New Zealand Accuses China-Backed Hackers of Parliament Cyberattacks | FTC considering lawsuit against TikTok amid China ties criticism | Leaked documents uncover Chinese hackers targeting Australia
Good morning. It's Wednesday 27th March.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Follow us on Twitter and on LinkedIn.
New Zealand has accused Chinese state actors of engaging in "malicious cyber activity" targeting its parliament in 2021, echoing U.S. and U.K. claims, prompting condemnation from Australia, while China disputes allegations amidst U.S. sanctions and indictments against alleged Chinese hackers and associated entities. CNBC
Amidst bipartisan concerns over TikTok's ties to China, the Federal Trade Commission considers suing the social media giant for privacy violations, including allegations of data access by Chinese entities, adding to the company's mounting troubles. POLITICO
Leaked documents reveal that Australia was targeted by Chinese hackers affiliated with the Communist Party, shedding light on the operations of a cybersecurity company, i-Soon, which facilitates government-backed cyberattacks worldwide. The Australian Financial Review
ASPI
China’s use of foreign open-source software, and how to counter it
The Strategist
Albert Zhang
Since open-source software is shared freely and developed collaboratively, China’s efforts to develop local versions forces democracies to decide whether they should allow their own software engineers to contribute to Chinese projects that may end up modernising the country’s military, intelligence and political systems.
Australia
Leaked documents reveal Australia targeted by Chinese hackers
The Australian Financial Review
Max Mason and Andrew Tillett
A Chinese cybersecurity company with links to the Communist Party government used its guns-for-hire hacking operation to target Australia, leaked documents reveal. The revelation regarding the company, i-Soon, came as the Albanese government joined international condemnation of another state-affiliated hacking group in China that targeted UK politicians and compromised Britain’s Electoral Commission.
Australia sends hi-tech sensors to International Space Station
The Mandarin
Dan Holmes
The International Space Station (ISS) has received a powerful new 3D mapping tool from Australia, with love. The device combines two CSIRO innovations — Stereo-Depth Fusion and Wildcat Simultaneous Localisation and Mapping — to produce high-quality data about the surrounding environment and its own movements through space. Astronauts will fit the device onto Astrobee, a NASA robot platform that roams the station and can assist with a range of tasks.
Warnings data collected by Coles and Woolworths leading to unfair market
ABC News
David Chen
Queensland Fruit and Vegetables Growers said the data held by the two big supermarkets gave them immense power over producers. CEO Rachel Chambers said the data, combined with the use of supply agreements with growers, allowed supermarkets to control the supply and demand of fresh produce. Coles and Woolworths are both doubling down on big data – Coles earlier this year signed a deal with US defence company Palantir to "optimise its workforce", while Woolworths purchased data company Quantium in 2021 for $223 million.
Algorithms that predict crime are watching – and judging us by the cards we’ve been dealt
The Conversation
Tatiana Dancy
The New South Wales police recently scrapped a widely condemned program known as the Suspect Targeting Management Plan. It used algorithmic risk scores to single out “targets”, some as young as ten years old, for police surveillance. But similar programs remain in place. For instance, Corrective Services NSW uses a statistical assessment tool called LSI-R to predict whether prisoners will reoffend.
China
China cyber-attacks explained: who is behind the hacking operation against the US and UK?
The Guardian
Jonathan Yerushalmy
The US and UK have imposed sanctions on individuals and groups that they say targeted politicians, journalists and critics of Beijing in an extensive cyber espionage campaign – allegedly operated by an arm of China’s ministry of state security. The scale of the operation was revealed on Monday, although some of the attacks have been previously reported on. On Tuesday, New Zealand blamed “state-sponsored” Chinese hackers for a 2021 cyber-attack that infiltrated sensitive government computer systems.
APT31: the Chinese hacking group behind global cyberespionage campaign
Reuters
James Pomfret and Yew Lun Tian
The United States and Britain filed charges and imposed sanctions on a company and individuals tied to a Chinese state-backed hacking group named APT31 that they allege engaged in a sweeping cyber espionage campaign. This group was allegedly run by China's Ministry of State Security and targeted millions of people, mostly in the U.S. and Britain, for more than a decade including officials, lawmakers, activists, academics and journalists, and firms ranging from defence contractors to a U.S. smartphone maker.Chinese cyber attacks ‘must stop’, says Penny Wong
The Australian
Ben Packham
Foreign Minister Penny Wong, who had “frank” talks with Chinese counterpart Wang Yi last week, condemned Beijing’s ongoing campaign of state-sponsored hacking. “The persistent targeting of democratic institutions and processes has implications for democratic and open societies like Australia. This behaviour is unacceptable and must stop,” Senator Wong said in a statement with Cybersecurity Minister Clare O’Neil.
USA
TikTok’s troubles just got worse: The FTC could sue them, too
POLITICO
Josh Sisco
The Federal Trade Commission has been investigating TikTok over allegedly faulty privacy and data security practices, and could decide in the coming weeks to bring a lawsuit or settlement, according to three people with direct knowledge of the matter. The commission is weighing allegations that TikTok, and its Beijing-based parent company ByteDance, deceived its users by denying that individuals in China had access to their data, and also violated a children’s privacy law, according to the people, who were granted anonymity to discuss a confidential matter.
