NEW ICPC Report: Hunting the Phoenix I Former Uber Security Chief Charged With Concealing Hack I Facebook employees internally question policy after India content controversy
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The Chinese Communist Party (CCP) uses talent-recruitment programs to gain technology from abroad through illegal or non-transparent means. According to official statistics, China’s talent-recruitment programs drew in almost 60,000 overseas professionals between 2008 and 2016. These efforts lack transparency; are widely associated with misconduct, intellectual property theft or espionage; contribute to the People’s Liberation Army’s modernisation; and facilitate human rights abuses. ASPI ICPC
Uber’s former security chief was charged on Thursday with attempting to conceal from federal investigators a hack that exposed the email addresses and phone numbers of 57 million drivers and passengers. The criminal charges filed in U.S. District Court in San Francisco against Joe Sullivan, 52, are believed to be the first against an executive stemming from a company’s response to a security incident. The New York Times
Facebook (FB.O) and its top lobbying executive in India, Ankhi Das, are facing questions internally from employees over how political content is regulated in its biggest market, according to sources with direct knowledge and internal posts seen by Reuters. The world’s largest social network is battling a public-relations and political crisis in India after the Wall Street Journal reported that Das opposed applying the company’s hate-speech rules to a politician from Prime Minister Narendra Modi’s party who had in posts called Muslims traitors. Reuters
ASPI ICPC
NEW REPORT: Hunting the Phoenix: The Chinese Communist Party’s global search for technology and talent
ASPI ICPC
@alexjoske
The Chinese Communist Party (CCP) uses talent-recruitment programs to gain technology from abroad through illegal or non-transparent means. According to official statistics, China’s talent-recruitment programs drew in almost 60,000 overseas professionals between 2008 and 2016. These efforts lack transparency; are widely associated with misconduct, intellectual property theft or espionage; contribute to the People’s Liberation Army’s modernisation; and facilitate human rights abuses.
Turning the spotlight on China’s global effort to recruit scientists
The Strategist
@alexjoske
Attention on the Chinese government’s recruitment of overseas scientists reached a crescendo when renowned Harvard nanotechnology expert Charles Lieber was arrested and charged with hiding his participation in China’s Thousand Talents Plan in January. As ASPI’s new report, Hunting the phoenix: The Chinese Communist Party’s search for technology and talent, explains, he is likely only one among more than 60,000 scientists recruited through over 200 talent recruitment programs run by the Chinese government in an effort to gain technology and talent from abroad since 2008.
How China Targets Scientists via Global Network of Recruiting Stations
The Wall Street Journal
@Kate_OKeeffe @aviswanatha
China is targeting top scientific and technological expertise in the U.S. and other advanced nations through an expanding network of 600 talent-recruitment stations world-wide, a new report partly funded by the U.S. State Department has found. The talent programs, such as the Thousand Talents Plan, are supported by 600 recruitment stations in countries around the world. They include Germany, Australia, the United Kingdom, Canada and Japan, according to the report published by the Australian Strategic Policy Institute, a nonpartisan think tank created by the Australian government. The U.S. has the most with at least 146 stations, the report said.
TikTok failed to bar users it suspected to be under 13
Netz Politik
TikTok failed to bar users it suspected to be under 13. Until March of this year, the category „user_rate“ was also visible in the app’s source code: where users left comments under the videos of others. This was discovered by security researchers of the Australian Strategic Policy Institute (ASPI) when they examined the app.
Tearing Up TikTok
The Wire China
@NorthropKatrina
“That data can then be used to help inform the party-state on how to frame their propaganda for foreign audiences, [and] it could also feed into other datasets that have been acquired by state-backed hackers to create a more vivid picture of the U.S. population,” says Fergus Ryan, an analyst working with the International Cyber Policy Centre, at the Australian Strategic Policy Institute.
Facebook’s latest purge of QAnon conspiracy theory pages unlikely to affect growing Australian following
The Guardian
@knausc
But Elise Thomas, a researcher with the ISD and Australian Strategic Policy Institute, said the Facebook crackdown was unlikely to have any major impact on QAnon in Australia. Thomas, who studies extremism and conspiracy theories, checked Australian QAnon pages on Thursday and saw little to no change.
