Russian state hackers compromised Denmark’s central bank | US House passes science innovation bills | Indian police file new charges against Twitter
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected. BleepingComputer
The House on Monday passed two bipartisan bills aimed at bolstering research and development programs in the United States, setting up a battle with the Senate over how best to invest in scientific innovation to strengthen American competitiveness. The New York Times
Police in India have registered three new cases against Twitter Inc for allegedly hurting sentiments and promoting child pornography, marking an escalation in the row between the U.S. firm and Indian authorities. Reuters
ASPI ICPC
Archives at risk of cyber attack, security expert warns
The Sydney Morning Herald
@katinacurtis @swrighteconomy
A cybersecurity expert warns Australia’s enemies could take advantage of the National Archives’ less-secure technology to gain access to some of our most sensitive government documents and potentially change or delete records. The federal government is working up a package to respond to David Tune’s review of the Archives, which includes suggestions for beefing up the institution’s cybersecurity. Anne Lyons, a fellow with Defence-funded think tank the Australian Strategic Policy Institute and the Archives’ former chief information officer, says the problem is the institution is vulnerable but the information it holds isn’t necessarily thought of as valuable by policymakers. She warns any attack on the “memory holders, the truth holders” of the nation could cause people to lose trust in their integrity and “create cracks in our democratic and our important institutions”.
Read ASPI ICPC's report by Anne Lyons - Identity of a nation: Protecting the digital evidence of who we are - on this very issue.
China's New Data Security Law - A Discussion With Dr. Samantha Hoffman
INSPIRAFY Media
Dr. Samantha Hoffman, Senior Analyst with the Australian Strategic Policy Institute, joined me for a discussion on China’s new data security law. She reviewed the new law's implications for personal data, national security and protocols for creating data security frameworks. Dr. Hoffman also shared thoughts on how the Biden administration & its democratic allies can respond to this development and she urged Washington to invest more in R&D to become more competitive in tech innovation. Lastly, Dr. Hoffman explained the Chinese Communist Party’s approach to state security, in particular its tech-driven social and political control programs.
Australia should bet on digital engagement with Southeast Asia
The Strategist
@le2huong
Despite a shrinking aid budget, Australia can still make a valuable contribution if it invests smartly and generously in Southeast Asia’s future and focuses on areas in which it has expertise and experience. The best way to offset the asymmetry is for Australia to bet on digital and tech diplomacy. Australia’s Southeast Asian engagement should focus on building the region’s digital capacity. Australia has already begun to do this through various agencies, but its support is delivered mainly through aid. With the trend of cuts to aid budgets, it will be a challenge for Australia to make an impact through aid alone. Instead, Australia should adopt a comprehensive and long-term strategy that would modernise its traditional diplomacy and would effectively support the region’s resilience to cyberattacks, address its immediate needs and invest in its growing potential.
Australia
Skills crisis pushes up tech wages by a third
Australian Financial Review
@DLLabs
The cost of hiring skilled software developers, security specialists and data experts has gone up by about 30 per cent in Australia in just 12 months, and the policy of trying to eliminate COVID-19 from the country is a large part of the reason, software companies claim.
Canberra dishes out AU$8 million to boost Aussie cyber skills
ZDNet
@ashabeeeee
AU$8.2 million has been awarded to eight projects aimed at upping Australia's cyber skills, as well as a AU$10 million Defence contract for 100% Indigenous and veteran-owned business Willyama Services to help the DISO with cyber support.
Rachael Falk on building local cyber capability
InnovationAus
James Riley
In this episode of the Commercial Disco podcast, Rachael Falk talks about the challenges of building domestic cyber capability and the role of the CRC in creating the top-end skills that can underpin a healthy and growing Australian cyber industry.
Australia, U.S. and Canada launch interactive map for critical minerals
Reuters
Melanie Burton
Australia said it has teamed up with the United States and Canada to launch an interactive map of deposits of rare earths and other critical minerals that are expected to be in hot demand as the world moves to cleaner forms of energy.
