Putin told the U.S. will take ‘any necessary action’ after latest ransomware attack | How Vietnam's 'influencer' army wages information warfare | Iran’s transportation ministry confirms cyber attack
Putin told the U.S. will take ‘any necessary action’ after latest ransomware attack | How Vietnam's 'influencer' army wages information warfare | Iran’s transportation ministry confirms cyber attack
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
In a call between the two leaders Friday, President Biden warned Russian President Vladimir Putin that the United States would hold Moscow responsible for cyberattacks originating from Russia even if they cannot be directly linked to the Kremlin. The Washington Post
In Vietnam, where the state is fighting a fierce online battle against political dissent, social media "influencers" are more likely to be soldiers than celebrities. Force 47, as the Vietnamese army's online information warfare unit is known, consists of thousands of soldiers who, in addition to their normal duties, are tasked with setting up, moderating and posting on pro-state Facebook groups, to correct "wrong views" online. Reuters
Iran’s transportation ministry has confirmed a cyber attack targeted its internal websites and parts of its online infrastructure on Saturday, saying an investigation has been launched to determine the causes and origins of the attack. PressTV
ASPI ICPC
Dormant foreign cyber threats could be lurking inside critical Australian infrastructure
The Sydney Morning Herald
@nickbonyhady
The Australian Strategic Policy Institute’s cyber policy director, Fergus Hanson, said it was entirely possible for a foreign state to already be present on Australian networks, as did John Blackburn, a former deputy air force chief turned consultant. “Given the capability that we’re up against and the fact that other states perhaps wouldn’t be doing their jobs if they weren’t trying to do that [against Australia], our adversaries, it’s going to be perhaps nearly impossible to eradicate that threat,” Mr Hanson said. “So I think it’s a hopeless task to try to completely eradicate that threat. But it’s not a hopeless task to be resilient to come back if we are attacked.” Mr Hanson was giving evidence under questioning from James Paterson, a Liberal Senator and chair of the Parliamentary Joint Committee on Intelligence and Security, which is examining a potential new law to toughen Australia’s defences against online incursions.
The Chris Krebs case for including election systems as critical infrastructure
ZDNet
@ashabeeeee
Adding to Krebs' remarks was the director of the Australian Strategic Policy Institute's international cyber policy centre, Fergus Hanson, who considers political parties themselves as a key vulnerability, given the scale to which their operations need to grow come election time. "Trying to provide a solid cybersecurity basis for that is very difficult for a very small organisation that's undergoing massive and rapid scaling. I think providing government support for all political parties to be more resilient to interference, I think, would be really important," he told the PJCIS.
Australia
Reddit expands operations to Australia with new Sydney office
The Sydney Morning Herald
@TimBiggs
The online news and discussion company has built a local team to look after communities, moderation and sales.
Right to repair' movement growing in Australia, as Apple and others design products with shorter lifespans
ABC News
@RosieKingABC
In 2021, almost everything we use is smart. From phones to fridges, coffee machines to tractors. It has made life more efficient and convenient — but when those products break, it's another story. Not only is a quick, cheap fix hard to come by, but intentional designs that shorten the lifespans of these technologies are also putting more of them on the waste pile.
China
Game Over: Chinese Company Deploys Facial Recognition to Limit Youths’ Play
The New York Times
@nytmay @amy_changchien
Tencent Games says it has been using facial recognition to enforce China’s rules on how much time people under 18 can spend playing video games.
Huawei wins deal to fit 30 million Volkswagens with its 4G tech
TelecomTV
Martyn Warwick
Huawei’s 5G (and other) equipment may be being ripped out of telco networks across North America, Europe, Australasia and elsewhere but its wireless technology is getting a mighty boost in the German automotive industry with the news that Volkswagen will licence and integrate Huawei’s patented 4G technology into 30 million vehicles.
China Car Sales Fall With Chips in Short Supply
The Wall Street Journal
@StephanieAYang
China’s car sales snapped an 11-month streak of year-over-year growth as demand bolstered by a strong economic recovery collided with a global semiconductor shortage.
The End of the U.S.-China Tech Stock Bromance
The Wall Street Journal
@nate_taplin @jackycwong
One curious aspect of the U.S.-China conflict over technology is that, even with the two governments at each other’s throats, tech investors have been happy with a warm, mutually profitable embrace. At least until now. The abrupt tumble of Chinese ride-hailing giant Didi just days after its blockbuster $4.4 billion initial public offering in New York is likely to put a long-lasting damper on new Chinese listings in the U.S., achieving the kind of financial decoupling, at least in stocks, that the Trump administration was unable to achieve.
