NEW ASPI ICPC REPORT: Australia needs to lead again in 5G | Seven charged in global hacking ring | Oracle's Tik-Tok bid leaves open security questions
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Australia and some other countries have eliminated specific vendors from their 5G supply chains, but the space is globally contested and there is no consensus on what happens next. There is a need for a trusted ecosystem of vendors, which may also bring enormous opportunities for states, including Australia, to develop sovereign 5G capabilities and grow their 5G market. However, barriers to entry and a lack of consensus among key 5G stakeholders across the public and private sectors are holding up progress towards these goals. ASPI
Five Chinese nationals working as part of a well-resourced hacking group and two Malaysian nationals have been charged in connection with a global hacking campaign that hit hundreds of targets in the U.S. and around the world in multiple industries, the Department of Justice announced Wednesday. The operation is linked to an advanced persistent threat group known as APT41, which private security firms have tied to the Chinese government. U.S. indictments unsealed Wednesday alleged that the activity is tied to China’s Ministry of State Security (MSS), a civilian intelligence agency. CyberScoop
Oracle Corp.’s bid for TikTok falls short of resolving concerns of Trump administration officials that the Chinese-owned video-sharing app poses a risk to U.S. national security, according to people familiar with the matter. Bloomberg
ASPI ICPC
Ensuring a trusted 5G ecosystem of vendors and technology
Rajiv Shah, ASPI
Australia and some other countries have eliminated specific vendors from their 5G supply chains, but the space is globally contested and there is no consensus on what happens next. There is a need for a trusted ecosystem of vendors, which may also bring enormous opportunities for states, including Australia, to develop sovereign 5G capabilities and grow their 5G market. However, barriers to entry and a lack of consensus among key 5G stakeholders across the public and private sectors are holding up progress towards these goals.
Australia needs to take the lead on 5G again. Rajiv Shah, ASPI Strategist
Telstra rolls out anti-phishing pilot for feds
Innovation Aus
Telstra will roll out a program to block malicious text messages pretending to be from Services Australia agencies by the end of the year, with the federal government looking to apply this to all telcos.. A recent report by the Australian Strategic Policy Institute also called on the government to fund a Clean Pipes cybersecurity strategy to provide better levels of default security for customers.
Read Tom Uren’s report ‘Clean pipes: Should ISPs provide a more secure internet?’ here.
H&M cuts ties with Chinese supplier over Xinjiang forced labour accusations
Agence France-Presse
Swedish clothing giant H&M said on Tuesday it was ending its relationship with a Chinese yarn producer over accusations of “forced labour” involving ethnic and religious minorities from China’s Xinjiang province.
Read our report ‘Uyghurs for sale’ here.
Australia
Draft legislation proposed by Federal Government would allow your personal data to be shared between government agencies
ABC News
@Clarke_Melissa
If it sometimes seems like different arms of the government don't talk to each other, it might be because they can't.
How an Australian cybersecurity firm helped decipher Zhenhua Data leak
The Guardian
Canberra company recovered vast trove of information from corrupted China files.
The Australian industries most targeted by hackers
Australian Financial Review
Manufacturers have experienced a near three-fold increase in cyber attacks in the wake of the coronavirus pandemic, as cyber criminals seek to leverage their importance to extract large ransom payments.
Beijing threat to Chinese migrants needs to be tackled, experts say
Sydney Morning Herald
@erykbagshaw @Gallo_Ways
Dr van der Kley said establishing an encrypted national security hotline was critical to ensure the safety of community whistleblowers providing politically sensitive information. He said media organisations owned by foreign governments operating in Australia should have to identify government-ownership in their content.
An Opportunity for Strengthening U.S.-Australian Cyber Cooperation
Lawfare
To anticipate bilateral cooperation on cyber, the U.S. and Australia should focus on three initiatives: resumption of high-level exchanges between policymakers on cybersecurity, restoring a cyber Track 1.5 Dialogue by 2021’s Australian-United States Ministerial Consultations (AUSMIN) meeting, and increasing cooperation between the Australian Cyber Security Centre and the United States’s Cyber Command and intelligence community.
Australia wants to be a cyber superpower
Information Age
Australia is one of the world’s most powerful nations in cyberspace but we still has a lot of room to improve, according to a new report from Harvard.
Liberal MP Craig Kelly's hydroxychloroquine claims should be removed from social media, regulator says
The Guardian
@Paul_Karp
ACMA says social media companies would be expected to remove harmful material about health under proposed codes of conduct.
When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number
mango.pdf.zone
@mangopdf
My friend is asking whether I can “hack this man” not because I am the kind of person who regularly commits cyber treason on a whim, but because we’d recently been talking about boarding passes.
ASIS launches skilled recruits campaign
Australian Associated Press
The Australian Secret Intelligence Service is launching a new recruitment campaign to find technologists and other highly skilled people to fill a number of roles.
Have your say on digital inclusion in Western Australia
WA Government
We invite you to provide your feedback on the Western Australian Government’s approach to making WA a digitally inclusive State, and your lived experiences in accessing and using the internet and technology in WA.
China
Beijing is publicizing its philosophy of how tech firms like TikTok must aid China’s rise
Quartz
@Jane_Li911
The decree lists several approaches for the Party to improve its influence over the private sector, including strengthening ideological and political guidance for entrepreneurs so they will be “politically sensible,” arming them with Xi Jinping Thought (a political doctrine developed by the Chinese president for consolidating the Party’s power), and building a team of “high-quality” entrepreneurs whom the Party can rely on “at critical moments.”