Human Rights Watch reveals harassment, surveillance of Chinese students studying in Australia
ABC News
@MattDoran91
Bonnie is among almost 50 students and academics who spoke to Human Rights Watch, as it investigated allegations of intimidation, harassment and surveillance of Chinese and Hong Kong students on Australian university campuses. Many reported concerns about being "doxed", which is when people on social media share personal details about individuals, such as their home address, without their consent.
Read the report by Human Rights Watch - Australia: Beijing Threatening Academic Freedom.
China
China Wants Howling Diplomats to Quiet Down, but Nationalism Gets in the Way
The Wall Street Journal
@qizhai @ByChunHan
The Foreign Ministry is taking steps to pull back on the aggression, including by drafting guidelines for diplomats on the use of Twitter, but officials involved fear that too obvious a softening could incur the wrath of legions of nationalist internet users, who have become a potent force in Chinese politics, according to the people..Separately, officials have been studying how other countries manage foreign media, including the use of legal tools to force the removal of perceived falsehoods, and urged state-media reporters overseas to promote Beijing’s narratives on social media, people familiar with those efforts said.
Brazil and China in talks to strengthen science and technology ties
ZDNet
@angelicamari
The countries are discussing further bilateral cooperation in areas including artificial intelligence and smart cities; China calls for financing to translate theory into practice.
China’s Communist Party is coming for podcasting
Protocol
@shenlulushen
Many believe the golden age of Chinese podcasting has just started... But it is a fast-evolving industry with tremendous growth potential. Major investments into podcasting are incubating high-quality, professional audio production. But growing popularity inevitably subjects the nascent podcast sector to the same level of propaganda influence, censorship and monetization pressure as mainstream social media platforms.
USA
House Passes Bills to Bolster Scientific Research, Breaking With Senate
The New York Times
@CatieEdmondson
The House on Monday passed two bipartisan bills aimed at bolstering research and development programs in the United States, setting up a battle with the Senate over how best to invest in scientific innovation to strengthen American competitiveness.
Facebook Goes Boring. Yes!
The New York Times
@ShiraOvide
Facebook’s approach is mostly boring, which I love, and far less visible than billionaires’ satellites, drones or helium balloons used to beam internet service to more places. Instead, Facebook is doing things like sharing internet fiber lines to move data and inventing software for cheaper cellphone equipment. (Yes, Facebook is doing something really helpful!).
Microsoft to grow legal team amid global tech regulation
Axios
@inafried
Microsoft plans to increase its legal and corporate affairs unit by 20 percent in the coming fiscal year as it prepares for what it sees as a years-long wave of tech regulation across the globe, Microsoft president Brad Smith told Axios.
Boom Times for Lawyers as Washington Pursues Big Tech
The New York Times
@ceciliakang @dmccabe
Not since the government sued to break up Microsoft in the late 1990s has there been greater demand for people who know the ins and outs of corporate competition law.
Actually, the Antitrust Case Against Facebook Is Very Much Alive
WIRED
@GiladEdelman
A judge dealt the Federal Trade Commission a setback this week in its quest to break the company up—but also provided a roadmap for how to proceed.
The battle to break up Big Tech has just begun
The Washington Post
@WillOremus
For antitrust reformers, Facebook’s court win might not be the setback it would seem.
Google debuts a new website and set of resources for Americans experiencing food insecurity
TechCrunch
@sarahintampa
Google today is launching a new suite of resources for people struggling with food insecurity across the U.S. The project includes the launch of a new website, “Find Food Support,” that connects people to food support resources, including hotlines, SNAP information, and a Google Maps locator tool that points people to their local food banks, food pantries and school meal program pickup locations, among other things.
Federal agencies need stricter limits on facial recognition to protect privacy, says government watchdog
The Washington Post
@GerritD
The use of facial recognition technology is widespread throughout the federal government, and many agencies do not even know which systems they are using. That needs to change, the federal government’s main watchdog said in a new report.
Facial Recognition Technology
US Government Accountability Office
GAO surveyed 42 federal agencies that employ law enforcement officers about their use of facial recognition technology. Twenty reported owning systems with facial recognition technology or using systems owned by other entities, such as other federal, state, local, and non-government entities.
