New ASPI Report: Uyghurs for sale | Home Affairs savaged over poor data retention laws oversight | Millions of tweets peddled conspiracy theories about coronavirus in other countries
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
A new ASPI ICPC report has found that the Chinese government has facilitated the mass transfer of Uyghur and other ethnic minority citizens from the far west region of Xinjiang to factories across the country. Under conditions that strongly suggest forced labour, Uyghurs are working in factories that are in the supply chains of at least 83 well-known global brands in the technology, clothing and automotive sectors, including Apple, BMW, Gap, Huawei, Nike, Samsung, Sony and Volkswagen. ASPI ICPC.
Australia's Department of Home Affairs doesn't even know how many agencies have been authorised to access telecommunications metadata without a warrant, let alone what for, but the cops want more. ZD Net.
Roughly 2 million tweets peddled conspiracy theories about the coronavirus over the three-week period when the outbreak began to spread outside China, according to an unreleased report from an arm of the State Department, raising fresh fears about Silicon Valley’s preparedness to combat a surge of dangerous disinformation online. Washington Post.
ASPI ICPC
Uyghurs for sale
ASPI ICPC
New report - The Chinese government has facilitated the mass transfer of Uyghur and other ethnic minority citizens from the far west region of Xinjiang to factories across the country. Under conditions that strongly suggest forced labour, Uyghurs are working in factories that are in the supply chains of at least 83 well-known global brands in the technology, clothing and automotive sectors, including Apple, BMW, Gap, Huawei, Nike, Samsung, Sony and Volkswagen. Local Chinese governments and private brokers are paid a price per head for workers on the labour assignments. Some factories appear to be using Uyghur workers sent directly from ‘re-education’ camps. Chinese authorities and factory bosses manage these Uyghur workers by ‘tracking’ them both physically and electronically. One provincial government document describes a central database that extracts information from a WeChat group and an unnamed smartphone app that tracks the movements and activities of each worker. Between 2017 and 2019, ASPI estimates that at least 80,000 Uyghurs were transferred out of Xinjiang and assigned to factories through labour transfer programs under a central government policy known as ‘Xinjiang Aid’. The transfer of Uyghur workers to factories in eastern and central China in 2020 has continued during the COVID-19 outbreak.
Read the report.
China compels Uighurs to work in shoe factory that supplies Nike
Washington Post
Members of China’s Muslim minority are brought to toil in factories, some supplying Western brands.China transferred detained Uighurs to factories used by global brands – report
The Guardian
@lilkuo
At least 80,000 Uighurs working under ‘conditions that strongly suggest forced labour’, says Australian Strategic Policy Institute.China Uighurs 'moved into factory forced labour' for foreign brands
BBC
Between 2017 and 2019, the ASPI think tank estimates that more than 80,000 Uighurs were transferred out of the far western Xinjiang autonomous region to work in factories across China. It said some were sent directly from detention camps.Xinjiang forced labour reported in multinational supply chains
FT
Think-tank finds evidence of Uighur detainees making parts for likes of Apple and Huawei.
World
Republican mega-donor buys stake in Twitter and seeks to oust Jack Dorsey – report
The Guardian
@MartinPengelly
A major Republican donor has purchased a stake in Twitter and is reportedly seeking to oust its chief executive, Jack Dorsey.
Meet the white-hat group fighting Emotet, the world's most dangerous malware
ZD Net
@campuscodi
For more than a year, a group of security researchers and system administrators have banded together to fight back against Emotet, today's most active and dangerous malware operation.
If We Build It (They Will Break In)
Lawfare Blog
There’s a cautionary tale about wiretapping from the 1990s that has bearing on today’s encryption battles.
This Is Huawei’s Alarming New Surprise For Google: Here’s Why You Should Be Concerned
Forbes
@UKZak
The surprise news leaking out of Huawei this week is huge—Huawei Search is on its way, and will soon launch “as part of the Huawei ecosystem.”
Australia
‘Neglected’ democracy vulnerable to authoritarian rule in era of disinformation, Labor’s Tim Watts says
The Guardian
@murpharoo
Labor frontbencher Tim Watts says rebuilding public trust in a free media, civil society and parliaments has become a critical national security imperative, because restoring institutional trust is the most effective antidote to ubiquitous disinformation.
Home Affairs savaged over poor data retention laws oversight
ZD Net
@stilgherrian
Australia's Department of Home Affairs doesn't even know how many agencies have been authorised to access telecommunications metadata without a warrant, let alone what for, but the cops want more.
Credit cards, addresses and phone numbers vulnerable: More than one million energy customers’ privacy at risk
SMH
One of Australia’s biggest energy companies has put the privacy of its 1.1 million retail gas and electricity customers at risk due to “reckless” cyber security and data protection systems.
A nerd in charge: the lapsed playwright shaping Australia's online future
Brisbane Times
@FergusHunter
Fletcher's theatrical history contrasts with his very sober public persona today. A self-confessed nerd, the moderate Liberal MP holds a consequential and highly technical portfolio, making decisions that will shape the future of the internet and media in Australia.
Sun Yang fans troll Mack Horton with death threats after doping verdict
News.com.au
@tottotdsport
Angry supporters of Chinese swimmer Sun Yang have made threats against Aussie swimmer Mack Horton and a member of his family.
