NSO’s Pegasus software a crucial part of Israel’s diplomatic outreach | US military bought sanctioned Chinese surveillance cameras | TikTok knows your deepest desires
NSO’s Pegasus software a crucial part of Israel’s diplomatic outreach | US military bought sanctioned Chinese surveillance cameras | TikTok knows your deepest desires
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
NSO’s Pegasus software, which requires a government licence for export because it is considered a weapon, has in recent years become a crucial part of Israel’s diplomatic outreach — a role that has come into focus after this weekend’s revelation by a consortium of newspapers that it had been traced to the cell phones of 37 journalists, lawyers and political activists. The software surreptitiously turns phones into listening devices while unveiling their encrypted contents. Financial Times
Numerous federal agencies, including several branches of the military, buy video surveillance equipment that can’t legally be used in U.S. government systems and that is made by Chinese companies sanctioned on national security grounds, records and products reviewed by The Intercept indicate. The Intercept
A Wall Street Journal investigation found that TikTok only needs one important piece of information to figure out what you want: the amount of time you linger over a piece of content. Every second you hesitate or rewatch, the app is tracking you. The Wall Street Journal
ASPI ICPC
Threats to Australia shift to new domains: cyber, technology and information
The Strategist
@DaniellesCave
There is positive momentum underway—across government and the business community—to boost our cybersecurity posture and culture. However cyber, technology and information ecosystems are a trio of overlapping policy issues, and one can’t be tackled without the others. Having a cybersecurity strategy alone, for example, doesn’t provide the toolkit to deal with the global rise in cyber-enabled foreign interference that is currently targeting populations around the world via a suite of online platforms from YouTube to TikTok. This is an issue the Australian government is currently struggling to deal with, having yet to assign an agency to lead on countering this new threat.
China hits back at US-led accusations over cyber attacks
Financial Times
@edwardwhitenz @cdcshepherd @FergusHanson
Fergus Hanson, director of the International Cyber Policy Centre at the Australian Strategic Policy Institute, a think-tank, said the multilateral approach was “harder to counter” for China. “Beijing would like to keep the issue bilateral, where it can appeal to, or punish, individual countries,” he said.
Beijing bristles at West’s cyber claims
The Australian
@bennpackham @FergusHanson
Australian Strategic Policy Institute’s International Cyber Policy Centre director Fergus Hanson said China’s use of freelance hackers was aimed at giving it “plausible deniability”.
World
Pegasus: NSO clients spying disclosures prompt political rows across world
The Guardian
@ninalakhani @safimichael @dansabbagh @shaunwalker7
Revelations about the use of spying tools sold to governments by NSO Group sparked furious political rows across the world on Monday after evidence emerged to suggest the surveillance firm’s clients may have sought to target their political opponents.
Australia
‘No way' is Japan handling its China relationship better than Australia, says Japanese ambassador in Canberra
ABC News
@stephendziedzic
Shingo Yamagami also rejected suggestions that Japan has managed ties with the emerging superpower more skilfully than Australia, saying his government was "struggling every day" to manage its relationship with China… He made a clear reference to the series of trade sanctions which China's government has imposed on Australia as the two countries continue to clash over the COVID-19 outbreak, human rights abuses, foreign investment and cyber-attacks.
Turning point as allies call out China on cyber attacks
The Australian
Greg Sheridan
Previously, Australian politicians and officials were reluctant to name China publicly. This was to avoid damaging the relationship with Beijing and provoking specific retaliation. Those considerations no longer apply.
China's Australian embassy has slammed Canberra for ‘acting as an accomplice’ to US
Sky News
Tyrone Clarke
China’s Australian embassy has reacted to claims Beijing was behind a massive cyber attack, criticising the Australian government for making “groundless accusations”.
Alan Kohler: China whacked with wet lettuce over cyber crimes
The New Daily
@AlanKohler
It was notable that this week’s naming and shaming of the Chinese government over the Microsoft Exchange server hack earlier this year, and criminal hacking in general, did not include sanctions. Of all the signatories to the statement led by US President Joe Biden, Australia most of all might have had a problem with that.
China
Chinese Suppliers to Apple, Nike Shun Xinjiang Workers as U.S. Forced-Labor Ban Looms
The Wall Street Journal
@lizalinwsj, Eva Xiao, and @Kubota_Yoko
Chinese factories that supply Apple Inc. and Nike Inc. and make other products sold in the U.S. are shunning workers from Xinjiang, as Western countries increase scrutiny of forced labor from the remote northwestern region where Beijing has been accused of committing genocide against local ethnic minorities.
Read our ASPI ICPC Report ‘Uyghurs for Sale’
China Compromised U.S. Pipelines in Decade-Old Cyberattack, U.S. Says
The Wall Street Journal
@dnvolz
Hackers working for the Chinese government compromised more than a dozen U.S. pipeline operators nearly a decade ago, the Biden administration revealed Tuesday while also issuing first-of-its-kind cybersecurity requirements on the pipeline industry.
