its 5G mobile phone network, as a key decision on the issue looms. FT.

  • The U.S. and Iran may have walked back from the brink of war, but the potential for a cyber battle looms with no clear rules of engagement. Lawmakers and military officials say there’s no agreed-upon definition of what constitutes cyber warfare, leaving them to operate on a case-by-case basis on how best to respond to individual incidents. The Hill.

  • Countries like Russia and China might be dominating the disinformation game, but Iran is emerging as an important player on the scene, warn two experts following the country's online tactics. CBC.

World

Yes, digital IDs are efficient. But they’re a threat to our very identities
The Correspondent
@zararah
Identity cards – and, increasingly, digital identification – don’t just satisfy a bureaucratic function, they also play a role in shaping how we see each other and ourselves – if we let them.

Facebook Says Encrypting Messenger by Default Will Take Years
Wired
@a_greenberg
In March of last year, Mark Zuckerberg made a dramatic pledge: Facebook would apply end-to-end encryption to user communications across all of its platforms by default. The move would grant strong new protections to well over a billion users. It's also not happening anytime soon.

Australia

Australia's bushfires show why democracy requires shared truths
SMH
@chrizap
Australia’s unprecedented bushfires mark many things, an inflection point when the nation’s politics and science collide, a galvanising moment of national emergency, and a tragedy that serves as a symbol of a bigger crisis that the world can understand. They represent another event too: the moment when Australia came to terms with the reality of digital disinformation.

China

Skype audio graded by workers in China with 'no security measures'
The Guardian
@alexhern
A Microsoft programme to transcribe and vet audio from Skype and Cortana, its voice assistant, ran for years with “no security measures”, according to a former contractor who says he reviewed thousands of potentially sensitive recordings on his personal laptop from his home in Beijing over the two years he worked for the company.

Blockchain in China: A Solution in Need of a Problem
The Diplomat
@ncotemunoz
By investing in blockchain, China sees an opportunity to move into a high-potential technology as the United States backed away.

Export Controls Threaten the Future of AI Outposts in China
Wired
@willknight
For some time, American companies including Microsoft, Google, and IBM have established research labs in China to tap into local AI talent and to keep track of technological trends. Now, as tensions and restrictions continue to ramp up, some observers wonder if the days of those outposts may be numbered.

USA

‘Chaos Is the Point’: Russian Hackers and Trolls Grow Stealthier in 2020
NYT
@nicoleperlroth
The National Security Agency and its British counterpart issued an unusual warning in October: The Russians were back and growing stealthier.

Buckle Up for Another Facebook Election
NYT
@kevinroose
By opting not to change the company’s political advertising rules, Mark Zuckerberg has ensured another election shaped by the social network.

Congress struggles on rules for cyber warfare with Iran
The Hill
@magmill95
Lawmakers and military officials say there’s no agreed-upon definition of what constitutes cyber warfare, leaving them to operate on a case-by-case basis on how best to respond to individual incidents.

Senior State Department Official On State Department 2019 Successes on Cybersecurity and 5G Issues
US State Dept
Security for 5G is not just about the technical cyber measures that can include encryption, the architecture of the network, the configuration. It also focuses on what we call the non-technical measures; that is, the ability to trust a vendor in the network.

Academic research finds five US telcos vulnerable to SIM swapping attacks
ZD Net
@campuscodi
A Princeton University academic study published yesterday found that five major US prepaid wireless carriers are vulnerable to SIM swapping attacks.

  • SIM-Swapping Indictments Pile Up as Congress Begs the FCC to Do More
    Vice
    Victims and lawmakers say wireless carriers and the Trump FCC aren’t doing enough to protect consumers from the threat of SIM hijacking. The FBI provided a detailed look late Friday at proposed changes to how it requests surveillance permission from a secret court, after a watchdog disclosed significant shortcomings in the applications to wiretap a one-time Trump campaign foreign-policy adviser.

Why is a 22GB database containing 56 million US folks' personal details sitting on the open internet using a Chinese IP address? Seriously, why?
The Register
@shaundnichols
A database containing the personal details of 56.25m US residents – from names and home addresses to phone numbers and ages – has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough.