Twitter moves against QAnon conspiracy theorists. The Strategist
How to talk - and ask - about QAnon. The Washington Post
World
Warning that contact-tracing apps will fail without high uptake
Financial Times
@tim
Contact tracing apps will fail to stem the spread of coronavirus without almost universal uptake and substantial investment in manual track-and-trace programs, researchers at University College London say. A review of more than 4,000 research papers published over the past 20 years found that Covid tracking apps will only reduce the reproduction, or “R”, number to below 1 if they are adopted by more than three-quarters of the population and used in conjunction with “large-scale” manual contact-tracing, according to the study’s lead author, Isobel Braithwaite of UCL’s Institute of Health Informatics.
Australia
Government orders 'urgent review' of health app sharing users' information with lawyers
ABC News
@pjmcgrth @clareblumer
Health Minister Greg Hunt has ordered an "urgent review" of Australia's biggest online doctor appointment booking service, HealthEngine. The ABC earlier reported that the HealthEngine app has funnelled hundreds of users' private medical information to law firms seeking clients for personal injury claims.
Australia needs to build an AI-ready society, according to ANU’s Professor Genevieve Bell
The Mandarin
Agencies across the Australian Public Service must become data-driven so that employees can understand the power of the data and achieve better outcomes, according to Dr Simon Barry, deputy director at CSIRO’s Data61.
Google urges YouTubers around the world to swamp Australian regulator with complaints
The Guardian
@meadea
Google has launched an international scare campaign targeting YouTubers, asking creators and viewers to swamp the Australian competition watchdog with complaints about its proposed mandatory news code. The messaging seeks to pit YouTubers and their fans against “big news businesses” that Google suggests could misuse personal data and make unjustified demands for money to the detriment of YouTube users. It includes an email address for the Australian Competition and Consumer Commission.
China
WeChat Is a Trap for China’s Diaspora
Foreign Policy
@Yaqiu
Anyone outside the country who wants to connect with people in China has to use what is available in China and thus also gets sucked into the Chinese government’s machinery of censorship and surveillance. International WeChat users are estimated at between 100 million and 200 million; there are an average of 19 million daily active users in the United States. A recent study by Citizen Lab showed that WeChat surveils its users outside China to build up the database it uses to censor China-registered accounts. As international users are governed by terms of service and privacy policies of Singapore, it is unclear whether WeChat shares this information with the Chinese government. But it is essential to remember that all Chinese companies are subject to government control.
China cautious on hitting back at US companies after Huawei sanctions
Financial Times
@yuanfenyang
The Trump administration’s targeting of China’s biggest technology groups has prompted concerns of forceful retaliation against US businesses.. But despite mounting political pressure to unveil commensurate restrictions on US businesses in China, Beijing has historically been reluctant to retaliate. Analysts think officials will continue to hold back, as they are reluctant to upset the economic benefits and innovation US companies bring to China.
Text editor Notepad++ banned in China after “Stand with Hong Kong” update
TechCrunch
@ritacyliao
The website of Notepad++ is banned in China as of Monday, “obviously due to” its release of editions named “Free Uyghur” and “Stand with Hong Kong,” the source code and text editor announced on Twitter.
USA
Former Uber Security Chief Charged With Concealing Hack
The New York Times
@kateconger
Uber’s former security chief was charged on Thursday with attempting to conceal from federal investigators a hack that exposed the email addresses and phone numbers of 57 million drivers and passengers. The criminal charges filed in U.S. District Court in San Francisco against Joe Sullivan, 52, are believed to be the first against an executive stemming from a company’s response to a security incident.
List of 2020 election meddlers includes Cuba, Saudi Arabia and North Korea, US intelligence official says
CyberScoop
@shanvav
Cuba, Saudi Arabia, and North Korea are working to influence U.S. elections by running information operations, according to the top counterintelligence official in the Trump administration. All three seek to sow discord as Election Day looms, according to Bill Evanina, the Director of the National Counterintelligence and Security Center at the Office of the Director of National Intelligence. He did not specify the nature and duration of the operations.
Trump asks Supreme Court to let him block critics on Twitter
The Hill
@johnkruzel
The Trump administration on Thursday asked the Supreme Court to reverse a lower court ruling that found President Trump violated the First Amendment by blocking his critics on Twitter.
Open Technology Fund sues administration for $20M in missing funds
Axios
@sarafischer
The Open Technology Fund (OTF) is suing the U.S. Agency for Global Media (USAGM) over roughly $20 million in congressionally appropriated funds it says the government is refusing to provide, Axios has learned.
Disinformation campaign stokes fears about mail voting, using LeBron James image and boosted by Trump-aligned group
The Washington Post
@isaacstanbecker
A prominent Washington-based conservative advocacy organization is promoting a deceptive digital ad campaign that is stoking fears about mail-in voting and targeting battleground states with high concentrations of minority voters. FreedomWorks, the tax-exempt nonprofit that helped launch tea-party protests a decade ago and is now aligned with causes central to President Trump’s reelection, has extensively promoted the website behind the operation, and is the sole organization to do so, according to data from CrowdTangle, a social media analysis tool.
