NEW REPORT: Weaponised deep fakes webinar at noon I Cyber-intel firms pitch governments on spy tools to trace coronavirus I NSO Employee Targets Love Interest with Phone Hacking Tech

Apr 29, 2020

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

Deep fake technology isn’t inherently harmful. The underlying technology has benign uses, from the frivolous apps that let you swap faces with celebrities to significant deep learning algorithms (the technology that underpins deep fakes) that have been used to synthesise new pharmaceutical compounds and protect wildlife from poachers. ASPI
Company documents reviewed by Reuters show at least 8 cyber-intelligence firms, better known for selling hacking and surveillance tools, are now pitching coronavirus-tracking products to governments around the world. Reuters
An employee of controversial surveillance vendor NSO Group abused access to the company's powerful hacking technology to target a love interest, Motherboard has learned. Motherboard

Today at noon (AEDT), ASPI’s International Cyber Policy Centre is running a webinar with the co-authors of the ‘Weaponised deep fakes - National security and democracy’ report.

Join the authors of the report, ASPI's Hannah Smith and Katherine Mansted, of ANU's National Security College, for a discussion moderated by APSI's Danielle Cave, about the deep fake landscape, how this technology can be weaponised and what can be done to mitigate its impact.

The launch will be streamed via Facebook live and then posted to YouTube.

If you would like to take part, there is still time to register here.

Danielle Cave @DaniellesCave

New @ASPI_ICPC policy report out this morning on weaponised deep fakes and the implications for national security & democracy by @Hannah_ASPI & @KMansted (with special foreword)

Weaponised deep fakesPlease enable javascript to access the full functionality of this siteaspi.org.au

ASPI ICPC

Weaponised deep fakes - National security and democracy
ASPI
@Hannah_ASPI @KMansted
Deep fake technology isn’t inherently harmful. The underlying technology has benign uses, from the frivolous apps that let you swap faces with celebrities to significant deep learning algorithms (the technology that underpins deep fakes) that have been used to synthesise new pharmaceutical compounds and protect wildlife from poachers. However, ready access to deep fake technology also allows cybercriminals, political activists and nation-states to quickly create cheap, realistic forgeries. This technology lowers the costs of engaging in information warfare at scale and broadens the range of actors able to engage in it. Deep fakes will pose the most risk when combined with other technologies and social trends: they’ll enhance cyberattacks, accelerate the spread of propaganda and disinformation online and exacerbate declining trust in democratic institutions.

War by other means
Inside Story
@tomatospy
Despite having become a significant tool in strategic competition between nations, cyber operations are poorly understood. Keyboard warriors engage in daily hand-to-hand combat in cyberspace, yet governments and the public are only slowly coming to grips with their implications and policymakers are struggling to decide how to react.

Elise Thomas @elisethoma5

This is an amazing resource for journalists, researchers, students, and curious people who like their facts verified and disinfo debunked - and it's free! Also featuring a case study by @BenDoBrown and myself on an OSINT investigation on disinfo in West Papua.

Craig Silverman @CraigSilverman

IT’S HERE! The new Verification Handbook for Disinformation and Media Manipulation is online and avialable for free. Let some of the world’s best experts teach you to investigate our chaotic information environment. Link and thread: https://t.co/aq42a4Xuad #OSINT #journalism https://t.co/ROsQ072XQ4

Australia

Coronavirus Australia: COVIDSafe App hoax texts start circulating
NewsComAu
@JackGramenz
Health Minister Greg Hunt has issued a stark warning to people thinking about spreading misinformation about the COVIDSafe app, warning there can be significant penalties for those who don’t heed the simple warning.

Coronavirus app data will stay here despite US security laws, Health Minister says
The Sydney Morning Herald
@MaxKoslowski
Health Minister Greg Hunt has assured Australians that US authorities will not be able to access data collected by the government's coronavirus tracing app as crossbench senator Jacqui Lambie raised fears the information could be misused. Mr Hunt on Tuesday said he had received advice from Attorney-General Christian Porter's office that protections under Australia's Biosecurity Act would trump any overseas laws.

I'm more worried about Mark Zuckerberg than this government and its tracing app
The Sydney Morning Herald
Our privacy is constantly being eroded, whether by CCTV, scammers or our beloved smartphones — search for “Google Timeline” or “iPhone significant locations” if you’d like to experience acute paranoia. But the COVIDSafe app might just be the first privacy incursion that benefits us, instead of advertisers or the state.

Vanessa Teague @VTeagueAus

1/11: Why there are there two almost-opposite technical threads here, one saying "#covidsafeapp gathers so much LESS data than anything else on your phone," and another saying "this app gathers info that no other app on your phone collects"? The answer is that they're both true.

China

China starts major trial of state-run digital currency
The Guardian
@heldavidson
China will begin trialling payments in its new digital currency in four major cities from next week, according to domestic media.

