Russian government hackers breach Republican National Committee | Twitter loses liability protection in India | Cybercriminal apprehended in Morocco
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Russian government hackers breached the computer systems of the Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive ransomware attack, according to two people familiar with the matter. Bloomberg
Twitter Inc no more enjoys liability protection against user-generated content in India as the U.S. microblogging giant has failed to comply with new IT rules, the Indian government said in a court filing. Reuters
An alleged prolific cybercriminal has been apprehended in Morocco following a joint two-year investigation by INTERPOL, the Moroccan police and Group-IB. Under Operation Lyrebird, INTERPOL’s Cybercrime Directorate worked closely with Group-IB and with Moroccan Police via the INTERPOL National Central Bureau in Rabat to eventually locate and apprehend the individual who remains under investigation. INTERPOL
World
A massive ransomware attack hit hundreds of businesses. Here's what we know
CNN
@claresduffy
Businesses and governments around the world are scrambling to understand yet another major ransomware attack that hit over the weekend, which could potentially cost tens of millions of dollars and affect more than 1,000 other companies.
Kaseya Responds Swiftly to Sophisticated Cyberattack, Mitigating Global Disruption to Customers
Kaseya
Company working alongside agencies and leading incident response team to support impacted small and medium-sized businesses.
The Kaseya Ransomware Attack Is a Really Big Deal
Lawfare
@pwnallthethings
If you’re not already paying attention to the Kaseya ransomware incident, you should be. It’s likely the most important cybersecurity event of the year.
Hackers demand $70 million to end biggest ransomware attack on record
CBS News
REvil was demanding ransoms of up to $5 million, the researchers said. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency.
Biden under pressure to respond to Russian hackers' claims of responsibility for ransomware attack
NBC News
@KenDilanianNBC
Three weeks after he warned President Vladimir Putin to crack down on criminal hackers striking the U.S. from inside Russia, President Joe Biden is under pressure to respond to the claim of responsibility by a Russia-based hacking group for what is being called the largest ransomware attack in history.
Australia
Austrac wants change in digital platform payment features to prevent terrorist misuse
ZDNet
@ashabeeeee
Australia's financial intelligence agency wants to see the introduction of safeguards to the financial models of digital platforms to prevent exploitation by terrorists and violent extremists.
Treasury revisits cyber terrorism insurance cover
iTNews
Justin Hendry
Treasury will consider whether cyber terrorism that causes physical property damage should be added to the national terrorism insurance scheme for a second time in three years.
China
Didi and the Big Chill on China’s Big Data
The Wall Street Journal
@jackycwong
U.S. and international investors are taking it on the nose as Beijing ramps up its crackdown on Chinese internet-technology companies—many of which are listed abroad—over data security. But in the long-run, the damage to one of China’s previously fastest-growing, most dynamic sectors could be even more significant.
Didi caught as China and US battle over data
Financial Times
@KangHexin @Tabby_Kinder @YuanfenYang @FTJFranklin
Concerns over how much ride-hailing group knew of crackdown before blockbuster IPO.
What Didi Got Wrong
Foreign Policy
@BeijingPalmer
The ride-hailing app won the Chinese cab wars. Its next logical step turned out to be a huge mistake.
The Tech Cold War’s ‘Most Complicated Machine’ That’s Out of China’s Reach
The New York Times
Don Clark
A $150 million chip-making tool from a Dutch company has become a lever in the U.S.-Chinese struggle. It also shows how entrenched the global supply chain is.
China's Tencent Says It'll Use Face Recognition to Keep Minors From Gaming at Night
Gizmodo
@thetomzone
Shenzhen, China-based gaming giant Tencent has announced it will use a face recognition system to prevent minors in its home country from playing video games late into the night.
Podcasts burst onto China youth scene
Yahoo News
@beiyis
An explosion of Chinese podcasts are wrestling with social issues considered taboo under the country's strict media controls. More than 7,000 new podcasts came online last year with an audience tipped at nearly 10 million - a small but fast-growing group in the world's largest market for web audio content.
USA
Russia ‘Cozy Bear’ Breached GOP as Ransomware Attack Hit
Bloomberg
@WilliamTurton @JenniferJJacobs
Russian government hackers breached the computer systems of the Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive ransomware attack, according to two people familiar with the matter.