Hackers Target Defense Contractors' Employees By Posing as Recruiters
The Hacker News
The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed 'BLINDINGCAN,' the advanced remote access trojan acts as a backdoor when installed on compromised computers.
News Publishers Join Fight Against Apple Over App Store Terms
The Wall Street Journal
@Benmullin
Major news organizations are joining the growing chorus of companies pushing for more favorable terms on Apple Inc.’s App Store, a crucial link to new digital customers. In a letter to Apple Chief Executive Tim Cook on Thursday, a trade body representing the New York Times, the Washington Post, The Wall Street Journal and other publishers said the outlets want to know what it would take for them to get better deal terms which would allow them to keep more money from digital subscriptions sold through Apple’s app store.
How Hackers Bled 118 Bitcoins Out of Covid Researchers in U.S.
Bloomberg
@KartikayM
Transcripts reveal University of California at San Francisco’s weeklong negotiation to free its ransomware-locked servers. The haggling worked, sort of.
North Asia
Exclusive: Facebook employees internally question policy after India content controversy - sources, memos
Reuters
@adityakalra @MunsifV
Facebook (FB.O) and its top lobbying executive in India, Ankhi Das, are facing questions internally from employees over how political content is regulated in its biggest market, according to sources with direct knowledge and internal posts seen by Reuters. The world’s largest social network is battling a public-relations and political crisis in India after the Wall Street Journal reported that Das opposed applying the company’s hate-speech rules to a politician from Prime Minister Narendra Modi’s party who had in posts called Muslims traitors.
India news: India-Japan-Australia supply chain in the works to counter China
The Economic Times
India, Japan and Australia have begun discussions on launching a trilateral Supply Chain Resilience Initiative (SCRI) to reduce dependency on China. The initiative, first proposed by Japan, is now taking shape, ET has learnt. Dates are being worked out to hold the first meeting of the commerce and trade ministers of the three countries by next week. Australia and the US, amid growing security and transparency concerns, have already entered into an ambitious agreement to create what’s being called a ‘China free’ supply chain for rare earth materials.
UK
Minister admits he was warned about concerns over exams algorithm
The Guardian
@sweale
The education minister Nick Gibb has admitted he was warned about concerns that the algorithm used to determine exam grades could disproportionately affect poorer pupils. In a round of media interviews on the morning GCSE results were published, the minister defended the standardisation system, insisting the model was fair but that it was implemented incorrectly.
A-levels: Ofqual's 'cheating' algorithm under review
BBC News
@janewakefield
The national statistics regulator is stepping in to review the algorithm used by Ofqual to decide A-level grades for students who could not sit exams. One expert said the process was fundamentally flawed and the algorithm chosen by the exam watchdog essentially "cheated".
British Grading Debacle Shows Pitfalls of Automating Government
The New York Times
@satariano
Experts said the grading scandal was a sign of debates to come as Britain and other countries increasingly use technology to automate public services, arguing that it can make government more efficient and remove human prejudices. But critics say the opaque systems often amplify biases that already exist in society and are typically adopted without sufficient debate, faults that were put on clear display in the grading disaster. Nearly 40 percent of students in England saw their grades reduced after the government re-evaluated the exams, known as A-levels, with the software model.
What part did the Russians play in Brexit?
The Sydney Morning Herald
@chrizap
The release of the Russia report in the UK last month has raised more questions than it answered. But the most troubling question it raises is about what role, if any, the Kremlin played in the drive to the Brexit vote.
Poor Cybersecurity Behaviors Prevalent Amongst UK Remote Workers
InfoSecurity
Nearly a quarter (23%) of UK office workers rely on unauthorized devices to work from home, a new study by CybSafe has found. The research revealed that poor personal cybersecurity practices are commonplace amongst workers operating outside of corporate environments, which is worrying as home working is expected to become far more prevalent following the COVID-19 crisis.
Europe
Twitter Data Case Sparks Dispute, Delay Among EU Privacy Regulators
The Wall Street Journal
@samschech
European Union privacy regulators are clashing over how much—if anything—to fine Twitter Inc. for its handling of a data breach disclosed last year, delaying progress of the most advanced cross-border privacy case involving a U.S. tech company under the EU’s strict new privacy law.