Just How Screwed is Huawei?
ChinaTalk
@jordanschnyc
A run on Huawei phones shows how their mobile business may be even more directly hit than their 5G base stations.
USA
Five Chinese nationals, two Malaysians charged in connection with global hacking campaign
CyberScoop
@shanvav @evanperez
Five Chinese nationals working as part of a well-resourced hacking group and two Malaysian nationals have been charged in connection with a global hacking campaign that hit hundreds of targets in the U.S. and around the world in multiple industries, the Department of Justice announced Wednesday. The accused Chinese hackers allegedly compromised technology providers and installed software backdoors in their networks, giving themselves a portal to collect information. The operation is linked to an advanced persistent threat group known as APT41, which private security firms have tied to the Chinese government. U.S. indictments unsealed Wednesday alleged that the activity is tied to China’s Ministry of State Security (MSS), a civilian intelligence agency.
Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally. Department of Justice
Remarks by Deputy Attorney General Jeffrey A. Rosen at an Announcement of Charges and Arrests in Computer Intrusion Campaigns Related to China. Department of Justice
National Guard Cybersecurity Units Ready to Protect Election
Bank Info Security
@DougOlenick
So Far, 10 States Are Calling on the Guard for Help.
Amazon Plans to Put 1,000 Warehouses in Suburban Neighborhoods
Bloomberg
@spencersoper
The facilities, which will eventually number about 1,500, will bring products closer to customers, making shopping online about as fast as a quick run to the store. It will also help the world’s largest e-commerce company take on a resurgent Walmart Inc.
North-East Asia
UK
GCHQ’s Manchester move ushers in new era for UK spy chiefs
The Financial Times
The move — intended to foster more collaboration with tech experts in business and academia — marks a shift towards greater public engagement as spy chiefs concede they need help from industry to stay competitive in the new era of digital espionage. It’s a changing world, and technology is changing faster than ever,” said Simon, the Manchester station chief...Simon, who nevertheless declined to give his surname for security reasons, insists the move to Heron House is more than a rebranding exercise, saying it marks a “fundamental change [in] how we behave as an organisation”.
The Americas
Inside Huawei’s campaign to influence Canadian public opinion
The Globe and Mail
Huawei Canada maintains a dossier of people it calls “key opinion leaders” in this country who it believes could help the Chinese telecom equipment maker in its campaign to stop extradition proceedings against top executive Meng Wanzhou and avoid being banned from 5G mobile networks in Canada. The list of the key influencers, obtained by The Globe and Mail, has been sent to the headquarters of parent company Huawei Technologies Co. Ltd. in Shenzhen, which has shared it with the Chinese government, according to a source.
Misc
Oracle’s TikTok Bid Leaves Open Some U.S. Security Concerns
Bloomberg
@SalehaMohsin @JenniferJJacobs @nwadhams
Oracle Corp.’s bid for TikTok falls short of resolving concerns of Trump administration officials that the Chinese-owned video-sharing app poses a risk to U.S. national security, according to people familiar with the matter.
Republican Senators Send Letter To Trump Opposing TikTok-Oracle Deal. Bloomberg
With TikTok Deal, Oracle Could Gain Billion-Dollar Cloud Customer.
The Information
Microsoft's underwater data centre resurfaces after two years
BBC News
@BBCRoryCJ
Two years ago, Microsoft sank a data centre off the coast of Orkney in a wild experiment. That data centre has now been retrieved from the ocean floor, and Microsoft researchers are assessing how it has performed, and what they can learn from it about energy efficiency.
Twitter Suspends Account of Chinese Virologist Who Claimed Coronavirus Was Made in a Lab
Newsweek
In May, the platform introduced new labels and warnings messages designed to show "context and information" on tweets containing disputed COVID-19 claims.
Google is tightening rules on internal message boards as ‘new world creates urgency’
CNBC
@JENN_ELIAS
Google is expanding its internal content moderation practices, requiring employees to more actively moderate resources they control and to go through training, according to documents viewed by CNBC.
Nvidia's Arm Deal Would Make It the Center of the Chip World
Wired
@willknight
Combining the two chipmakers would unite leaders in two big tech trends—artificial intelligence and mobile computing.
Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw
ZDNet
@campuscodi
New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.
Google Threat Analysis Group Bulletin: Q3 2020
Google
This bulletin includes coordinated influence operation campaigns terminated on our platforms in July of 2020.
Research
Public attribution of cyber intrusions
Journal of Cybersecurity
@egflo
The analysis demonstrates the importance of the meaning-making process to understanding the politics of attribution and the rewards of theoretically integrating it into the politics of secrecy and exposure of covert activities of states.
Going global: Comparing Chinese mobile applications’ data and user privacy governance at home and abroad
Internet Policy Review
We examine and compare data and privacy governance by four China-based mobile applications and their international versions: Baidu, Toutiao and its international version TopBuzz, Douyin and its international version TikTok, and WeChat.
Jobs
Events
Malcolm Turnbull and Peter Coroneos talk geopolitics, the Internet and democracy: how does this all play out?
ITWire
@alexonline888
Peter Coroneos, who organised the 30th Anniversary of the Internet celebrations last year, is hosting a dialogue at 12pm AEST on Friday, September 25, between himself and The Hon. Malcolm Turnbull, 29th Prime Minister of Australia.