North Korean Hacking Group Attacks Israeli Defense Industry I ByteDance Censored Anti-China Content in Indonesia Until Mid-2020 I US Government Dismantled Three Terror Finance Cyber-Enabled Campaigns
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Israel claimed Wednesday that it had thwarted a cyberattack by a North Korea-linked hacking group on its classified defense industry. The Defense Ministry said the attack was deflected “in real time” and that there was no “harm or disruption” to its computer systems. However, security researchers at ClearSky, the international cybersecurity firm that first exposed the attack, said the North Korean hackers penetrated the computer systems and were likely to have stolen a large amount of classified data. The New York Times
Chinese tech giant ByteDance censored content it perceived as critical of the Chinese government on its news aggregator app in Indonesia from 2018 to mid-2020. The sources said that local moderators were instructed by a team from ByteDance’s Beijing headquarters to delete articles seen as “negative” about Chinese authorities on the Baca Berita (BaBe) app. Reuters
The Justice Department today announced the dismantling of three terrorist financing cyber-enabled campaigns, involving the al-Qassam Brigades, Hamas’s military wing, al-Qaeda, and Islamic State of Iraq and the Levant (ISIS). This coordinated operation is detailed in three forfeiture complaints and a criminal complaint unsealed today in the District of Columbia. These actions represent the government’s largest-ever seizure of cryptocurrency in the terrorism context. The United States Justice Department
ASPI ICPC
Australia
The Base: Exporting Accelerationist Terror
Southern Poverty Law Center
@jason_a_w
A Hatewatch investigation has revealed that the U.S.-centered accelerationist white power group The Base had a sprawling international network of recruits and overseas cells that was even more extensive than that revealed in a recent BBC investigation. After BBC TV’s “Panorama” showed how The Base expanded its network to Europe, Hatewatch can reveal that it also had success in expanding to a society whose settler history parallels the U.S.: Australia. Recorded vetting interviews, application documents, social media posts and The Base’s own internal chats show that the network, led by Rinaldo Nazzaro (who operated online under the pseudonyms “Norman Spear” and “Roman Wolf”), had some success in exporting both its ideology and organizing model to Europe and settler cultures such as Australia.
The rise of 'sovereign people' and why they argue laws don't apply to them
The Feed
@edengillespie
Sovereign people have claimed that Australian laws do not apply to them and argue in some circumstances that they do not have to pay taxes. But experts say their claims hold no legal basis.
Read Elise Thomas’s article Why do conspiracy theorists film themselves refusing to wear face masks? The Strategist
National Security Podcast: Australia’s Cyber Security Strategy - Policy Forum
Policy Forum
In this special episode of the National Security Podcast, Katherine Mansted is joined by Alastair MacGibbon, Gai Brodtmann and Rory Medcalf to discuss Australia’s recently released National Cyber Security Strategy.
Australia says no India-like ban on Chinese apps at this stage despite tensions with Beijing
The Print
Australia has decided not to ban Chinese mobile applications at this stage but recognises that each country will make a decision based on its own national interest, a senior Australian official said on Thursday, weeks after India banned several Chinese apps.
Defence consolidates cyber capabilities
Australian Computer Society
Cyber security expertise and training will be blended with military rigour as the government steps up efforts to improve its ability to defend against malicious cyber attacks on the virtual battlefield. The allocation of $1.4b in Defence cyber capabilities over 20 years, outlined in the Department of Defence 2020 Force Structure Plan, backs an ambitious agenda for cyber defences that will commit an average $70m per year to support the Australian Defence Force (ADF) through projects such as the Joint Project 9131 Defensive Cyberspace Operations.
USA
Global Disruption of Three Terror Finance Cyber-Enabled Campaigns
The United States Department of Justice
The Justice Department today announced the dismantling of three terrorist financing cyber-enabled campaigns, involving the al-Qassam Brigades, Hamas’s military wing, al-Qaeda, and Islamic State of Iraq and the Levant (ISIS). This coordinated operation is detailed in three forfeiture complaints and a criminal complaint unsealed today in the District of Columbia. These actions represent the government’s largest-ever seizure of cryptocurrency in the terrorism context.