China’s tech group Kuaishou ends compulsory Sunday overtime
Financial Times
China’s short-video company Kuaishou has formally cancelled its weekend overtime policy, while its competitor, TikTok’s parent ByteDance, is debating internally whether to do the same.
Didi Tried Balancing Pressure From China and Investors. It Satisfied Neither.
The Wall Street Journal
@cdriebusch @QiZHAI @jingyanghk
In the final days before Didi Global Inc. went public late last month on the New York Stock Exchange, a disconnect developed between what the Chinese ride-hailing giant was telling its U.S. bankers and what was happening with China’s regulators.
Beijing Blocks Merger, Tightens Data Rules as Post-Didi Crackdown Speeds Up
The Wall Street Journal
@QiZHAI @Frances Yoon
China’s internet regulator moved Saturday toward requiring data-rich tech companies to undergo cybersecurity reviews ahead of any foreign listings, making explicit for the first time a data-security requirement that marred last week’s U.S. initial public offering by Didi Global Inc. Separately, China’s main antitrust regulator on Saturday blocked Tencent’s bid to combine the country’s two biggest game-streaming platforms, its first public intervention to halt a merger in China’s technology sector.
Chinese Scientists Say They Now Have the World's Most Powerful Quantum Computer
Futurism
Victor Tangermann
It’s a powerful hint of what quantum computers could soon be capable of, but their success needs to be taken with a grain of salt. Case in point, this latest paper has yet to be peer-reviewed.
A Global Smart-City Competition Highlights China’s Rise in AI
WIRED
@kharijohnson
Chinese entrants swept all five categories, featuring technologies to improve civic life. But the advances could also be tools for surveillance.
The foreigners in China’s disinformation drive
BBC News
Kerry Allen Sophie Williams
Foreign video bloggers denouncing what they say is negative coverage of China on highly controversial subjects such as Xinjiang are attracting large numbers of subscribers on platforms like YouTube.
Chinese State Media Features German Twitterer “Defamed by Evil Western Forces”
What's On Weibo
@manyapan
The German influencer Navina Heyden has been labeled “a propagandist for the Chinese government” by European media outlets. She is now featured by Global Times for preparing a lawsuit against German newspaper Die Welt for “defaming” her.
USA
Biden tells Putin the U.S. will take ‘any necessary action’ after latest ransomware attack, White House says
The Washington Post
@nakashimae @Eugene_Scott
In a call between the two leaders Friday, President Biden warned Russian President Vladimir Putin that the United States would hold Moscow responsible for cyberattacks originating from Russia even if they cannot be directly linked to the Kremlin.
White House says Biden warned Putin on ransomware attacks
Axios
Erin Doherty
President Joe Biden warned Russian President Vladimir Putin that the U.S. would take action to "defend its people" against ransomware attacks, per a White House readout of the call on Friday.Biden Warns Putin to Act Against Ransomware Groups, or U.S. Will Strike Back
The New York Times
@SangerNYT @nicoleperlroth
President Biden warned President Vladimir V. Putin of Russia on Friday that time was running out for him to rein in the ransomware groups striking the United States, telegraphing that this could be Mr. Putin’s final chance to take action on Russia’s harboring of cybercriminals before the United States moved to dismantle the threat.How Biden can strike back against Russian hack attacks
POLITICO
@ericgeller
If intelligence agencies link criminal ransomware gangs to Russian front companies, the Biden administration could hit them with massive financial restrictions. But while sanctions are the easiest, least costly tool in Biden’s arsenal, they may also be the least effective.
Going undercover to infiltrate Chinese-American far-right networks
BBC News
Zhaoyin Feng
Wu Qian can't take her eyes off her phone. She tirelessly checks a dozen Chinese-language Telegram chat rooms, where thousands of conservative Chinese-Americans discuss news, politics - and sometimes QAnon conspiracies.
Hacker Risks Jail to Out Middlebury College Employee for Alleged Child Porn
The Daily Beast
@shanvav @SeamusHughes
A hacker working for a security firm got the shock of their life last month when they stumbled across what appeared to be a Middlebury College employee’s stash of child pornography while hunting for vulnerable computers.
We Got the Phone the FBI Secretly Sold to Criminals
VICE News
@josephfcox
Anom’ phones used in an FBI honeypot are mysteriously showing up on the secondary market. We bought one.
