New intel reports indicate fresh efforts by Russia to Interfere in 2022 Election | Beijing tightens grip on ByteDance | WhatsApp Can't Ban the Taliban Because It Can't Read Their Texts
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The Biden administration is receiving regular intelligence reports indicating Russian efforts to interfere in US elections are evolving and ongoing, current and former officials say, and in fact, never stopped, despite President Joe Biden's warnings to Russian President Vladimir Putin over the summer and a new round of sanctions imposed in the spring. CNN
For months, China has sought to bring its bustling internet sector to heel with an intensifying series of antitrust crackdowns and data security probes. The moves give Beijing more insight into the inner workings some of the world’s most valuable privately held tech companies, including ByteDance which owns some of the most popular apps in China, such as Douyin and Toutiao, along with TikTok. The Information
The Taliban are using the Facebook-owned chat app to spread messages to Afghan citizens as they take over the country. VICE
World
INTERPOL issues global alert as fraudsters target governments with COVID-19 vaccine scams
INTERPOL
INTERPOL has issued a global alert for organized crime groups attempting to defraud governments with fake offers to sell COVID-19 vaccines. The INTERPOL alert, issued to all 194 member countries, is based on information provided by vaccine manufacturers and highlights the types of modus operandi used in the attempted scams, including the use of fake social media accounts and websites.
Australia
How hackers can use message mirroring apps to see all your SMS texts — and bypass 2FA security
The Conversation
Syed Wajid Ali Shah, Jongkil Jay Jeong & Robin Doss
It’s now well known that usernames and passwords aren’t enough to securely access online services. As such, the implementation of two-factor authentication (2FA) has become a necessity. But as with any good cybersecurity solution, attackers can quickly come up with ways to circumvent it. They can bypass 2FA through the one-time codes sent as an SMS to a user’s smartphone. Yet many critical online services in Australia still use SMS-based one-time codes, including myGov and the Big 4 banks: ANZ, Commonwealth Bank, NAB and Westpac.
Wires above qubits see UNSW researchers take quantum control step
ZDNet
@dobes
Scientists at the University of New South Wales (UNSW) have devised a new placement of control wiring that they hope will scale up to controlling millions of qubits.
China
Beijing Tightens Grip on ByteDance by Quietly Taking Stake, China Board Seat
The Information
@JuroOsawa @beijingscribe
For months, China has sought to bring its bustling internet sector to heel with an intensifying series of antitrust crackdowns and data security probes. In one example that hasn’t been previously reported, the Chinese government in April quietly took a stake and a board seat in TikTok owner ByteDance’s key Chinese entity, according to corporate records and people with knowledge of the matter. The move gives Beijing more insight into the inner workings of ByteDance, the world’s most valuable privately held tech company, which owns some of the most popular apps in China, such as Douyin and Toutiao, along with TikTok.
Shenzhen is paying online businesses to sell somewhere besides Amazon
Quartz
@marcbain_
In the wake of the disruption Amazon caused to the industry of Chinese companies that rely on its marketplace, Shenzhen, China’s tech hub, is offering cross-border e-commerce companies 2 million yuan ($309,000) to set up their own online stores independent of Amazon, the South China Morning Post reports. Sellers based in the city who were affected by the crackdown were also invited to a meeting by Shenzhen’s commerce bureau as part of an effort to “study and formulate relevant solutions” to the situation, it added.
Shenzhen is giving 2 million yuan to cross-border e-commerce merchants as ‘made in China, sold on Amazon’ sellers continue to suffer
South China Morning Post
@YanziDeng_Iris
Shenzhen is offering cross-border e-commerce merchants a subsidy of 2 million yuan as encouragement to find alternatives to Amazon
USA
New intel reports indicate fresh efforts by Russia to interfere in 2022 election
CNN
@KatieBoWillCNN @NatashaBertrand @MarquardtA
The Biden administration is receiving regular intelligence reports indicating Russian efforts to interfere in US elections are evolving and ongoing, current and former officials say, and in fact, never stopped, despite President Joe Biden's warnings to Russian President Vladimir Putin over the summer and a new round of sanctions imposed in the spring. One of the people familiar with the matter confirmed that there have been recent intelligence reports about what the Russians are up to, particularly their efforts to sow disinformation on social media and weaponize US media outlets for propaganda purposes. There are some indications that Moscow is now attempting to capitalize on the debate raging inside the US over vaccines and masking, other sources told CNN. Sources closely tracking Russian activity say that Moscow's tactics are evolving and are more sophisticated than their early 2016 efforts, which included easy-to-trace efforts like buying Facebook ads. They also emphasize that elections are not Moscow's only target.