Chinese hacking group APT31 uses mesh of home routers to disguise attacks
The Record
@campuscodi
A Chinese cyber-espionage group known as APT31 (or Zirconium) has been seen hijacking home routers to form a proxy mesh around its server infrastructure in order to relay and disguise the origins of their attacks.
Nokia wins first 5G radio contract in China, Ericsson loses ground
Reuters
Supantha Mukherjee
Nokia on Monday won its first 5G radio contract in China, securing a share in one of China Mobile’s three new 5G contracts, while Nordic rival Ericsson lost market share after getting caught up in a political spat.
Kodak deletes Xinjiang photo from Instagram, vows to ‘respect Chinese gov’t’
Hong Kong Free Press
@rhodakykwan
US imaging company Kodak has removed an image of China’s Xinjiang from its Instagram page taken by a photographer who described the region as an “Orwellian dystopia. Apologising for the post, the company said on its WeChat account on Tuesday that it will “respect the Chinese government and Chinese laws.”
USA
US military bought cameras in violation of America's own China sanctions
The Intercept
@samfbiddle
Purchased camera systems were supposedly made in the U.S. but actually originated from Chinese companies blacklisted for security reasons.
House approves raft of cyber bills in wake of ransomware attacks
The Record
@martinmatishak
The House on Tuesday approved a host of bipartisan bills meant to strengthen and expand CISA’s role in the country’s cybersecurity and better secure critical infrastructure networks. The measures — which previously cleared the House Homeland Security Committee — come as congressional lawmakers scramble for policy solutions following a series of high-profile ransomware attacks and digital assaults on key U.S. sectors.
America and its allies admonish, but do not punish, China for hacking
The Economist
After years of failing to dissuade state-sponsored attacks on its own, the Biden administration is looking to its friends for help.
Clearview AI raises $30 million from investors despite legal troubles.
The New York Times
@kashhill
The New York-based start-up, which scraped billions of photos from the public internet to build a facial-recognition tool used by law enforcement, closed a Series B round of $30 million this month.
Instagram blocked the #VaccinesKill hashtag two years ago. Facebook only just now got around to doing it
CNN
@brianstelter @katiepellico
Last week, even as it came under fire from the White House over its role in spreading anti-vaccine misinformation, Facebook (FB) hadn't taken the simple step of blocking the #VaccinesKill hashtag on its platform. Now the hashtag is hidden on the platform, locked behind a message that says Facebook is "keeping our community safe."
North Asia
Utilizing artificial intelligence to improve women’s rights in North Korea
NK News
Leif-Eric Easley @sea_youngkim
New technologies have the potential to empower women and document abuses in the world’s most isolated nation.
South and Central Asia
Pegasus Spyware: How Do We Rein In State Surveillance? Here’s What Experts Had To Say
MediaNama
@Aihik
Legal experts weigh in on the unfolding Pegasus controversy and suggest future steps towards surveillance reform such as parliamentary oversight, judicial oversight, and more.
UK
The U.K. Needs a Coherent Approach to China and Tech Security
World Politics Review
@etaylaw
Once again, the U.K. appears to be out of step with its closest ally on chips and China, sitting on its hands over the sale of its largest semiconductor factory to a company with alleged links to the Chinese Communist Party. The U.K’s “have your cake and eat it, too” approach highlights disturbing inconsistencies that undercut its national security positioning and seem certain to reawaken tensions with the U.S. on policy toward China and technology.
UK man arrested over 2020 Twitter celebrity hacks
Engadget
@jonfingas
Authorities are still cracking down on participants in the July 2020 Twitter celebrity hacks. Spanish National Police have arrested UK citizen Joseph O'Connor at the US' request over his alleged involvement in compromising over 130 Twitter accounts. Officials didn't detail how O'Connor contributed to the campaign, but O'Connor has also been charged with hijacking TikTok and Snapchat accounts as well as cyberstalking a "juvenile" victim.
Europe
Semiconductors: Europe’s expensive plan to reach the top tier of chipmakers
Financial Times
@Sam1Fleming @peggyhollinger @hallbenjamin
The EU wants to enhance ‘strategic autonomy’ in a sector facing shortages but the risk is that is squanders public money.
France's Macron targeted in project Pegasus spyware case - Le Monde
Reuters
The phone of French President Emmanuel Macron was on a list of potential targets for potential surveillance on behalf of Morocco in the Pegasus spyware case, French daily Le Monde reported on Tuesday.
Bitcoin price slides amid EU call to make transfers traceable, and rise of ‘stablecoins’
The Guardian
@MartinFarrer
Bitcoin has slipped below $30,000 as calls grew among regulators in the US, Europe and Asia for tighter checks on cryptocurrencies, and the less volatile digi-currency known as “stablecoins”.