Senators call on US securities regulator to investigate Didi IPO
Financial Times
Two senior members of Congress have called on the Securities and Exchange Commission to investigate whether Didi Chuxing, the Chinese ride-sharing company, misled American investors ahead of its initial public offering last week. The senators, who sit on the powerful senate banking committee, said they wanted the SEC to examine whether Didi was forthcoming enough about its contact with Chinese regulators prior to the listing of its shares.
Spy Agencies Turn to Scientists as They Wrestle With Mysteries
The New York Times
@julianbarnes
American intelligence agencies are tapping outside expertise as they wrestle with mysteries like the coronavirus and U.F.O.s that are as much about science as they are about espionage.
Mark Zuckerberg and Sheryl Sandberg’s Partnership Did Not Survive Trump
The New York Times
@sheeraf @ceciliakang
Facebook’s problems were features, not bugs, and were the natural outgrowth of a 13-year partnership between Mark Zuckerberg, Facebook’s chief executive and one of its founders, and his erudite business partner, Ms. Sandberg, its chief operating officer. He was the technology visionary and she understood how to generate revenue from the attention of Facebook’s now 2.8 billion users. They worked in concert to create the world’s biggest exchange of ideas and communication.
U.S. Slaps Curbs on 34 Entities, Faults China Firms on Abuses
Bloomberg
@JenniferJJacobs
The U.S. added 34 entities to its economic blacklist, including 14 Chinese enterprises that are alleged to be involved in human-rights abuses in the Xinjiang region.. Companies including Beijing Sinonet Science & Technology Co., Leon Technology Co. and Kyland Technology Co. were added to the list “for acting contrary to the foreign-policy interests of the United States,” the Department of Commerce’s Bureau of Industry and Security said in a Federal Register notice published on Friday.
Tell me lies, tell me sweet little VIEs
Financial Times
But that’s not the case with US-listed Chinese businesses. There is no share neatly sitting in an American bank somewhere. In fact, you don’t buy an ownership take in anything when you invest in say, Alibaba, Didi or NIO. Instead what you buy is a simulacrum of a share; a spider-web of contractual obligations that almost perfectly mimics owning the real thing to the point you don’t notice the difference.
The anatomy of a ransomware attack
The Washington Post
@GerritD @rachelerman @nakashimae @chrisalcantara
Inside the hacks that lock down computer systems and damage businesses.
The COVID-19 vaccines weren’t hacked — this task force is one reason why
The Verge
Nicole Wetsman
Corman is a senior adviser to the United States’ Cybersecurity and Infrastructure Security Agency (CISA), and for the past year, he’s been working on a task force within the agency focused on protecting the COVID-19 vaccine supply chain from cyber threats. Healthcare organizations have been some of the biggest victims of growing waves of cyberattacks over the past few years, and during the pandemic, they were an even bigger target.
Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds
CyberScoop
Tonya Riley
The office in charge of the U.S. military’s 3D printing left designs for defense technology vulnerable to theft by hackers and adversaries, according to a watchdog report made public on Wednesday.
The Missing Chips
Foreign Affairs
Chad P. Bown
But the supply of semiconductors was at risk long before the pandemic, and the virus is only partly to blame for today’s shortages. One of the biggest culprits was a sudden shift in U.S. trade policy.
Kaseya Failed to Address Security Before Hack, Ex-Employees Say
Bloomberg
@rj_gallagher @ajmartinny
Executives at Miami-based Kaseya Ltd. were warned of critical security flaws in its software before a ransomware attack this month that affected as many as 1,500 companies, according to five former employees.
New York City’s new biometrics privacy law takes effect
TechCrunch
@zackwhittaker
A new biometrics privacy ordinance has taken effect across New York City, putting new limits on what businesses can do with the biometric data they collect on their customers.
How did my phone number end up for sale on a US database?
BBC News
Jane Wakefield
A few months ago, I received a pitch for a story - nothing unusual there, as I am a journalist and receive a lot of pitches - but what set this one aside was the story idea arrived as a flurry of WhatsApp messages.
North-East Asia
Suspected Chinese hackers target telecoms, research in Taiwan, Recorded Future says
CyberScoop
Tonya Riley
A suspected Chinese state-sponsored group is targeting telecommunications organizations in Taiwan, Nepal and the Philippines, researchers at Recorded Future’s Insikt Group said in a report Thursday.
Wikipedia wars: How Hongkongers and mainland Chinese are battling to set the narrative
Hong Kong Free Press HKFP
@selina_cheng
The closure of Apple Daily has heightened Hong Kong's Wikipedia "edit wars." And now there are threats that keyboard warriors might face real-life consequences.