Beijing doubles down in EU propaganda battle
Politico
China is pushing ahead with a propaganda campaign critical of Western democracies and their handling of the coronavirus, even after protests from Paris and a high-profile diplomatic dispute between Beijing and the EU over Chinese disinformation.

China’s new cybersecurity rules could hit foreign service providers
South China Morning Post
@simonelmc
China has tightened rules for how certain companies must safeguard national security when choosing network products and services, raising concerns among the foreign firms who provide those services. The new guidelines, released on Monday and set to come into force on June 1, will affect operators of “critical information infrastructure”, requiring them to undergo a cybersecurity review process for any procurements that could have national security implications.

Creating a True One-Stop Solution for Companies to Go Global: Announcing a Partnership Between Cloudflare and JD Cloud & AI
Cloudflare
Cloudflare has announced a significant strategic partnership with JD Cloud & AI, the cloud and intelligent technology business unit of Chinese Internet giant JD.com. Through this partnership, we’ll be adding 150 data centers in mainland China, an increase in the region of over 700%. The partnership will also enable JD to provide a Cloudflare-powered service to China-based customers. As a result, it will create a one-stop solution for companies both inside and outside of China to go truly global.

Huawei strikes European chip tie-up as fears rise over US curbs
Nikkei Asian Review
Huawei Technologies is working with French-Italian chipmaker STMicroelectronics to co-design mobile and automotive-related chips as it seeks to shield itself from Washington's possible tightening of export restrictions on the Chinese company.

The Chinese and American Apps Winning the Next Billion Users
Marco Polo
@mattsheehan88
While the US foreign policy community has focused extensively on 5G infrastructure and artificial intelligence, it has not paid sufficient attention to the question of adoption of Chinese and American consumer tech apps in emerging markets.

Matt Sheehan @mattsheehan88

Key dimension of US-China tech competition is currently playing out in countries across the developing world. So I analyzed data on the most downloaded apps in six key countries for 2015 & 2019. Here’s what I found: thread 1/

USA

Special Report: Cyber-intel firms pitch governments on spy tools to trace coronavirus
Reuters
@joel_schectman @Bing_Chris @jc_stubbs
When law enforcement agencies want to gather evidence locked inside an iPhone, they often turn to hacking software from the Israeli firm Cellebrite. By manually plugging the software into a suspect’s phone, police can break in and determine where the person has gone and whom he or she has met. Now, as governments fight the spread of COVID-19, Cellebrite is pitching the same capability to help authorities learn who a coronavirus sufferer may have infected.

Reuters Graphics @ReutersGraphics

Countries are turning to technology to monitor the spread of COVID-19. Some are using voluntary “contact-tracing” apps. Spy firms say they should use mass surveillance instead. Here’s how the two methods work: tmsnrt.rs/3f00GRK

CEO of Surveillance Firm Banjo Once Helped KKK Leader Shoot Up a Synagogue
One Zero
@MattStroud
Documents available to the public and reviewed by OneZero — including transcripts of courtroom testimony, sworn statements, and more than 1,000 pages of records produced from a federal hate crime prosecution — reveal that Damien Patton, CEO of SoftBank-backed Banjo, actively participated in white supremacist groups in his youth and was involved in the shooting of a synagogue.

U.S. appeals court asks why Facebook encryption order should stay sealed
Reuters
@josephmenn
Federal appeals court judges asked prosecutors on Tuesday why a lower court could seal a ruling that absolved Facebook from having to wiretap a criminal suspect using one of the company’s encrypted services.

States Expand Internet Voting Experiments Amid Pandemic, Raising Security Fears
NPR
@MilesParks
Election officials nationwide are preparing for what may the highest election turnout in modern history in the middle of a pandemic. In response, several states will be turning to a relatively new and untested form of internet-based voting to aid the voters who may have the most trouble getting to the polls.

South Asia

WhatsApp eyes credit feature for users in India
TechCrunch
@refsrc
WhatsApp has listed credit as one of the areas it could explore in the country. The Facebook-owned service declared providing credit or loan as one of the “main objects to be pursued by it in the country” with the local regulator earlier this month.

UK

International Security @ChathamHouseISR

💡 The Commonwealth Cyber Declaration has put #cybersecurity on the agenda of all 53 member states. ➡️ With the support of @LondonCyber, we have implemented a project over the last 2 yrs, looking at how the Declaration can be implemented. Thread 1/6

UK cyber-security chief advises NHS on tracing app
Financial Times
@helenwarrell
One of Britain’s most senior spies has been drafted in to advise the government on how to secure the NHS’s contact tracing app — a vital part of the UK’s plan to lift lockdown restrictions in the coming weeks. Ian Levy, technical director of the National Cyber Security Centre, a branch of Britain’s communications intelligence agency GCHQ, is advising the UK’s health service on how it can encrypt data and ensure privacy, according to people with knowledge of the arrangements.