Facebook Removed Nearly 40% More Terrorist Content in Second Quarter
The Wall Street Journal
@rachael_levy
Facebook Inc. removed nearly 40% more content that it categorized as terrorism in the second quarter compared with the first three months of the year, the company said. Facebook removed about 8.7 million pieces of such content—which includes, according to the company’s definition, nonstate actors that engage in or advocate for violence to achieve political, religious or ideological aims—in the second quarter of this year, up from 6.3 million in the first quarter.
Corporate America Worries WeChat Ban Could Be Bad for Business
The Wall Street Journal
@johndmckinnon @Lingling_Wei
U.S. companies whose fortunes are linked to China are pushing back against the Trump administration’s plans to restrict business transactions involving the WeChat app from Tencent Holdings Ltd., saying it could undermine their competitiveness in the world’s second-biggest economy. More than a dozen major U.S. multinational companies raised concerns in a call with White House officials Tuesday about the potentially broad scope and impact of Mr. Trump’s executive order targeting WeChat, set to take effect late next month.
Apple’s $44 Billion China Market Threatened by Trump WeChat Ban
Bloomberg
@felixxtam @schen37
Apple Inc. spent years building China into a $44 billion growth driver. Then the U.S. president last week cast all that in doubt. iPhone loyalists across China are now reconsidering their attachment to the device after Donald Trump issued an executive order last week barring U.S. companies from doing business with WeChat, the super-app that has become integral to everyday life in the country.
The human cost of a WeChat ban: severing a hundred million ties
MIT Technology Review
@_KarenHao
An estimated 19 million people in the US use WeChat daily, according to the analytics firm Apptopia. These 19 million users represent at least an order of magnitude more relationships: relationships with family and friends, with coworkers and sources. At a geopolitical level, a ban on WeChat would be just the latest move in the Trump administration’s continued escalation of its feud with China. But at a human level, it would be the weakening or severing of hundreds of millions, maybe billions, of connections—a loss undeniable albeit difficult to quantify.
A WeChat ban will hurt ordinary citizens. There are better ways to hold China accountable. The Washington Post
Facebook Will Urge Voting by Mail as Trump Attacks Method
The New York Times
@NYTnickc
As part of Facebook’s new “voter information hub,” the biggest social network in the world will prompt users in states that allow mail-in ballots with reminders and links about registration deadlines, ballot request deadlines and how to submit a ballot.
Facebook launches Voting Information Center for the 2020 US election. Engadget
Facebook, Twitter step up fight against misinformation on U.S. elections. Reuters
YouTube says it will remove ‘hacked information’ meant to interfere with the election
The New York Times
@dmccabe
YouTube will not allow the posting of hacked material meant to interfere with the 2020 election or this year’s census, the company said Thursday. Leslie Miller, a vice president of government affairs at YouTube, said the service would remove hacked information that “may interfere with democratic processes.” She offered the example of videos “that contain hacked information about a political candidate shared with the intent to interfere in an election” as something the platform would takedown.
NCSC Briefs Agencies across the U.S. Government on Supply Chain Threats Posed by Five Specified Chinese Companies
Office of the Director of National Intelligence
Over the past two weeks, the National Counterintelligence and Security Center (NCSC) has been providing classified briefings and other assistance to federal procurement executives, chief information officers and chief information security officers from across the U.S. Government on supply chain threats and risks stemming from contracting with five Chinese companies. One provision of the NDAA prohibits the U.S. Government from directly using goods and services from five specified Chinese companies -- Huawei, ZTE Corporation, Hytera Communications, Hangzhou Hikvision and Dahua Technology Company.
Southeast Asia
Exclusive: ByteDance censored anti-China content in Indonesia until mid-2020, say sources
Reuters
@f_potkin
Chinese tech giant ByteDance censored content it perceived as critical of the Chinese government on its news aggregator app in Indonesia from 2018 to mid-2020. The sources said that local moderators were instructed by a team from ByteDance’s Beijing headquarters to delete articles seen as “negative” about Chinese authorities on the Baca Berita (BaBe) app.