South-East Asia
How Vietnam's 'influencer' army wages information warfare on Facebook
Reuters
James Pearson
In Vietnam, where the state is fighting a fierce online battle against political dissent, social media "influencers" are more likely to be soldiers than celebrities. Force 47, as the Vietnamese army's online information warfare unit is known, consists of thousands of soldiers who, in addition to their normal duties, are tasked with setting up, moderating and posting on pro-state Facebook groups, to correct "wrong views" online.
South and Central Asia
Delhi can’t afford riots like in Feb 2020, Facebook role must be looked into: Supreme Court
The Indian Express
@Ananthakrishnan G
Underlining that “the capital of the country can ill-afford any repetition” of an occurrence like the February 2020 riots, the Supreme Court Thursday came down heavily on social media platform Facebook, saying its role “in this context must be looked into by the powers that be” and this was why it had been summoned by the Delhi Assembly.
Twitter names resident grievance officer, publishes 1st compliance report under IT rules
The Economic Times
Amid tensions with the government, Twitter has appointed a Resident Grievance Officer, days after it designated a chief compliance officer, as it also released its first India Transparency Report to meet the new IT rules.The US social media giant's website has listed Vinay Prakash as the new grievance officer, providing contact details and procedure for users to report potential violations of its rules and terms.
UK
UK Foreign Affairs Committee Recommends Full Hikvision And Dahua Ban
IPVM
The UK Parliament Foreign Affairs Committee has recommended that Hikvision and Dahua "should not be permitted to operate within the UK" over involvement in "Xinjiang atrocities".
Europe
Italy's Snam, Leonardo partner for innovation, safety in hydrogen sector
Reuters
Italy's defence group Leonardo and gas operator Snam said on Thursday they had signed a memorandum of understanding to develop technology for innovation and safety in the hydrogen sector, key in Europe's decarbonisation strategy... The deal comes months after top U.S. fuel pipeline operator Colonial Pipeline shut its entire network following a cyber attack that involved one of the most disruptive digital ransom schemes ever reported.
Fake COVID vaccine certificates sold on dark web for €150
euronews
Italian police say they have caught and stopped a series of online schemes offering to sell fake EU COVID travel certificates, as well as offers of purported coronavirus vaccines. The country's law enforcement says it has seized control of 10 channels on the encrypted messaging service Telegram linked to anonymous accounts in marketplaces on the so-called dark web, through which it was possible to contact the sellers, who required payment in cryptocurrency.
Russia
Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation
MIT Technology Review
@HowellONeill
Russia and Ukraine promised to cooperate and help catch the world’s most successful hackers. But things didn’t quite go to plan.
The Americas
Major blow to Meng as extradition judge rejects HSBC documents as evidence
South China Morning Post
@ianjamesyoung70
Huawei Technologies Co. executive Meng Wanzhou has suffered a major blow in her battle against extradition to face fraud charges in the United States, after a Canadian judge ruled on Friday that a trove of documents provided by HSBC bank could not be admitted as evidence.
Middle East
Iran’s transportation ministry confirms cyber attack, says probe ongoing
PressTV
Iran’s transportation ministry has confirmed a cyber attack targeted its internal websites and parts of its online infrastructure on Saturday, saying an investigation has been launched to determine the causes and origins of the attack.
Unprecedented chaos': Cyberattack disrupts Iran rail network
Haaretz
Train services in Iran were delayed by apparent cyberattacks on Friday, with hackers posting the phone number of the country's supreme leader as the number to call for information, state-affiliated news outlets reported.
An Investigation into a Jordanian Disinformation Campaign on Facebook, TikTok and Twitter
Stanford Internet Observatory
On July 8, 2021, Facebook announced the removal of a domestic Jordanian disinformation network. The network included 35 Pages, 3 Groups, 89 profiles, and 16 Instagram accounts. Facebook attributes the network to "individuals in Jordan including those associated with the Jordanian military." It suspended the network not due to the content of the posts, but rather for coordinated inauthentic behavior. We believe this is the first time a social media platform has publicly suspended a disinformation network operating in Jordan. Facebook shared a portion of this network’s activity with the Stanford Internet Observatory on June 23, 2021.
Gender and Women in Cyber
Misc
Ransomwhere project wants to create a database of past ransomware payments
The Record by Recorded Future
@campuscodi
A new website launched this week wants to create a crowdfunded, free, and open database of past ransomware payments in the hopes of expanding visibility into the broader picture of the ransomware ecosystem.