Secret terrorist watchlist with 2 million records exposed online
Bleeping Comupter
@Ax_Sharma
A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it.
100m T-Mobile Customer Records Purportedly Up for Sale
Threat Post
@LisaVaas
A threat actor is selling what they claim to be 30 million T-Mobile customers’ Social Security and driver license numbers on an underground web forum. The collection is a subset of the purported 100 million records contained in stolen databases.
SEC fines Pearson $1m for misleading investors over cyber breach
Financial Times
@MsHannahMurphy
Pearson has agreed to pay $1m to settle charges from US securities regulators that it knowingly misled investors and downplayed the severity of a 2018 cyber attack that exposed the personal information of millions of students.
US opens formal probe into Tesla’s Autopilot technology
Financial Times
@LaurenFedor @RichardWaters
The US government has launched an investigation into crashes involving Tesla’s Autopilot driverless car technology, after being repeatedly urged to do so by an independent regulator that accused the electric car maker of releasing unproven technology on to public roads.
The Senate’s $1 trillion infrastructure bill includes funding to secure Americans’ water systems and power grids from cyberattacks
The Washington Post
@Cat_Zakrzewski
A Senate bill intended to shore up the nation’s roads, pipes and electric grid includes billions to protect that aging infrastructure from cyberattacks. With a series of high-profile ransomware attacks fresh in their minds, U.S. Senate negotiators wove cybersecurity investments throughout the bipartisan $1 trillion infrastructure proposal, which passed the Senate in a 69-to-30 vote on Tuesday and now moves to the House for a vote. The allocations are a reflection of the growing realization in Congress that a computer attack could leave Americans without water, power or other essentials.
Microsoft brings Azure Government Top Secret into GA
ZDNet
@StephCondonPDX
Microsoft on Monday announced the general availability of Azure Government Top Secret, a cloud service for government agencies that need to manage top-secret data. The offering is launching with more than 60 services and the promise of more to come soon.
TSMC's new US chip plant facing delay over supplier's boardroom shakeup
Tech Radar
@ThisDotJohn
Taiwan Semiconductor Manufacturing Company's (TSMC) highly anticipated US chip fabrication plant is being threatened with delays as a key supplier finds itself in the throes of a boardroom power struggle.
Culture Change and Conflict at Twitter
The New York Times
@kateconger
Mr. Davis, 43, has played a key role in a behind-the-scenes effort over the past two years to remake Twitter’s culture. The company had long been slow to build products, and under pressure from investors and users, executives landed on a diagnosis: Twitter’s collaborative environment had calcified, making workers reluctant to criticize one another. Mr. Davis, the company believed, was one of the answers to that problem.
Tech Hack Notification Delays Can Leave Corporate Customers in the Lurch
The Wall Street Journal
@catstupp
While companies commonly require their technology providers to disclose incidents that expose their data, many struggle to obtain details that could help them prepare for potential fallout from a cyberattack on their technology supply chain, according to legal and security experts. Cyberattacks in which hackers target a service provider and then use that foothold to access their customers’ networks are receiving scrutiny from policy makers in the U.S. and Europe. Large-scale attacks in recent months on software companies SolarWinds Corp. , Accellion USA LLC and Kaseya Ltd. demonstrate attackers’ ability to infect a large number of companies and government agencies that use the same technology products.