Congress hands China another win
The Hill
Zoe Lofgren
Earlier this month, Congress voted to fund a portion of the federal government in a so-called minibus appropriations bill. Much of our nation’s science and technology enterprise is included in this bill, including the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST). In a remarkably shortsighted action, the budgets for these flagship science agencies were slashed in this legislation.
The U.S. investors caught in the scrum over TikTok
The New York Times
Lauren Hirsch
A bill to force ByteDance to sell TikTok is winding its way through the Senate after sailing through the House this month. Questions about whether TikTok’s Chinese ties make it a national security threat are mounting. And U.S. investors including General Atlantic, Susquehanna International Group and Sequoia Capital — which collectively poured billions into ByteDance — are facing increased pressure from state and federal lawmakers to answer for their investments in Chinese companies.
Florida's DeSantis signs law restricting social media for people under 16
Reuters
Florida Governor Ron DeSantis on Monday signed a bill that bans children aged under 14 from social media platforms and requires 14- and 15-year-olds to get parental consent, a measure supporters say will protect them from online risks to their mental health. The measure requires social media platforms to terminate the accounts of people under 14 and those of people under 16 who do not have parental consent. It requires them to use a third-party verification system to screen out those who are underage.
Launch of the United States Guidance for Online Platforms on Protecting Human Rights Defenders Online
Center For Strategic & International Studies
On March 18, the United States released public guidance to help technology companies counter attacks targeting human rights defenders online. This guidance builds on joint recommendations released by the United States and European Union, which set out 10 voluntary actions online platforms can take to bolster support for defenders under threat. The United States developed this guidance in response to the rapid growth of online threats against HRDs around the world.
Southeast Asia
Malaysia on track to have 25,000 cyber defenders by 2025
New Straits Times
Iylia Marsya Iskandar and Asila Jalil
Malaysia is on track to fill the existing 12,000 cybersecurity specialist shortage. Prime Minister Datuk Seri Anwar Ibrahim said the collaboration with Canadian software company Blackberry Limited to open the Cybersecurity Center of Excellence was one of the ways to reach Malaysia's target of 25,000 cyber defenders by 2025.
Ukraine - Russia
How drone combat in Ukraine is changing warfare
Reuters
Mariano Zafra, Max Hunder, Anurag Rao and Sudev Kiyada
The war in Ukraine has been characterised by drone deployment of unprecedented scale, with thousands of unmanned aerial vehicles used to track enemy forces, guide artillery and bomb targets. Reuters analysed more than 50 videos of drone attacks, collated research and spoke to over a dozen manufacturers, soldiers and officials about how the technology is transforming warfare.
Microsoft says Russian companies will be forced off its cloud services within days
TechRadar
Luke Hughes
Despite recent reports that Microsoft was all set to ban Russian companies from its suite of cloud services from March 20, it turns out this still isn’t in effect, but should be by the end of March 2024 - this week - instead, after the company held discussions with IT platform Softline, one of its customers.
Europe
Europe wields new tech law to protect EU election
POLITICO
Clothilde Goujard
The European Union is ordering Big Tech firms to help it secure its upcoming election in June, amid fears of disinformation and online hacking threats. Major online platforms like Facebook, X, YouTube and TikTok will have to increase their efforts to fight disinformation ahead of the bloc's election under its new content moderation law, the Digital Services Act, the European Commission said Tuesday. The Commission, which enforces the law on two dozen very large online platforms and search engines, released new guidelines to mitigate risks to elections like falsehoods going viral and coordinated Russian bot campaigns or fake media.
US targets Russian fintech operators for Ukraine sanctions evasion work
Reuters
David Lawder
The U.S. Treasury on Monday said it had imposed sanctions on Russian financial services and technology players, including blockchain firm Atomyze, for developing or offering services in virtual assets aimed at evading Ukraine war-related sanctions on Russia. The Treasury said its Office of Foreign Assets Control (OFAC) designated 13 entities and two individuals in the latest round of sanctions, opens new tab targeting Russia's core financial infrastructure to block its use of the international financial system to further its Ukraine war aims.
Germany warns of 17K vulnerable Microsoft Exchange servers exposed online
Bleeping Computer
Sergiu Gatlan
According to the German Federal Office for Information Security, around 45,000 Microsoft Exchange servers in Germany have Outlook Web Access enabled and are accessible from the Internet. Approximately 12% of these servers still use outdated versions of Exchange (2010 or 2013), which have not received security updates since October 2020 and April 2023, respectively.
Africa
Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance
The Record by Recorded Future
Dina Temple-Raston, Sean Powers and Cat Schuknecht
In cryptocurrency and law enforcement circles, Tigran Gambaryan is a bit of a legend. As a special agent with the Internal Revenue Service he investigated financial crimes and he came to specialize in something a lot of agents, at least initially, didn’t quite understand: the blockchain. Gambaryan became the Zelig of dark market takedowns, from Alpha Bay to the child porn marketplace Welcome to Video to the unmasking of Ross Ulbricht, the man behind the Silk Road market. He was one of the first government investigators to figure out that an underlying assumption about cryptocurrency — that it was anonymous — just wasn’t true.