Faces Are the Next Target for Fraudsters
The Wall Street Journal
@parmy
Hackers are pioneering new ways of tricking facial-recognition systems, from cutting the eyes out of photos to making a portrait ‘nod’ with artificial intelligence.
AI voice actors sound more human than ever—and they’re ready to hire
MIT Technology Review
@_KarenHao
A new wave of startups are using deep learning to build synthetic voice actors for digital assistants, video-game characters, and corporate videos.
Events
ASPI Webinar: Exfiltrate, encrypt, extort: The global rise of ransomware & Australia's policy options
ASPI ICPC
Please join us online on Tuesday 13 July at 5.30pm AEST for the launch of the ASPI International Cyber Policy Centre’s latest report on the global rise of ransomware and Australia’s policy options.
Indigenous Cyber and Digital Skills Conference
ASPI’s IndigiCyber, Defence and Space Program
This half-day conference will canvas a range of curriculum and engagement initiatives in cyber-security and STEM as well as government and industry responses to both support those already in work, and to attract diverse candidates. What can defence, and defence-related sectors, do to support the next generation of technology champions?
23 Jun 2021 at 9:00 am - 1:00 pm AEST
ASPI Webinar: In-Conversation with Marietje Schaake
ASPI ICPC
SPI's International Cyber Policy Centre is delighted to invite you to an in-conversation with Marietje Schaake, President of the Cyber Peace Institute, the International Policy Director at Stanford's Cyber Policy Center and International Policy Fellow at Stanford’s Institute for Human-Centered Artificial Intelligence. Join Fergus Hanson for an online ‘fireside chat’ with Marietje focusing on technology, democracy and the question of accountability. They will discuss how democracies can cooperate amidst rising authoritarianism and the privatised governance of technologies. They will also consider the rule of law and how it relates to the oversight of existing and emerging technologies.
27 July 2021 at 5:00 pm - 6:00 pm AEST
The Path Forward: Tech Regulation with Margrethe Vestager, Executive Vice President, European Commission
The Washington Post
Join Washington Post Live on Monday, July 12 at 10:15am ET, when we host European Commission executive vice president Margrethe Vestager, who has long tried to curtail the power of big tech companies. She’ll discuss how those companies harness vast troves of data, work to quash competition, are moving into more aggressive content moderation and whether privacy concerns can be used to limit competition.
CISO Panel : Managing Things and Leading People in Information Security
The Diana Initiative
Regarding the difference between management and leadership, the late Rear Admiral Grace Murray Hopper famously said, “You manage things; you lead people.” Join us immediately after the opening keynote talk for a panel of CISOs and Leaders who will reflect upon their years of experience of leadership in the Information Security industry. They will discuss their strategies and tips for success when it comes to communication, organization, and resourcefulness. Hear about who or what inspires our panel, and what they look for in good leadership.
July 16th at 10 AM PDT to 11 AM PDT
Research
Stewart McDonald publishes report on disinformation in Scotland
Stewart McDonald
@StewartMcDonald
Glasgow South MP, Stewart McDonald, has today published a report entitled ‘Disinformation in Scottish Public Life’. The report, the first of its kind in Scotland, is Mr McDonald’s assessment of disinformation activity in Scotland over recent years, including with regards to the COVID-19 pandemic and political campaigns.
The Political Effects of Social Media Platforms on Different Regime Types
Texas National Security Review
Guy Schleffer Benjamin Miller
American social media platforms can affect the political systems of different states in varying ways. The effect varies both between and within democratic and authoritarian states and depends mainly on three political actors: domestic opposition, external forces, and the governing regime.
Ransomware attacks on healthcare organizations cost nearly $21B last year, study finds
Becker's Health IT
Hannah Mitchell
Six-hundred clinics, hospital and healthcare organizations were attacked by 92 individual ransomware attacks, affecting 18 million patient records in 2020. The costs of these attacks are almost $21 billion, a Comparitech study found.
Jobs
ICPC Senior Analyst or Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre has an outstanding opportunity for a talented and proactive senior analyst or analyst to join its centre. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by state and non-state actors. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies.
ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. Please note that interviews have commenced for this position and will continue until the end of June. This role will focus on policy relevant cybersecurity analysis, informed public commentary and either original data-heavy research and/or technical analysis. Analysts usually have around 7-15 years work experience. Senior analysts usually have a minimum of 15 years relevant work experience and tend to be involved in staff and project management, fundraising and stakeholder engagement.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.