UK's coronavirus contacts tracing app could ask users to share location data
Tech Crunch
@riptari
Matthew Gould, who heads up the digital transformation unit of the UK’s National Health Service, said while giving evidence to the UK parliament’s Science & Technology Committee that future versions of the app could ask users to share location data to help authorities learn more about how the virus propagates.

Digital divide 'isolates and endangers' millions of UK's poorest
The Guardian
@anniekelly
Lockdown is creating a stark digital divide in the UK, with 1.9 million households with no access to the internet and tens of millions more reliant on pay-as-you-go services to make phone calls or access healthcare, education and benefits online.

Financial Times reporter Mark Di Stefano ‘spied on Zoom meetings at rival papers’
The Times
@mattkmoore
The Financial Times has begun an investigation into one of its journalists for allegedly accessing rival publications’ private Zoom calls. Mark Di Stefano is accused of listening in to virtual meetings at which staff at The Independent and the London Evening Standard learnt whether they would be affected by wage cuts and furloughing prompted by the lockdown.

Europe

Casper Klynge @KlyngeC

Worth noticing Vestager's definition: 'Digital sovereignty is about being able to control what we are doing. Not to do everything by ourselves or being completely independent. But to have the final say about what is ongoing here in order to maintain our regulatory sovereignty’.

CERRE @CERRE_ThinkTank

😱Missed our live with Margrethe @vestager and Pascal Lamy on Europe’s #digital sovereignty in the age of pandemics? 🦠 ▶️Here is your catch up session: https://t.co/mTaLhegAhI

Germany flips to Apple-Google approach on smartphone contact tracing
Reuters
Germany changed course on Sunday over which type of smartphone technology it wanted to use to trace coronavirus infections, backing an approach supported by Apple and Google along with a growing number of other European countries.

Can We Track COVID-19 and Protect Privacy at the Same Time?

How robots contribute to easing coronovirus fallout
Deutsche Welle
As the coronavirus pandemic has emptied factory floors all over Germany, Patrick Schwarzkopf cannot help but sing a song of praise for the thousands of mechanic helpers that are keeping at least some production lines rolling or might prove their worth once factories reopen.

Russia

Moscow’s Fraudsters Sell Fake #COVID19 Freedom Passes
Infosecurity
@philmuncaster
Muscovite fraudsters are capitalizing on the city’s COVID-19 lockdown by offering to sell desperate citizens the digital passes they now need to travel around the city. Singapore-based security vendor Group-IB said it had helped identify 126 websites, Telegram channels and social media accounts peddling the fake passes.

Middle East

NSO Employee Abused Phone Hacking Tech to Target a Love Interest
Motherboard
@josephfcox
An employee of controversial surveillance vendor NSO Group abused access to the company's powerful hacking technology to target a love interest, Motherboard has learned. The previously unreported news is a serious abuse of NSO's products, which are typically used by law enforcement and intelligence agencies.

Shelby Grossman @shelbygrossman

🌟Today Facebook suspended 18 Pages that posted pro-Saif Gaddafi content. The Pages do not appear to be linked to a government - they were suspended for using inauthentic accounts. Our team was watching these Pages, so here's a new blog post on the cluster cyber.fsi.stanford.edu/io/content/oya…

Misc

In surprise choice, Zoom hitches wagon to Oracle for growing infrastructure needs
TechCrunch
@ron_miller
With the company growing in leaps and bounds, Zoom went shopping for a cloud infrastructure vendor to help it with its growing scale problem. In a surprising choice, the company went with Oracle Cloud Infrastructure.

Google’s Meet teleconferencing service now adding about 3 million users per day
The Verge
@jaypeters
Google’s Meet teleconferencing service is now adding about 3 million users per day, Google CEO Sundar Pichai announced on the company’s first quarter earnings call. That’s up quite a bit from earlier this month — Google had said that more than 2 million new users were were connecting on the service every day as of April 9th.

This Australian Bartender Found an ATM Glitch and Blew $1.6 Million
Vice
Bartender discovers a logic fault in how ATM's handle payments, spends millions, feels guilty and eventually goes to A Current Affair to get taken seriously and turn himself in: "but the court was weird because no one actually understood what I did — not the judge, not the prosecutor — so it was very odd."

Research

Discussion Paper: An analysis of the “New IP” proposal to the ITU-T
Internet Society
The Internet continues to evolve at a rapid pace. New services, applications, and protocols are being developed and deployed in many areas, including recently: a new transport protocol (QUIC), enhancements in how the Domain Name System (DNS) is accessed, and mechanisms to support deterministic applications over Ethernet and IP networks. These changes are only possible because the community involved includes everyone from content providers, to Internet Service Providers, to browser developers, to equipment manufacturers, to researchers, to users, and more. Given this backdrop it is concerning that a proposal has been made to ITU-T[1] to start a further long-term research now and in the next “study period”to develop a “top-down design for the future network.”