North-East Asia
Why Taiwan is Beating COVID-19 - Again
The Diplomat
@soonw123
Democratic Taiwan, in its attempt to maintain civil liberties, eschewed the more invasive phone-based surveillance technology used by countries in the region. Instead, contact tracers leveraged the records of Taiwanese businesses who encouraged their patrons to leave their contacts either by writing them down on a piece of paper or scanning a business-provided QR code from an app from their phones. BULLET POINT
Read Kelsey Munro & Danielle Cave’s essay, ‘Covid-19 is accelerating the surveillance state’
South-East Asia
Cybersecurity critical in cyber criminals' top target: healthcare sector
The Business Times
Throughout the pandemic, a wave of ransomware attacks disrupted operations in healthcare organisations around the world. Cyber threat actors have been capitalising on the uncertainty and disruption caused by Covid-19 to conduct malicious cyber activities. The healthcare industry continues to be a prime target for cyber criminals as hospitals cannot afford downtime, and the need to access health records and computer systems creates urgency that increases the likelihood that victims will pay their extortionists. Locally, the Cyber Security Agency of Singapore (CSA) received 89 reports of ransomware cases in 2020, marking a 154 per cent rise from the 35 cases reported in 2019. The cases included sectors from the healthcare industry.
Google's Apricot subsea cable will strengthen Asian connections
ZDNet
@LiamT
Google has announced a subsea cable, called Apricot, that will connect Singapore, Japan, Guam, the Philippines, Taiwan and Indonesia. The Apricot cable is expected to be ready for service in 2024 and will complement the recently announced Echo cable that will connect the US, Singapore, Guam and Indonesia.
New Zealand & The Pacific
How Ransomware happens and how to stop it
Cert NZ
Ransomware attacks are becoming increasingly common and sophisticated. This is how CERT NZ’s critical controls can help you stop a ransomware attack in its tracks.
Read our report ‘Exfiltrate, encrypt, extort’
Digicel / Telstra - who wins?
The Village Explainer
@dailypostdan
This is part one of a two-parter on the proposed sale of the Pacific’s newest and biggest telco. Today, we ask who wins if Telstra’s government-backed bid for Digicel’s Pacific assets succeeds.
South and Central Asia
WhatsApp Can't Ban the Taliban Because It Can't Read Their Texts
VICE
@lorenzofb
The Taliban are using the Facebook-owned chat app to spread messages to Afghan citizens as they take over the country. According to The Washington Post, the Taliban sent messages to Kabul residents saying they were in charge of security in the city now, and that citizens should report any looting or "irresponsible" behavior to them.
From 'Night Letters' to the Internet: Propaganda, the Taliban and the Afghanistan Crisis
Global Network on Extremism and Technology
@KabirTaneja
The fast-unfolding crisis in Afghanistan, spearheaded by the Taliban’s territorial juggernaut and the fall of Kabul, also became a significant war of narratives. However, unlike traditional and social media use of other jihadist groups such as Islamic State (IS) and al-Qaeda, the Taliban does not operate in the shadows, but uses every media avenue possible to get its narrative out not just to the people of Afghanistan, but a worldwide audience.
A British 4channer went to Kabul for lulz. Now he’s stuck there.
Input Mag
@stokel
Back in May, when Miles Routledge, a physics student at the U.K.’s Loughborough University who runs a Facebook meme page booked his summer vacation in Afghanistan, he had no idea that by the time he landed in Kabul, the morning of Friday, August 13, the Taliban would be tearing through the country with its eyes on the capital city.
UK
Helping the military shrink its cyber attack surface
UK Government
The Defence and Security Accelerator (DASA) is pleased to launch a new Innovation Focus Area (IFA) called Reducing the Cyber Attack Surface, which aims to develop technologies that reduce the opportunity for cyber attacks on Ministry of Defence (MOD) systems and platforms. This IFA is being run on behalf of Defence Science and Technology laboratory (DSTL) and Defence Science and Technology (DST) and seeks proposals that enable greater confidence and a level of assurance in military systems against cyber-enabled attack.
Internet revamp for the humble landline
BBC News
@chrisbaraniuk
Landline operators in the UK will switch every home phone in the UK to an internet-based connection instead of traditional, copper-wire landlines. A total of 14 million lines are affected.
Europe
Regulating crypto is essential to ensuring its global legitimacy
TechCrunch
@henrikgebbing & Wilhelm Nöffke
Traditional forms of regulation from the fiat world do not reciprocally apply to every aspect of crypto nor to the fundamental nature of blockchain technology. To address the challenges of the fast-evolving blockchain ecosystem, the European Union has begun to introduce more stringent financial regulations that further bolster the regulatory system in order to improve licensing models. Many member states now regulate crypto assets individually, and Germany is leading the way in being the first to regulate cryptocurrencies.
