MI5 warning over 'Chinese agent' in Parliament | Dozens of El Salvador journalists, activists hacked | Switzerland tests digital currency payments with top investment banks
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
MI5 has issued a rare warning that an alleged Chinese agent has infiltrated Parliament to interfere in UK politics. An alert from the security service said Christine Ching Kui Lee "established links" for the Chinese Communist Party (CCP) with current and aspiring MPs. She then gave donations to politicians, with funding coming from foreign nationals in China and Hong Kong. BBC
Dozens of journalists and human rights defenders in El Salvador had their cellphones repeatedly hacked with sophisticated spyware over the past year and a half. Reporting on its latest findings about use of the Israeli firm NSO Group’s Pegasus spyware, the University of Toronto’s Citizen Lab said it had identified a Pegasus operator working almost exclusively in El Salvador in early 2020. Associated Press
Switzerland's central bank has successfully used digital currency to settle transactions involving five commercial banks, the Swiss National Bank said on Thursday, the latest trial of the technology in wholesale markets. Reuters
ASPI ICPC
Big Brands Are Still Working With This Clothing Company Closely Tied To Xinjiang, Where Forced Labor Is Rampant
Buzzfeed
Alison Killing & Megha Rajagopalan
In July 2020, following a report by the Australian Strategic Policy Institute on Uyghur forced labor, the US announced sanctions against 11 Chinese companies including Changji Esquel Textile, one of the five Esquel subsidiaries based in Xinjiang. The sanctions announcement described these companies as being “implicated in human rights violations and abuses in the implementation of China's campaign of repression, mass arbitrary detention, forced labor and high-technology surveillance against Uyghurs, Kazakhs, and other members of Muslim minority groups.” These sanctions made it difficult, but not impossible, for US brands to trade with the companies outright — but the reputational damage meant that brands were reluctant to be seen working with them.
China steps up construction along disputed Bhutan border, satellite images show
Reuters
Devjyot Ghoshal and Anand Katakam
China has accelerated settlement-building along its disputed border with Bhutan, with more than 200 structures, including two-storey buildings, under construction in six locations, according to satellite image analysis conducted for Reuters. Nathan Ruser, a researcher at the Australian Strategic Policy Institute research organisation, added that it would be a challenge for India and Bhutan to counter the Chinese construction.
Visit our multimedia project ‘A 3D deep dive into the India-China border’ here.
World
Fact checkers say YouTube lets its platform be ‘weaponized’
Associated Press
More than 80 fact checking organizations are calling on YouTube to address what they say is rampant misinformation on the platform. In a letter to CEO Susan Wojcicki published Wednesday, the groups say the Google-owned video platform is “one of the major conduits of online disinformation and misinformation worldwide.” YouTube’s efforts to address the problem, they say, are proving insufficient. The problem, these groups said, is especially rampant in non-English speaking countries and the global south.
Kim Kardashian and Floyd Mayweather sued by investors over alleged crypto scam
CNBC
Ryan Browne
A class action lawsuit filed last Friday in the U.S. District Court for the Central District of California accuses EthereumMax and its celebrity promoters of working together to artificially inflate the price of the token by making “false or misleading statements” in social media posts.
Ventilator recall and profit warning double whammy slam Philips
Reuters
Bart H. Meijer
Shares in Philips plunged 15% on Wednesday, their worst intra-day drop in over 20 years, after the Dutch health technology group warned supply chain woes would hit profits and a ventilator recall needed to be expanded.
China
Team GB athletes offered temporary phones over China spying fears
The Guardian
Sean Ingle
The British Olympic Association will offer temporary phones to Team GB athletes and staff at next month’s Winter Olympics in Beijing after fears they could be spied on by the Chinese government. While the British delegation will not be banned from taking their own mobile devices, they have been warned against doing so by the BOA because it fears the authorities could install spyware to extract private information or track future activity.