Africa
Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified
The Hacker News
The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers. While Experian itself didn't mention the number of affect customers, in a report, the South African Banking Risk Information Centre—an anti-fraud and banking non-profit organization who worked with Experian to investigate the breach—disclosed that the attacker had reportedly stolen data of 24 million South Africans and 793,749 business entities.
Misc
"Deepfakes" and the Law of Armed Conflict: Are They Legal?
Lieber Institute West Point
The use of misleading “deepfakes” has risen dramatically across the globe. As with so much of emerging technology, deepfakes will inevitably become a part of armed conflict. While perfidious deepfakes would almost certainly violate the law of armed conflict, those that amount to ruses would not. Other considerations about the impact on the civilian population are also necessary to determine what uses of deepfakes in armed conflict would be legal.
A popular fertility app shared data without user consent, researchers say
The Washington Post
@TonyaJoRiley
Fertility app Premom says it offers more than a half-million users a “simple, effective and affordable solution for all trying to conceive.”
The popular app, which consistently ranks among the top search results for fertility apps in both the Apple App and Google Play stores, asks users to upload details about their sexual health to receive personalized, remote analysis to help predict how to get pregnant. But Premom’s app for Android was also collecting a broad swath of data about its users and sharing it without their permission with three Chinese companies focused on advertising, according to research the International Digital Accountability Council provided to The Washington Post.
The Lawfare Podcast: Alex Stamos on Fighting Election Disinformation in Real Time
Lawfare
This week on Lawfare's Arbiters of Truth series on disinformation, Evelyn Douek and Quinta Jurecic spoke with Alex Stamos, the director of the Stanford Internet Observatory and former chief security officer of Yahoo and Facebook. Alex has appeared on the podcast before, but this time, they discussed a new coalition he helped set up called the Election Integrity Partnership—a coalition focused on detecting and mitigating attempts to limit voting or delegitimize election results. Disinformation and misinformation around the U.S. presidential election has already started popping up online, and it’s only going to increase as November draws closer. The coalition aims to counter this in real time. So how will it actually work?
IBM AI-Powered Data Management Software Subject to Simple Exploit
Threat Post
The IBM’s next-gen data-management software suffers from a shared-memory vulnerability that researchers said could lead to other threats — as demonstrated by a new proof-of-concept exploit for the bug.
Events
Countering violent extremism: In-conversation with His Excellency Abdulla Al Subousi
ASPI
ASPI is delighted to invite you to join Leanne Close, head of ASPI’s Counter-Terrorism Program in-conversation with HE Mr. Abdulla Al Subousi, United Arab Emirates Ambassador to Australia to talk about current counter-terrorism perspectives. Ambassador Al Subousi will discuss the persistent nature of ISIL in parts of Syria and Iraq, Al Qaeda and other violent extremist groups in the region. The conversation will also focus on extremists’ continued use of online environments encouraging supporters to commit terrorist actions, the recent UAE agreement with Israel, as well as other continuing conflicts and unrest in the Middle East, and how these events influence terrorist extremist propaganda and calls to violence. The Ambassador will discuss these issues, identify policy options for combatting terrorism, and take questions from our online audience.
Date: 25 August, 5:00pm - 5:45pm.
Register to attend here.
WDSN Careers Panel: Where to from here?
ASPI
ASPI's Women in Defence and National Security Network is delighted to invite you to our second WDSN Careers Panel of 2020. While the pandemic makes our traditional WDSN events unfeasible, we are excited to bring you a panel of four distinguished women to talk about their career pathways in the defence and national security sector. In this panel our speakers will discuss their career pathways, and how they answered the question 'where to from here?' throughout their careers to date, and how they would tackle that question in the current environment of uncertainty.
Date: 26 August, 5:30pm - 6:30pm.
Register to attend here.
Jobs
Assistant Professor in Intelligence and Security
University of Leiden
The Research Group Intelligence and Security studies intelligence from a political, historical, ethical, judicial, and methodological perspective. Our main goal is to improve our understanding of how intelligence and security services operate, how their methodologies can be complemented, and how they are and have been embedded in their broader political, bureaucratic, and societal context - in the Western world and, emphatically, beyond. Applications due 15th September 2020.
Professorship in Legal Tech
University of Zurich
The University of Zurich is seeking applications for a Professorship in Legal Tech to take effect from the beginning of the Spring Semester 2021 (1 February 2021), or by arrangement. The position is to be filled by an academic with an outstanding legal track record and excellent knowledge of information technology, whose research focuses on the impact of digital technologies in the field of law. Applications are due by 6 September 2020.