White House weighs cracking down on secret ransomware payments, pursuing hackers
CyberScoop
@timstarks
Going on offense against attackers and penetrating the secrecy surrounding attacks are two ways the Biden administration is pondering to tackle ransomware, a top White House official said on Tuesday.
CISA Begins Cataloging Bad Practices that Increase Cyber Risk
Cybersecurity & Infrastructure Security Agency
In a blog post by Executive Assistant Director (EAD) Eric Goldstein, CISA announced the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critical Functions.
North Asia
Taiwan’s unity cracks under Chinese disinformation onslaught
Financial Times
@kathrinhille
Beijing’s weapon of choice has been disinformation. Experts have registered a sharp increase of Chinese information operations targeting Taiwan since the beginning of the pandemic last year, but following the recent start of increasing infections and deaths, those attacks have started to sting.. Analysts say a key pattern through which Chinese disinformation in Taiwan spreads is that fake news or skewed narratives generated by Chinese trolls or content farms are passed on through Taiwanese private groups on the messaging app Line or the online discussion board PTT. That is how they find their way to mainstream Taiwanese media.
Japan minister says necessary to 'wake up' to protect Taiwan
Reuters
@davidbrunnstrom
Nakayama highlighted growing threats posed by China in space, in missile technology, in the cyber domain and in nuclear and conventional forces, and said that under Xi Jinping’s leadership it had “aggressive, aggressive...thought and will.” “So wake up. We have to wake up, ” he said..Washington and Tokyo should boost technological collaboration in the face of closer Chinese and Russian cooperation, he said.
Southeast Asia
Facebook sues four Vietnamese nationals for hijacking accounts
The Record
@campuscodi
Social networking giant Facebook has filed two lawsuits today against two suspected criminal groups that abused its advertising platform for their own gains.
South Asia
Twitter faces three police cases amid growing challenges in India
Reuters
@saurabhsherry @sankalp_sp
Police in India have registered three new cases against Twitter Inc for allegedly hurting sentiments and promoting child pornography, marking an escalation in the row between the U.S. firm and Indian authorities.
Twitter in India faces criminal charges for Kashmir map ‘treason’
The Guardian
@HannahEP
Twitter is facing criminal charges in India after the site published a map that incorrectly showed the turbulent Indian region of Kashmir as a separate country.
The Indian government continues to harass journalists. I’m facing prison over a tweet.
The Washington Post
@RanaAyyub
During the virtual Group of Seven summit a couple of weeks ago, Indian Prime Minister Narendra Modi signed a joint statement to promote “freedom of expression, both online and offline, as a freedom that safeguards democracy and helps people live free from fear and oppression.”
UK
UK gets data flows deal from EU — for now
TechCrunch
@riptari
The U.K.’s digital businesses can breathe a sigh of relief today as the European Commission has officially signed off on data adequacy for the (now) third country, post-Brexit. It’s a big deal for U.K. businesses, as it means the country will be treated by Brussels as having essentially equivalent data protection rules as markets within the bloc, despite no longer being a member itself — enabling personal data to continue to flow freely from the EU to the U.K. and avoiding any new legal barriers.
Minister's affair caught on camera prompts questions about surveillance among Britain's political elite
CNN
@lukemcgee
Over the weekend, Matt Hancock, now the country's former health secretary, was forced to resign after images of him kissing a female adviser were published in a newspaper. The images came from a security camera in Hancock's office and Westminster colleagues are freaked out. The security implications for this are enormous and the opposition Labour party is demanding a sweeping review of security across government buildings.
Former MI6 chief Sir Alex Younger on why “intelligence is fundamental” to cybersecurity
The Record
@adamjanofsky
In a series of conversations with The Record, Younger discussed his time in the Secret Intelligence Service, Russia’s disinformation game, and why ransomware is more of a people problem than a technological one. The discussion below has been condensed and edited for clarity.
Europe
Russian hackers had months-long access to Denmark's central bank
BleepingComputer
@Ionut_Ilascu
Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected.