Antitrust Can Hurt U.S. Competitiveness
The Wall Street Journal
@RobAtkinsonITIF
When it comes to technology and the economy, the U.S. is grappling with two contradictory goals: competing with China in advanced technology industries and ramping up antitrust enforcement against leading U.S. tech companies. Antimonopoly advocates argue that we can have our cake and eat it too... But there is a long history of U.S. antitrust actions against technology companies, and the results suggest regulators should exercise caution.
A string of top accounts on the new pro-Trump app GETTR were hacked and defaced on its July 4 launch day, and the person claiming to be the hacker says the site still has several security bugs
Business Insider
@mrjoshz
GETTR, the new social media platform set up by allies of former President Donald Trump, still has several unresolved security bugs a day after it was hacked on its July 4 launch.
Hackers Scrape 90,000 GETTR User Emails, Surprising No One
VICE
@lorenzofb
Just days after its launch, hackers have already found a way to take advantage of GETTR's buggy API to get the username, email address, and location of thousands of users.
White House to formally attribute Hafnium Exchange attacks ‘in the coming weeks’
The Record by Recorded Future
@campuscodi
The White House is preparing to formally attribute the Hafnium attacks on Microsoft Exchange servers in the coming weeks; a top US official said last week.
Pentagon cancels $10 billion JEDI cloud contract that Amazon and Microsoft were fighting over
CNBC
@lauren_feiner @amanda_m_macias
The Department of Defense announced Tuesday it’s calling off the $10 billion cloud contract that was the subject of a legal battle involving Amazon and Microsoft. But it’s also announcing a new contract and soliciting proposals from both cloud service providers where both will likely clinch a reward.
Microsoft’s commitment to the DoD remains steadfast
Official Microsoft Blog
@ToniTWhitley
The decision to end prolonged litigation charts a new path forward for the DoD in cloud computing.
America's global leadership in human-centered AI can't come from industry alone
The Hill
@drfeifei
The time has never been more critical for us to come together and cement America’s leadership in AI — a technology that has the potential to drive innovation in every industry, from manufacturing and healthcare to transportation and defense.
North Asia
Japan to bolster national cybersecurity defence with 800 new hires
ZDNet
@achanthadavong
Japan's Ministry of Defense has announced plans to bolster its cybersecurity unit by bringing on additional personnel to help defend against increasingly sophisticated attacks.
Can Taiwan Provide the Alternative to Digital Authoritarianism?
The Diplomat
Melissa Newcomb
The digitization of Taiwan’s democracy may not be complete, but the efforts of its government and civil society point to a viable alternative to digital authoritarianism. The digital tools and policies to reform its government can be applied in other democracies.
Hong Kong Tries to Ease Big Tech’s Concerns Over Data Law
The Wall Street Journal
@newley
City’s top local official says new rules are needed to combat malicious behavior online, but the government will listen to views of internet companies
Southeast Asia
Junta steps up phone, internet surveillance – with help from MPT and Mytel
Frontier Myanmar
A police cybersecurity team is working with state- and military-owned mobile operators to monitor phone users in real time, and to identify and track regime opponents online.
South Asia
Twitter loses immunity over user-generated content in India
Reuters
@adityakalra @sankalp_sp
Twitter Inc no more enjoys liability protection against user-generated content in India as the U.S. microblogging giant has failed to comply with new IT rules, the Indian government said in a court filing.
Evidence found on a second Indian activist’s computer was planted, report says
The Washington Post
@NihaMasih @jslaternyc
The two activists were jailed in 2018 and accused of plotting an insurgency against the government. A new forensic report concludes they also shared something else: They were both victims of the same hacker who planted evidence on their computers.
Europe
Moroccan police arrest suspected cybercriminal after INTERPOL probe
INTERPOL
An alleged prolific cybercriminal has been apprehended in Morocco following a joint two-year investigation by INTERPOL, the Moroccan police and Group-IB. Under Operation Lyrebird, INTERPOL’s Cybercrime Directorate worked closely with Group-IB and with Moroccan Police via the INTERPOL National Central Bureau in Rabat to eventually locate and apprehend the individual who remains under investigation.