USA
Millions of tweets peddled conspiracy theories about coronavirus in other countries, an unpublished U.S. report says
Washington Post
@tonyromm
Roughly 2 million tweets peddled conspiracy theories about the coronavirus over the three-week period when the outbreak began to spread outside China, according to an unreleased report from an arm of the State Department, raising fresh fears about Silicon Valley’s preparedness to combat a surge of dangerous disinformation online.
Facebook sues SDK maker for secretly harvesting user data
ZD Net
@campuscodi
The social networking giant claims that OneAudience paid app developers to install its Software Development Kit (SDK) in their apps, and later used the control it had over the SDK's code to harvest data on Facebook users.
US Congress Passes Bill Funding 'Rip and Replace' for Huawei Gear
AFP
US lawmakers have passed legislation offering $1 billion to help telecom carriers "rip and replace" equipment from Chinese tech firms Huawei and ZTE amid national security concerns.
Clearview AI Faces California, Illinois Lawsuit After Breach (1)
Bloomberg
@realdanstoller
Clearview AI faces allegations of violating California’s landmark privacy law after the facial recognition company said it had a data breach.
Apple Just Disabled Clearview AI's iPhone App For Breaking Its Rules On Distribution
Buzzfeed News
@_loganmacdonald
A BuzzFeed News analysis of Clearview AI’s app for Apple’s mobile operating system found that the company had been violating the iPhone maker’s rules to distribute its apps to law enforcement agencies and other customers.
A high school student created a fake 2020 candidate. Twitter verified it
CNN
Earlier this month, Walz's account received a coveted blue checkmark from Twitter as part of the company's broader push to verify the authenticity of many Senate, House and gubernatorial candidates currently running for office. But there's just one problem: Walz does not exist. The candidate is the creation of a 17-year-old high school student from upstate New York, CNN Business has learned.
Trump again nominates Ratcliffe for DNI post
SC Magazine
In a curious deja vu, President Trump is nominating Rep. John Ratcliffe, R-Texas, as director of National intelligence (DNI), although Ratcliffe was widely panned as unqualified when Trump floated him as a replacement for Dan Coats last summer, prompting the president to withdraw his name.
The RNC Stopped Paying a Data Firm After A Serious Breach. Then It Paid A Mysterious LLC With the Same Address.
ProPublica
@MikesSpiesNYC
Three years after the Republican National Committee publicly sidelined the sullied firm, it paid an LLC with the same address $900,000 for “data services.” The RNC said it wouldn’t “waste any more breath explaining these innocuous issues.”
Asia
TA505 hacking crew spent much of 2019 trying to breach South Korea's financial sector
CyberScoop
@jeffstone500
A gang of hackers with a long history of financially motivated attacks increased its targeting of businesses in South Korea last year, using a combination of malicious attachments and ransomware to haunt victims, according to new findings.
‘Comeleak’ hacker cleared of cybercrime charges
Inquirer.net
A Manila court has dismissed the cybercrime case against an information technology graduate who was charged in connection with the hacking of the Commission of Elections (Comelec) website in 2016—the biggest private data leak in Philippine history.
In Kashmir, a spree of arrests for alleged ‘misuse’ of social media and masking apps
Scroll.in
@safwatzgr
Keen to clamp down on VPN use, the security forces first resorted to physical checks of smartphones, as multiple Kashmir residents told Scroll.in. Then, on February 17, the Jammu and Kashmir Police’s cyber wing filed a first information report on the alleged “misuse of social media” through VPNs. The FIR invoked the Unlawful Activities Prevention Act and various sections of the Indian Penal Code against unknown persons.
UK
Website Owners Beware: DHS Just Seized This Innocent Domain—Yours Could Be Next
Forbes
@UKZak
This small U.K. company came in for a shock when its email stopped working and the IT guys decided to check the website.
Europe
Huawei to build first European 5G factory in France to soothe Western nerves
SCMP
Huawei will build its first European manufacturing plant in France, its chairman said on Thursday, as the Chinese telecoms giant seeks to ease worldwide concerns stoked by US charges that Beijing could use its equipment for spying.
Switzerland files criminal complaint over Crypto spying scandal
Reuters
The Swiss government has filed a criminal complaint over the U.S. Central Intelligence Agency’s alleged use of a cryptography company as a front to spy on various governments’ secret communications, the Swiss attorney general’s office said on Sunday.
Misc.
Seven hackers have now made a million dollars each from bug bounties, says HackerOne
ZD Net
@daphneleprince
The bug bounty platform doubled in size in just a year. Its new report shows that ethical hacking is becoming a lucrative pastime.
Children in the Democratic Republic of Congo mine for coltan and face abuse to supply smartphone industry
ABC
The story of coltan is about much more than mining profits and technological wonder. It is also a story of exploitation.
Cloud Computing Is Not the Energy Hog That Had Been Feared
NYT
@SteveLohr
The digital services churned out by the world’s computer centers are multiplying, but their energy use is not, thanks to cloud computing, a new study says.
Events
The Bushfire Crisis and Indigenous Land Management
ASPI
ASPI warmly invites you to attend a panel discussion to consider the practice of Indigenous Land Management techniques.
TIME: 5:30 pm - 7:30 pm
VENUE: ASPI Auditorium, Ground Level, 40 Macquarie St, Barton, Canberra 2600