Cybersecurity for SMEs - Challenges and Recommendations
European Union Agency for Cybersecurity
In response to the COVID19 pandemic, ENISA analysed the ability of SMEs within the EU to cope with the cybersecurity challenges posed by the pandemic and determining good practices to address those challenges. This report provides cybersecurity advice for SMEs, but also proposals for actions that Member States should consider in order to support SMEs improve their cybersecurity posture.
Canada
Canada has a 5G security issue: Here’s how to solve it
The Globa and Mail
Matthew Halliday
For years, discussion about 5G security in Canada has fixated on Chinese telecom giant Huawei and the potential danger of Canadian telecom companies building next-generation wireless networks with equipment from a company with close ties to China’s authoritarian government. But that discussion, many cybersecurity experts say, has overshadowed another urgently needed conversation about the security underpinning our 5G networks – regardless of who builds it.
Africa
Orange sees role for Huawei in 5G Africa rollout
Reuters
@ClaraLaeila @Tech_Correspond
Orange, France’s largest telecoms firm, will avoid using equipment from Chinese vendors when developing Europe’s 5G networks, opting for suppliers such as Ericsson and Nokia instead, its chief executive said. But the company sees no issue in working with Huawei in Africa, where the Chinese company dominates as a supplier of equipment to many telecoms operators.
Misc
700 Million LinkedIn Records For Sale on Hacker Forum, June 22nd 2021
PrivacySharks
Madeleine Hodson
The seller, “GOD User” TomLiner, stated they were in possession of the 700 million records on June 22 2021, and included a sample of 1 million records on RaidForums to prove their claims. Our researchers have viewed the sample and can confirm that the damning records include information such as full names, gender, email addresses, phone numbers, and industry information.
Scant evidence that cyber insurance boom is leading to better security
SC Media
@DerekDoesTech
The security community for the last few years pointed to great potential for cyber insurance to drive progress in cyber best practices: force companies to up their game by making certain standards a requirement for coverage. But recent research shows that’s not happening.
Nine out of 10 health apps harvest user data, global study shows
The Guardian
Soofia Tariq
Analysis of 20,000 mobile apps that ask for sensitive information shows that some track users across different platforms.
Research
PARAT – Tracking the Activity of AI Companies
Center for Security and Emerging Technology
CSET’s Private-sector AI-Related Activity Tracker (PARAT) collects data related to companies’ AI research and development to inform analysis of the global AI sector. The global AI market is already expanding rapidly and is likely to continue growing in the coming years. Identifying “AI companies” helps illustrate the size and health of the AI industry in which they participate as well as the most sought-after skills and experience in the AI workforce.
Encryption and Crime: The Case for a Transatlantic Encryption Alliance
Center for European Policy Analysis
@mariakoomen
The arrests of more than 800 alleged criminals around the world who had been using an encrypted app covertly run by the FBI and Australian law enforcement may seem an argument to give detectives greater access to private data. In fact, Operation Trojan Shield was a creative approach to fighting crime that harnessed trust in encryption as an advantage and not an obstacle.
Events
ASPI Webinar: In-conversation with Will Cathcart, Head of WhatsApp
ASPI
ASPI's International Cyber Policy Centre is delighted to invite you to the webinar 'In-conversation with Will Cathcart, Head of Whatsapp'. Join Fergus Hanson in a 'fireside chat' with the CEO of WhatsApp Will Cathcart as they discuss the big issues facing the world’s largest messaging service. This webinar will include Q&A with the online audience. How do we balance requirements for safety, privacy and security? Why does WhatsApp use end-to-end encryption and how has WhatsApp evolved to combat misinformation? Join us at 10am on Thursday, 8 July to take part in this important conversation.
Jobs
ICPC Senior Analyst or Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre has an outstanding opportunity for a talented and proactive senior analyst or analyst to join its centre. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by state and non-state actors. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies.
ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. Please note that interviews have commenced for this position and will continue until the end of June. This role will focus on policy relevant cybersecurity analysis, informed public commentary and either original data-heavy research and/or technical analysis. Analysts usually have around 7-15 years work experience. Senior analysts usually have a minimum of 15 years relevant work experience and tend to be involved in staff and project management, fundraising and stakeholder engagement.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.