EU device-cracking platform to receive major upgrade
The Record by Recorded Future
@campuscodi
The European Union has allocated €4 million in funding to upgrade Cerberus, a platform used by EU law enforcement agencies to crack passwords and access encrypted devices.
Russia
Russian Face Rec Suppliers Offer Ethnicity Analytics, Raising Alarm
IPVM
@DonaldMaye
Four Russian facial recognition firms (AxxonSoft, NtechLab, Tevian, and VisionLabs) who supply the Russian government offer ethnicity analytics, raising concerns the country's police can track minorities.
'Racist' facial recognition sparks ethical concerns in Russia
Reuters
@UmbertoBacchi
An AI tool that categorises people according to their perceived race can be used by police to search for suspects, but even some firms developing the tech warn of its potential for discrimination
Americas
Peru’s presidential election turns into a test for social media platforms
The Record by Recorded Future
@johnnysaks130
The runner-up in Peru’s presidential run-off is waging a Trump-style disinformation campaign aimed at preventing the country’s electoral authorities from certifying her defeat. But there’s one key difference: Social media companies have taken few steps to label, downgrade, or remove misleading content, sparking a debate about when and how those firms should intervene to prevent baseless allegations of electoral fraud from spiraling into civil unrest.
Misc
Help Bellingcat Build Tools For Open Source Investigators!
Bellingcat
We at Bellingcat, like many other research organisations and open source enthusiasts, rely primarily on tools that are available for free. On the one hand, this is because we do not have the budget required to pay for access to many paid tools — we are a nonprofit organisation, after all. But it is also because we believe in the idea of open source software. We want digital researchers from all backgrounds to have the methods and tools at their disposal to be able to conduct open source investigations. This is why we publish free research guides and resource lists on our website.
This Manual for a Popular Facial Recognition Tool Shows Just How Much the Software Tracks People
The Markup
@Dan_CARINO
In 2019, the Santa Fe Independent School District in Texas ran a weeklong pilot program with the facial recognition firm AnyVision in its school hallways. With more than 5,000 student photos uploaded for the test run, AnyVision called the results “impressive” and expressed excitement at the results to school administrators.
The Digital Frontier Promised us a More Open and Democratic “New Normal.” This Isn’t It.
New America
@MarechalPhD
In the digital age, new normals come fast. Just ten years ago, the act of filming an incident of police abuse and sharing it with the world with just a few clicks was revolutionary. Today, police worldwide expect to be filmed, to the point that they increasingly wear the cameras on their own bodies. But social movements’ reliance on these tools have come at a cost. Activists went from surveilling systems of power and oppression, to being surveilled themselves.
Research
Measuring the Effects of Influence Operations: Key Findings and Gaps From Empirical Research
Carnegie Endowment for International Peace
@JonKBateman Elonnai Hickock @lacourchesne Isra Thange
To assess what is known about the effects of influence operations and identify remaining research gaps, the Partnership for Countering Influence Operations sponsored a systematic literature review by Princeton University’s Empirical Studies of Conflict Project. Laura Courchesne, Jacob N. Shapiro, and Isra M. Thange examined eighty-two studies published between 1995 and 2020.
Events
ASPI Webinar: In-conversation with Will Cathcart, Head of WhatsApp
ASPI
ASPI's International Cyber Policy Centre is delighted to invite you to the webinar 'In-conversation with Will Cathcart, Head of Whatsapp'. Join Fergus Hanson in a 'fireside chat' with the CEO of WhatsApp Will Cathcart as they discuss the big issues facing the world’s largest messaging service. This webinar will include Q&A with the online audience. How do we balance requirements for safety, privacy and security? Why does WhatsApp use end-to-end encryption and how has WhatsApp evolved to combat misinformation? Join us at 10am on Thursday, 8 July to take part in this important conversation.
Jobs
ICPC Senior Analyst or Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre has an outstanding opportunity for a talented and proactive senior analyst or analyst to join its centre. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by state and non-state actors. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies.
ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. Please note that interviews have commenced for this position and will continue until the end of June. This role will focus on policy relevant cybersecurity analysis, informed public commentary and either original data-heavy research and/or technical analysis. Analysts usually have around 7-15 years work experience. Senior analysts usually have a minimum of 15 years relevant work experience and tend to be involved in staff and project management, fundraising and stakeholder engagement.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.