Security flaws in Beijing 2022 Olympics app | Israel police uses NSO’s Pegasus to spy on citizens | Twitter's Nigeria deal
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Security flaws in a smartphone application that’s required for athletes and team officials attending the 2022 Beijing Olympics leave users at risk of having their calls and data intercepted, a Toronto cybersecurity watchdog has found. The Globe and Mail
Mayors, leaders of political protests against former Prime Minister Benjamin Netanyahu, and former governmental employees, were among those tracked by Israeli police without a search or bugging warrant authorizing the surveillance. Calcalist Tech
Twitter has agreed to a raft of conditions to end a seven-month ban in Nigeria, in what feels like a big win for President Muhammadu Buhari's administration in its efforts to regulate the internet, some analysts say. BBC Africa
ASPI ICPC
A disruptive innovation, future-focussed Australian strategic studies
AIIA
Peter Layton
Though this harsh assessment may reflect more that Australian academia often looks inward, there is expertise in such areas, it just needs to be “seen.” For example, ASPI does world-leading work on cyber-intelligence, and there are also studies elsewhere on the operational and ethical aspects of the military use of artificial intelligence underway.
World
The case for Cyber-Realism: geopolitical problems don’t have technical solutions
Foreign Affairs
Dmitri Alperovitch
U.S. cyberstrategy has focused too much on managing the effects of digital attacks through defense and deterrence rather than addressing the geopolitical tensions that give rise to cyberthreats.
China
Security flaw found in smartphone app for Olympians in Beijing
The Globe and Mail
Steven Chase and Robert Fife
Security flaws in a smartphone application that’s required for athletes and team officials attending the 2022 Beijing Olympics leave users at risk of having their calls and data intercepted, a Toronto cybersecurity watchdog has found.
Cross-country Exposure Analysis of the MY2022 Olympics app
The Citizen Lab
Jeffrey Knockel
MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped.
Olympic athletes advised to leave phones at home to dodge spying
Bloomberg
Jamie Tarabay and Sarah Zheng
Beyond Omicron and gold medal tallies, athletes arriving in China’s capital for the Winter Games next month may have one more thing to worry about: is it safe to access the internet?
USA
U.S. examining Alibaba's cloud unit for national security risks - sources
Reuters
Alexandra Alper
The Biden administration is reviewing e-commerce giant Alibaba's cloud business to determine whether it poses a risk to U.S. national security, according to three people briefed on the matter, as the government ramps up scrutiny of Chinese technology companies' dealings with U.S. firms.
Big Tech foes launch ‘campaign-style’ initiative to push for antitrust legislation
The Washington Post
Cat Zakrzewski
Launching Tuesday, the Tech Oversight Project plans to bring “campaign-style” tactics to push lawmakers to pass competition legislation aimed at the tech industry.
The U.S.-Russia cyber relationship just got even more complicated
The Washington Post
Joseph Marks
The never-easy U.S.-Russia cyber relationship has grown immensely more fraught the past few days with the arrests of more than a dozen Russia-based ransomware operators coinciding with a Russian cyber surge in Ukraine.
Lawmakers plan legislation to ‘ban surveillance advertising’
Motherboard
Joseph Cox
Generally, tech companies such as Facebook argue that targeted advertising is a positive thing, as it means that the adverts users of their platforms face are more relevant to their interests. But to facilitate that targeting, Facebook and others collect large amounts of data on users’ preferences, location, characteristics, and more, putting that data at risk.
New Zealand and the Pacific
Tonga’s volcano blast cut it off from the world. Here’s what it will take to get it reconnected.
MIT Technology Review
Chris Stokel-Walker
Given that the internet is increasingly seen as a fourth vital service, alongside heat, power, and water, such a long outage for 100,000 people is a major disaster—compounding the immediate physical effects of the eruption. And it highlights the fragility of certain parts of the internet, particularly outside the rich Western world.
Tonga and fragility of long-haul networks
APNIC
George Michaelson
The recent earthquake offshore from Tonga has brought into sharp focus the fragility of worldwide communications in the face of real-world events. For some time now, the vast majority of communication to and from Tonga has been reliant on the Internet, and there is currently a deeply concerning lack of communication.
Europe
What we know and don’t know about the cyberattacks against Ukraine
Zero Day
Kim Zetter
Last week dozens of government agencies in Ukraine were targeted in a web site defacement campaign in which hackers replaced their main web page with a politically charged message.
Poland raises cybersecurity terror threat after Ukraine cyber attack
Reuters
Joanna Plucinska
"The introduction of this alert level means that public administration will be obliged to conduct increased monitoring of the security of ICT systems. It is due to the possibility of a possible security breach of electronic communications," the statement said.
The Middle East and Israel
Israel police uses NSO’s Pegasus to spy on citizens
Calcalist Tech
Tomer Ganon
Mayors, leaders of political protests against former Prime Minister Benjamin Netanyahu, and former governmental employees, were among those tracked by police without a search or bugging warrant authorizing the surveillance.
Half of global cyber defence investment has been in Israel -PM Bennett
Reuters
Steven Scheer
"I believe roughly half or almost half of the global investments in cyber companies over the past few years has been in Israel. So Israel has become a powerhouse in cyber defence. I see a bunch of opportunities and we intend to seize them," Bennett said.
Africa
How Nigeria succeeded in clipping Twitter's wings
BBC Africa
Nduka Orjinmo
Twitter has agreed to a raft of conditions to end a seven-month ban in Nigeria, in what feels like a big win for President Muhammadu Buhari's administration in its efforts to regulate the internet, some analysts say.
Misc
Why anti-vaxxers, QAnon influencers and white nationalists are flocking to Substack
Institute for Strategic Dialogue
Elise Thomas
Malone has previously been banned by Twitter for spreading COVID-19 misinformation. Yet there is at least one platform where Malone is still able to freely promote, and profit from, health misinformation: Substack.
Twitter expands misinformation reporting feature to more international markets
Tech Crunch
Sarah Perez
Last August, Twitter introduced a new feature in select markets, including the U.S., that invited users to report misinformation they encountered on its platform — including things like election-related or COVID-19 misinformation, for example. Now the company is rolling out the feature to more markets as its test expands. In addition to the U.S., Australia and South Korea, where the feature had already gone live, Twitter is rolling out the reporting option to users in Brazil, Spain and the Philippines.
Jobs
ICPC Analyst / Project Lead - Cyber Capacity Building
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for a talented Analyst / Project Lead to support a new project that looks at supporting states in the Indo-Pacific in defending against cyber-enabled theft of intellectual property. The successful candidate will work in a small, high-performing team to produce original research and analysis that directly informs broader diplomatic and cyber capacity building activities on the topic of equipping countries globally with tools to defend against the use of cyber tools to steal IP for commercial purposes.Together with a project lead on Learning and Development and the Project Director, the analyst will also participate in international workshops, provide training to foreign governments and present to other external stakeholders.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.