Middle East
How Israel used NSO spyware as diplomatic calling card
Financial Times
@MehulAtLarge
NSO’s Pegasus software, which requires a government licence for export because it is considered a weapon, has in recent years become a crucial part of Israel’s diplomatic outreach — a role that has come into focus after this weekend’s revelation by a consortium of newspapers that it had been traced to the cell phones of 37 journalists, lawyers and political activists. The software surreptitiously turns phones into listening devices while unveiling their encrypted contents.
A princess raced to escape Dubai’s powerful ruler. Then her phone appeared on the list.
The Washington Post
@drewharwell
In the days before commandos dragged Princess Latifa from her getaway yacht in the Indian Ocean, her number was added to a list that included targets of a powerful spyware, a new investigation shows.
Gender and Women in Cyber
COVID lockdowns cause spike in cyber abuse of young women
Women's Agenda
@Jess_Tu2
Online harassment and abuse from men towards women has increased since the pandemic lockdowns. Front-line support service workers have told researchers at Monash University that the COVID pandemic has led to more referrals for technology-facilitated abuse.
Misc
Opinion: Spyware is thriving, dangerous and unrestrained. It’s time to change that.
The Washington Post
The Pegasus Project investigates a leaked list of 50,000 phone numbers concentrated in NSO client countries notorious for citizen surveillance. From those numbers, the investigators identified 1,000 people across 50 countries, including business executives, activists, journalists, and more than 600 politicians and officials.
A case against security nihilism
A Few Thoughts on Cryptographic Engineering
@matthew_d_green
This is a technical blog, so I won’t advocate for, say, sanctioning NSO Group or demanding answers from the luminaries on NSO’s “governance and compliance” committee. Instead I want to talk a bit about some of the technical lessons we’ve learned from these leaks — and even more at a high level, precisely what’s wrong with shrugging these attacks away.
Facebook and YouTube’s vaccine misinformation problem is simpler than it seems
The Washington Post
@WillOremus
As the Biden administration struggles to find the words to confront social platforms, a better understanding of their algorithms could help.
Opinion: Russia and China’s hypocritical attempt to control cyberspace
The Washington Post
@IgnatiusPost
At the very moment that Russia and China are facing more pressure from Western governments to stop malicious cyberattacks, they’ve announced a pact to work together for new rules to control cyberspace. In the annals of diplomatic hypocrisy, this new accord is a stunner, even by Russian and Chinese standards. It promotes a new Russian plan for international governance of the global Internet, even as it stresses the right of Russia, China and other authoritarian states “to regulate the national segment of the Internet” to edit and censor what their people can see.
Security Through Encryption and Despite Encryption: An (un)Achievable Outcome?
Internet Society
Roundtable Report A Debate on Encryption On 16 June 2021 the Internet Society organised a roundtable to explore in greater detail how to apply the European Council’s position on encryption, following its November 2020 Resolution: “Security through encryption and security despite encryption”.
Research
Investigation: How TikTok's Algorithm Figures Out Your Deepest Desires
Wall Street Journal
A Wall Street Journal investigation found that TikTok only needs one important piece of information to figure out what you want: the amount of time you linger over a piece of content. Every second you hesitate or rewatch, the app is tracking you.
Platforms Should Use Algorithms to Help Users Help Themselves
Carnegie Endowment for International Peace
Christopher Paul @has_reininger
Social media platforms generally rely on human moderation to remove prohibited content. Yet what if moderation could happen before content is even posted?
Cyber attackers ‘weaponising’ Operational Technology to harm, kill humans: study
iTWire
By 2025 cyber attackers will have weaponised operational technology (OT) environments to successfully harm or kill humans, according to new research from Gartner.
Events
Indigenous Cyber and Digital Skills Conference
ASPI’s IndigiCyber, Defence and Space Program
This half-day conference will canvas a range of curriculum and engagement initiatives in cyber-security and STEM as well as government and industry responses to both support those already in work, and to attract diverse candidates. What can defence, and defence-related sectors, do to support the next generation of technology champions? 23 Jun 2021 9:00 am - 1:00 pm.
ASPI Webinar: In-Conversation with Marietje Schaake
ASPI ICPC
SPI's International Cyber Policy Centre is delighted to invite you to an in-conversation with Marietje Schaake, President of the Cyber Peace Institute, the International Policy Director at Stanford's Cyber Policy Center and International Policy Fellow at Stanford’s Institute for Human-Centered Artificial Intelligence. Join Fergus Hanson for an online ‘fireside chat’ with Marietje focusing on technology, democracy and the question of accountability. They will discuss how democracies can cooperate amidst rising authoritarianism and the privatised governance of technologies. They will also consider the rule of law and how it relates to the oversight of existing and emerging technologies. 27 July 2021 5:00 pm - 6:00 pm.
Jobs
ICPC Senior Analyst or Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre has an outstanding opportunity for a talented and proactive senior analyst or analyst to join its centre. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by state and non-state actors. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.