‘Eraser button’ for children’s data gains support in the House
The Verge
@kellymakena
On Thursday, a pair of bipartisan House lawmakers announced that they’d be introducing their own bill that would give parents the right to delete the data that companies have on their children and extend COPPA’s protections to older minors. The bill is called the “Preventing Real Online Threats Endangering Children Today,” or the PROTECT Kids Act, and was introduced by Reps. Tim Walberg (R-MI) and Bobby Rush (D-IL), as first reported by Axios.

Asia

The Retreat of the Data Localization Brigade: India, Indonesia and Vietnam
The Diplomat
@basuarindrajit
The protagonists of the data localization saga in all countries have been similar and the tussle has proceeded along similar lines.

UK

MI5 head shrugs off risk to intelligence sharing from Huawei links
FT
@lionelbarber
Andrew Parker, head of MI5, says he has “no reason to think” that the UK’s intelligence-sharing relationship with the US would be hit if Britain adopted Huawei technology in its 5G mobile phone network, as a key decision on the issue looms.

US delegation flies to UK in last-ditch bid to stop Huawei
The Telegraph
@christopherhope
US Government officials will launch a last ditch attempt to stop Britain allowing Chinese company Huawei to help develop the UK's 5G mobile phone network on Monday.

Anger over use of facial recognition at south Wales football derby
The Guardian
@stevenmorris20
Two surveillance vans equipped with the controversial technology were seen patrolling around Cardiff City’s stadium before the club’s game against Swansea City on Sunday. Some fans donned masks, wore sunglasses and hoods, or wrapped scarves around their faces to disguise their appearances.

Europe

Try as It Might, Germany Isn’t Warming to Huawei
The Diplomat
Germany’s domestic dispute about Huawei is growing increasingly heated – but U.S. pressure has little to do with it.

Americas

Brazil to Reject U.S. Pressure on Huawei 5G Bid, Minister Says
Bloomberg
@beckamartha
Brazil will not accept any pressure from the U.S. over whether to allow the Chinese company Huawei to bid for its 5G network, Marcos Pontes, the minister for science, technology, innovation and communications, said.

Middle East

Israeli spyware company accused of hacking activists hires lobby firm
Al Monitor
@aaronjschaffer
An Israeli tech company accused of helping Saudi Arabia spy on murdered journalist Jamal Khashoggi has hired its first US lobbying firm in an attempt to fend off allegations that it illegally spied on hundreds of people through WhatsApp.

Call to counter cyber attacks on oil firms
GDN Online
A leading business urged all GCC countries to join efforts and counter systematic cyber attacks targeting petroleum companies’ infrastructure as well as the sectors of energy, water and banks, which represent the nerve of the economy. NGN chief executive Yacoub Al Awadhi called for the establishment of a cyber preventives shield binding all GCC member states, in light of mounting regional tensions which turned the Internet and IT systems into open battlegrounds.

Iran's disinformation machine
CBC
Countries like Russia and China might be dominating the disinformation game, but Iran is emerging as an important player on the scene, warn two experts following the country's online tactics.

Misc.

A billion medical images exposed, but doctors ignore warnings
Tech Crunch
@zackwhittaker
Hundreds of hospitals, medical offices and imaging centers are running insecure storage systems, allowing anyone with an internet connection and free-to-download software to access over 1 billion medical images of patients across the world.

We’re approaching the limits of computer power – we need new programmers now
The Guardian
@jjn1
Ever-faster processors led to bloated software, but physical limits may force a return to the concise code of the past.

Tech community has role to play in improving efficiency of cybernorms
APNIC
@MadelineCarr
The objective of the UNGGE process has not actually been to ensure the smooth functioning of the Internet. Rather, it has been to avoid the possible escalation to a dangerous, kinetic conflict that might be brought about by misunderstanding, miscommunication or even deception through cyber incidents. By agreeing to some ‘rules of the road’ for cyberspace, states hope to maintain international peace and security through those foundational principles of diplomacy — predictability and transparency.

GCHQ warns not to use Windows 7 computers for banking or email after Tuesday
The Telegraph
The National Cyber Security Centre (NCSC), the public-facing arm of the cyber spy agency, said that devices still using the operating system after next week will become increasingly vulnerable to cyber attacks as the tech giant stops patching weaknesses in its product.

Google details its three-year fight against the Bread (Joker) malware operation
ZD Net
@campuscodi
While most malware operators give up once Google detects their apps, the Bread group never did. For more than three years, since 2017, Bread operators have been churning out new versions of their malware on a weekly basis.