Huawei set to dominate as 5G battle shifts to SE Asia
Light Reading
With the dust still settling in the wake of the bruising UK contest, the Huawei battlefront is now shifting to Southeast Asia. Multiple launches are scheduled in the next six months and, unlike in Europe, Huawei looks set to dominate. This is despite early setbacks: Huawei 5G is unlikely to ever be deployed in Vietnam or Taiwan, and probably not in Singapore. But the big vendor appears to have the inside running in every other Southeast Asian market, including the longstanding US allies Philippines and Thailand.
Europe
Pompeo kicks off central Europe tour, Huawei dominates agenda
Al Jazeera
US Secretary of State Mike Pompeo has arrived in Prague to begin a five-day visit to central Europe with China's role in 5G network construction dominating his agenda. The focus will be on Pompeo's campaign for nations to shun Huawei, the Chinese telecommunications giant considered a threat by Washington as it takes a lead in fifth-generation internet, and to reduce Europe's energy dependence on Russia.
Slovenia Joins EU States in U.S. Push to Limit Huawei from 5G
Bloomberg
@JanHanDun
Slovenia signed a declaration on 5G security, joining a group of countries agreeing with the U.S. to guard their networks in a way that could block China’s Huawei Technologies Co. from taking part. Slovenian Foreign Minister Anze Logar signed the pact Thursday with U.S. Secretary of State Michael Pompeo.
Saving Sweden’s forests with help from AI
Microsoft
Thanks to a grant from Microsoft’s AI for Earth program, Skogsstyrelsen, the Swedish Forest Agency, is using Artificial Intelligence (AI) to identify trees damaged by the western larch case-bearer.
Russia
NSA, FBI expose Russian intelligence hacking tool: report
Reuters
@Bing_Chris
The U.S. National Security Agency and Federal Bureau of Investigation have exposed a sophisticated Russian hacking tool, they said on Thursday in a rare public report offering new insight on Russia’s arsenal of digital weapons. The NSA and FBI said that Russia’s Main Intelligence Directorate, known as the GRU, was using a hacking tool code named “Drovorub” to break into Linux-based computers.
An advanced group specializing in corporate espionage is on a hacking spree
Cyberscoop
@jeffstone500
A Russian-speaking hacking group specializing in corporate espionage has carried out 26 campaigns since 2018 in attempts to steal vast amounts of data from the private sector, according to new findings. The hacking group, dubbed RedCurl, stole confidential corporate documents including contracts, financial documents, employee records and legal records, according to research published Thursday by the security firm Group-IB. Victims spanned a range of industries — including construction, finance, retail and law — with headquarters in Russia, Ukraine, the U.K., Canada, Germany and Norway.
Middle East
North Korean Hacking Group Attacks Israeli Defense Industry
The New York Times
@nicoleperlroth
Israel claimed Wednesday that it had thwarted a cyberattack by a North Korea-linked hacking group on its classified defense industry. The Defense Ministry said the attack was deflected “in real time” and that there was no “harm or disruption” to its computer systems. However, security researchers at ClearSky, the international cybersecurity firm that first exposed the attack, said the North Korean hackers penetrated the computer systems and were likely to have stolen a large amount of classified data. Israeli officials fear the data could be shared with North Korea’s ally, Iran.
The Simulation of Scandal: Hack-and-Leak Operations, the Gulf States, and U.S. Politics
Texas National Security Review
@jamessshires
Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the “simulation of scandal" — deliberate attempts to direct moral judgement against their target. Although “hacking” tools enable easy access to secret information, they are a double-edged sword, as their discovery means the scandal becomes about the hack itself, not about the hacked information.
Misc
Algorithms drive online discrimination, academic warns
Financial Times
@madhumita29
Existing laws are failing to protect the public from discrimination by algorithms that influence decision-making on everything from employment to housing, according to new research from the Oxford Internet Institute. Sandra Wachter, the academic behind the study, found algorithms are drawing inferences about sensitive personal traits such as ethnicity, gender, sexual orientation and religious beliefs based on our browsing behaviour.
The Secret SIMs Used By Criminals to Spoof Any Number
Vice
@josephfcox
Criminals use so-called Russian, encrypted, or white SIMs to change their phone number, add voice manipulation to their calls, and try to stay ahead of law enforcement.