Middle East
Facebook expands transparency, controls on political ads in Iraq
Arab News
Facebook is introducing tools and policies that aim to provide increased transparency and controls on electoral and political ads in Iraq ahead of parliamentary elections on Oct. 10.
Misc
Extending remote work strains companies’ security teams
POLITICO
@samsabin923
The growth of the Delta variant has companies pushing back return-to-work dates, and that’s threatening to further burn out company cybersecurity teams that had hoped to return to something akin to normal after more than a year of troubleshooting VPNs, policing personal wifi networks and rolling out password management systems.
Dark web tool helps cybercriminals shift stolen funds more safely
Tech Radar
@geekybodhi
Cybersecurity experts have run into a new darknet tool that offers criminals a way to check whether their cryptocurrency holdings are linked to known criminal activity. Reporting on the tool, the BBC notes that although cryptocurrencies are thought to be anonymous, law enforcement agencies from around the world have made arrests by tracing tainted cryptocurrency through the public blockchain.
Deep Fakes are now Making Business Pitches
Wired
@tsimonite
The video technology, initially associated with porn, is gaining a foothold in the corporate world. Some partners at EY, the accounting giant formerly known as Ernst & Young, are now testing a new workplace gimmick for the era of artificial intelligence. They spice up client presentations or routine emails with synthetic talking-head-style video clips starring virtual body doubles of themselves made with AI software—a corporate spin on a technology commonly known as deepfakes. The firm’s exploration of the technology, provided by UK startup Synthesia, comes as the pandemic has quashed more traditional ways to cement business relationships.
Attackers Can Weaponize Firewalls and Middleboxes for Amplified DDoS Attacks
The Hacker News
Ravie Lakshmanan
Weaknesses in the implementation of TCP protocol in middleboxes and censorship infrastructure could be weaponized as a vector to stage reflected denial of service (DoS) amplification attacks, surpassing many of the existing UDP-based amplification factors to date.
Tinder will soon make voluntary ID Verification available globally
TechCrunch
@asilbwrites
Tinder announced this morning that in the “coming quarters,” users will be able to verify their ID on the app. While Tinder has made continued investments in safety features, free ID verification can only go so far — especially when voluntary, putting the onus on individual users to decide whether or not they feel comfortable meeting up with unverified users.
Thousands of Wikipedia Pages Vandalized With Giant Swastikas
GIZMODO
@swodinsky
Early Monday morning, the Wikipedia pages for a slew of celebrities, writers, and political figures were replaced by full-page spreads of black and white swastikas on a bright red background. Wikipedia is certainly no stranger to vandalism on some of its more controversial pages, but this incident highlighted one of the lesser-known weaknesses in the platform’s airtight content moderation policies. Instead of targeting the content on any particular Wikipedia page, the vandal behind this blitz targeted a particular article template used by more than 50,000 different Wikipedia pages, including those for Jennifer Lopez, Joe Biden, and Discworld author Terry Pratchett.
Research
Predicting prolific live streaming of child sexual abuse
Australian Institute of Criminology
Timothy Cubitt, Sarah Napier & Rick Brown
Technologically enabled crime has proliferated in recent years. One such crime type is the live streaming of child sexual abuse (CSA). This study employs a machine learning approach to better understand the characteristics of Australians who engaged with known facilitators of CSA live streaming in the Philippines.
China’s Data Ambitions: Strategy, Emerging Technologies, and Implications for Democracies
The National Bureau of Asian Research
@LindsayPGorman
Lindsay Gorman details China’s data ambitions with a particular eye to how they relate to emerging technology goals associated with AI. She then discusses how these efforts complicate democratic values in cyberspace and analyzes options for how democracies can address these threats.
Microsoft wants to use blockchain to tackle software piracy
Tech Radar
Anthony Spadafora
Researchers from Microsoft have devised a new way to fight online piracy using a proposed bounty system called “Argus” that runs on the Ethereum blockchain...Argus on the other hand will allow users to anonymously report piracy in exchange for a bounty. The system will trace pirated content back to the source by using a unique watermark that corresponds with a secret code.
Jobs
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.