German IT security watchdog: No evidence of censorship function in Xiaomi phones
Reuters
Germany's federal cybersecurity watchdog, the BSI, did not find any evidence of censorship functions in mobile phones manufactured by China's Xiaomi Corp (1810.HK), a spokesperson said on Thursday. Lithuania's state cybersecurity body had said in September that Xiaomi phones had a built-in ability to detect and censor terms such as "Free Tibet", "Long live Taiwan independence" or "democracy movement".
USA
Facebook judge rejects argument for FTC chair's recusal: 'Courts must tread carefully’
Reuters
Alison Frankel
Deference to the president’s power to pick the heads of federal agencies won out over potential concerns about the appearance of impartiality in a ruling on Tuesday in the U.S. Federal Trade Commission’s antitrust case against Facebook Inc.
How an ‘Ethical’ Hacker Convention Is Fueling Trump’s Big Lie
VICE
Spenser Mestel
A few days a year, hacking enthusiasts at DEFCON race to see if they can prove voting machines are not secure. The event is fodder for disinformation.
How to Cyberproof the Private Sector
Foreign Affairs
Raj M. Shah and Kiran Sridhar
To address the current cybersecurity deficit, the U.S. government will need to facilitate far greater sharing of intelligence data about cyberthreats throughout the economy. Congress can do this by passing legislation to overhaul the Cybersecurity and Infrastructure Security Agency’s (CISA) information-sharing program, the Automated Indicator Sharing (AIS) initiative, and by establishing the Bureau of Cyber Statistics to regularly publish security data. But information alone will not solve the current cybersecurity crisis. A comprehensive cyberdefense strategy will also require new ways of getting companies themselves to act quickly on the most important threats and to put in place the best defenses.
North-East Asia
Japan urges more chip tie-ups with Taiwan at trade talks
Reuters
Sarah Wu
Japan called for greater collaboration with Taiwan on semiconductors at a bilateral economic and trade meeting on Tuesday. TSMC, the world's largest contract chipmaker, announced last year that it would set up a research and developmentcentre in Japan, as well as a $7 billion chip plant with Sony Group.
Africa
Sub-Saharan Africa lost R30bn due to govt internet shutdowns, report says
News24
Lenin Ndebele
Countries in Sub-Sahara Africa lost a combined R30.88 billion ($1.93 billion) from their economies because of widespread internet shutdowns by regimes, as demonstrations and crackdowns on opposition and civic society ensued last year. This is contained in the Global Cost of Internet Shutdowns 2021 report, released on Monday. According to the report, "75% of government (global) internet outages were associated with additional human rights abuses, an increase of almost 80% compared with 2020".
Nigerians give muted welcome to end of Twitter ban
Reuters
Nigerians on Thursday reacted with mingled relief and indifference to the government's decision to lift a ban on Twitter, saying many in Africa's biggest economy had stayed connected via virtual private networks (VPN).
Americas
Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware
Citizen Lab
John Scott-Railton, Bill Marczak, Paolo Nigro Herrero, Bahr Abdul Razzak, Noura Al-Jizawi, Salvatore Solimano, and Ron Deibert
The Citizen Lab and Access Now have conducted a joint investigation into Pegasus hacking in El Salvador in collaboration with Frontline Defenders, SocialTIC, and Fundación Acceso. We confirmed 35 cases of journalists and members of civil society whose phones were successfully infected with NSO’s Pegasus spyware between July 2020 and November 2021. We shared a sample of forensic data with Amnesty International’s Security Lab which independently confirms the findings.
Report: Dozens of El Salvador journalists, activists hacked
Associated Press
Christopher Sherman and Frank Bajak
Dozens of journalists and human rights defenders in El Salvador had their cellphones repeatedly hacked with sophisticated spyware over the past year and a half, an internet watchdog said Wednesday. Reporting on its latest findings about use of the Israeli firm NSO Group’s Pegasus spyware, the University of Toronto’s Citizen Lab said it had identified a Pegasus operator working almost exclusively in El Salvador in early 2020.