An Alexa Bug Could Have Exposed Your Voice History to Hackers
WIRED
@lilyhnewman
New research into vulnerabilities in Amazon's Alexa platform highlights the importance of thinking about the personal data your smart assistant stores about you. Findings published on Thursday by the security firm Check Point reveal that Alexa's web services had bugs that a hacker could have exploited to grab a target's entire voice history, meaning their recorded audio interactions with Alexa. Amazon has patched the flaws, but the vulnerability could have also yielded profile information, including home address, as well as all of the "skills," or apps, the user had added for Alexa.
Open Source Supply Chain Attacks Surge 430%
Infosecurity
@philmuncaster
Security experts are warning of a 430% year-on-year increase in attacks targeting open source components directly in order to covertly infect key software supply chains. There were 929 attacks recorded between July 2019 and May 2020, according to Sonatype’s annual State of the Software Supply Chain report.
Events
Working smarter, not harder: Leveraging government procurement to improve cybersecurity and supply chains
ASPI
ASPI's International Cyber Policy Centre is delighted to invite you to the virtual launch of our latest report, 'Working smarter, not harder: Leveraging government procurement to improve cybersecurity and supply chains', with the Minister for Industry, Science and Technology, the Hon Karen Andrews MP on 18 August. The report, Working smarter, not harder looks at how Australian governments - as the nation's largest spenders on ICT - can maximise the leverage that market power gives them to drive improved cybersecurity, more secure supply chains, and build local industry. The launch by the Minister will be followed by a panel discussion with and Q&A. 18 August 2020, 1:00 - 2:00pm.
Webinar Launch - 'Spy vs Spy: The New Age of Espionage'
ASPI and Foreign Policy
The Australian Strategic Policy Institute (ASPI) and Australian Foreign Affairs is delighted to invite you to a panel discussion on the new issue of Australian Foreign Affairs: Spy vs Spy: The New Age of Espionage. This issue of Australian Foreign Affairs explores the threat facing Australia as changes in technology enable malign actors to target individuals, officials, businesses and infrastructure – challenges that have only sharpened due to Covid-19. Speakers: Professor Anne-Marie Brady, Danielle Cave, Andrew Davies, Kim McGrath, Jonathan Pearlman and Penny Wong. 19 August 2020, 11:00am - 12:10pm.
On Fairness and Explainability in AI: Interactions between computer science and social science
Digital Innovation Futures Victoria
Friday 14 September 2020, 1:00 - 2:00PM. While topics such as fairness and explainability have become key talking points in artificial intelligence, these problems cannot be solved by computer scientists working in a vacuum. This talk will look at the link between computer science and areas of philosophy and social science for solving these problems.
Research
Burnt by the Digital Sun
Center for Strategic & International Studies
How are liberal democracies balancing the right to freedom of expression with addressing false information and hostile actions in the information environment? This report begins by surveying how the United States, the United Kingdom, New Zealand, Australia, Canada, France, and Germany are grappling with this intricate Gordian knot. Next, it offers an introductory examination of “information warfare” and how it is shaping the great power competition between Russia, China, and the United States. Granted, information warfare is a hotly contested term with many competing definitions within the field of military science, as well as across Western and Eastern cultures; however, this report refers to it as the military art of using information to deliberately mislead an adversary and influence their decisionmaking for a strategic purpose. Lastly, to help inform effective policy against such persistent information threats, the report outlines a creative multi-pronged framework.
Jobs
Assistant Professor in Intelligence and Security
University of Leiden
The Research Group Intelligence and Security studies intelligence from a political, historical, ethical, judicial, and methodological perspective. Our main goal is to improve our understanding of how intelligence and security services operate, how their methodologies can be complemented, and how they are and have been embedded in their broader political, bureaucratic, and societal context - in the Western world and, emphatically, beyond. Applications due 15th September 2020.
Professorship in Legal Tech
University of Zurich
The University of Zurich is seeking applications for a Professorship in Legal Tech to take effect from the beginning of the Spring Semester 2021 (1 February 2021), or by arrangement. The position is to be filled by an academic with an outstanding legal track record and excellent knowledge of information technology, whose research focuses on the impact of digital technologies in the field of law. Applications are due by 6 September 2020.