NZ & Pacific Islands
New Zealand accuses China-backed hackers of cyberattacks on parliament
CNBC
Dylan Butts
New Zealand has accused China of “malicious cyber activity” linked to Chinese state actors, who targeted its parliament in 2021. The government “expressed concerns today about malicious cyber activity, attributed to groups sponsored by the Chinese Government,” New Zealand’s Foreign Minister Winston Peters said on Tuesday.
Artificial Intelligence
Inside the shadowy global battle to tame the world's most dangerous technology
POLITICO
Mark Scott, Gian Volpicelli, Mohar Chatterjee, Vincent Manancourt, Clothilde Goujard and Brendan Bordelon
For the past year, a political fight has been raging around the world, mostly in the shadows, over how — and whether — to control AI. This new digital Great Game is a long way from over. Whoever wins will cement their dominance over Western rules for an era-defining technology. Once these rules are set, they will be almost impossible to rewrite.
Keep AI on a tight leash or embed bias, experts say
The Australian Financial Review
Alexandra Cain
Regulating and controlling the powerful and wide-ranging technology of artificial intelligence will require a complex response that includes ways to manage risks such as misinformation and deepfakes, experts say. AI is powered by complex algorithms, which are essentially mathematical equations. They sometimes have billions of different parameters and don’t produce the same outcome twice But the algorithms, which help determine everything from the ads we are shown to the jobs we are considered for, can sometimes produce concerning results. AI’s potential to reinforce discrimination is one of its most worrying effects.
Yes, Kate is a victim of a deepfake world. But there was never any room for truth
The Australian
Toby Walsh
The conspiracy theories circulating about Kate Middleton were put to rest last week after the Princess of Wales released a video message on her official social media accounts describing an ongoing battle with cancer. Or were they? Netizens immediately questioned whether the cancer video was fake. The princess’s voice was robotic. The leaves in the background weren’t moving in the wind. The video was, according to some, clearly an AI fake. This was just the latest example of how we are living in a world in which the authenticity of everything we see or hear is up for debate. And there are, it seems, good reasons for doubt.
Misc
Why state-sponsored cyber sabotage is on the rise
The Australian
Mike Rogers
In the new era of state-sponsored sabotage, digital bombs are easier to plant, harder to detect but potentially just as devastating. Boards and governments must be vigilant and prioritise addressing this ticking technology time bombs.
Events & Podcasts
The Sydney Dialogue
ASPI
The Sydney Dialogue was created to help bring together governments, businesses and civil society to discuss and progress policy options. We will forecast the technologies of the next decade that will change our societies, economies and national security, prioritising speakers and delegates who are willing to push the envelope. We will promote diverse views that stimulate real conversations about the best ways to seize opportunities and minimise risks.
Reimagining Cyber Capacity-Building in Southeast Asia
ANU Philippines Institute
This seminar will showcase the key findings and outcomes of Cyber ASEAN that resulted from its two-year multistakeholder consultations in Indonesia, Malaysia, Philippines, and Viet Nam throughout 2022 – 2023. The panel of experts will share their views on the increasing need for more context-specific cyber capacity-building initiatives to achieve lasting impact and sustainability amid the speedy digital transformation and increasing geopolitical tensions in Southeast Asia and more broadly, the Indo-Pacific.
Jobs
ASPI Northern Australia Strategic Policy Centre (NASPC) Administration Officer
ASPI
This role also works across the Head of the NASPC's alternate policy centres, the Strategic Policing and Law Enforcement Program, involving work across illicit drugs, illicit finance, transnational serious organised crime, and modern slavery, and ASPI’s Counter-terrorism Policy Centre. The successful applicant will have the chance to assist with coordinating a project in the first half of 2024 focused on northern Australia's connections with Pacific Island Countries, liaising with senior Government and international representatives. The closing date for applications is 29 March 2024– an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
Director of Cyber, Technology & Security (CTS)
ASPI
ASPI is looking for an exceptional and experienced leader to lead our largest team focused on emerging security challenges, particularly in cyberspace and the information domain. Director CTS leads ASPI’s largest team to develop and deliver a range of applied research projects on existing and emerging security challenges. CTS’ projects range across cyber and critical infrastructure security, critical and emerging technologies, national resilience and social cohesion, and hybrid threats. The closing date for applications is 22 April 2024 – an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
China Analyst or Senior Analyst
ASPI
ASPI has an exciting opportunity for an analyst or senior analyst to explore China's evolving foreign and security policy, political economy and impact on the Indo-Pacific and the world. ASPI’s China analysts conduct rigorous data-driven research, publish impactful reports that shape the public policy discourse and contribute to the wide catalogue of influential China work published by ASPI. The difference between the analyst and senior analyst levels will depend on experience level and demonstration of past work. The closing date for applications is 10 May 2024– an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.