UK
MI5 warning over 'Chinese agent' in Parliament
BBC
Gordon Corera and Jennifer Scott
MI5 has issued a rare warning that an alleged Chinese agent has infiltrated Parliament to interfere in UK politics. An alert from the security service said Christine Ching Kui Lee "established links" for the Chinese Communist Party (CCP) with current and aspiring MPs. She then gave donations to politicians, with funding coming from foreign nationals in China and Hong Kong. It comes after a "significant, long-running" investigation by MI5, Whitehall sources told the BBC.
The son of a woman named by MI5 as a suspected Chinese spy resigned from a Labour MP’s team
Business Insider
Thomas Colson and Henry Dye
The son of a woman identified as a suspected Chinese agent worked for Labour MP Barry Gardiner until he resigned “earlier today”, the former shadow minister has said. MI5, the UK’s Security Service, has issued an alert warning MPs and Lords that they should avoid Christine Lee. The notice, seen by Insider, said she had “knowingly engaged in political interference activities” on behalf of the Chinese Communist Party.
See our report on the Chinese Communist Party’s foreign interference ‘The party speaks for you’ here.
EU
Liberals in EU parliament seek inquiry into abuse of spyware
Associated Press
Vanessa Gera
European Parliament lawmakers called Wednesday for a committee to investigate rights abuses by European Union governments using powerful spyware produced by Israel’s NSO Group.
Switzerland tests digital currency payments with top investment banks
Reuters
John Revill and Tom Wilson
Switzerland's central bank has successfully used digital currency to settle transactions involving five commercial banks, the Swiss National Bank said on Thursday, the latest trial of the technology in wholesale markets.
German police used a tracing app to scout crime witnesses. Some fear that’s fuel for covid conspiracists.
Washington Post
Rachel Pannett
Authorities in Germany are under fire for tracking down witnesses to a potential crime by using data from a mobile phone app that was intended to help identify close contacts of people infected with the coronavirus. The apparent misuse of the data has been criticized by privacy advocates, who fear that such sensitive information will be used for non-pandemic-control purposes. The incident is also likely to provide fodder for vaccine doubters, some of whom have taken on a broader anti-government stance.
Misc
Surveillance will follow us into ‘the metaverse,’ and our bodies could be its new data source
Washington Post
Tatum Hunter
There are few limits on what information companies can collect, store and share about you. Investigations by The Washington Post and other publications have found companies sharing personal data such as your name, email and location with third parties without disclosing who those third parties are. Apps shoot off data about you while you cook, work and sleep — and even after you’ve asked them not to track you.
Big data is dead. Small AI is here.
Protocol
Companies including Landing AI and Mariner are helping take defect detection to the next level with AI software, betting that manufacturers want highly customized algorithmic models to monitor for product defects. And they have another selling point that flies in the face of what we know about most big data-hungry AI systems: Their models work using very small datasets.
Twitter just released its latest diversity numbers. Here's how it stacks up against the rest of tech.
Protocol
Michelle Ma
The company made some strides in representation for women, as well as Black and Latinx employees. Women now make up 44.7% of Twitter employees globally, up from 42.7% on January 1, 2021. Black employees make up 9.4% of the U.S. workforce, compared to 6.9% at the beginning of the year. Latinx representation in the U.S. rose from 5.5% to 8%. When it comes to leadership and technical roles, the figures are a bit lower, though still improved from last year.
Research
Jobs
ICPC Analyst / Project Lead - Cyber Capacity Building
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for a talented Analyst / Project Lead to support a new project that looks at supporting states in the Indo-Pacific in defending against cyber-enabled theft of intellectual property. The successful candidate will work in a small, high-performing team to produce original research and analysis that directly informs broader diplomatic and cyber capacity building activities on the topic of equipping countries globally with tools to defend against the use of cyber tools to steal IP for commercial purposes.Together with a project lead on Learning and Development and the Project Director, the analyst will also participate in international workshops, provide training to foreign governments and present to other external stakeholders.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.