SolarWinds hack got emails of top DHS officials | Robert Gates on how to fix cyber defence | A U.S. diplomat’s wife was a social media star—until Chinese trolls, aided by state media, came after her

Mar 29, 2021

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries, The Associated Press has learned. Associated Press
For Cyber Command to be able to respond instantly to attacks, the commander also had to be in charge of the National Security Agency, the only U.S. institution with the capability to defend the country against such attacks and retaliate—Robert M. Gates. The Washington Post
Tzu-i Chuang was referred to as the ‘most famous diplomatic wife’ before she became the target of a vicious, monthslong attack on social media. The Wall Street Journal

Australia

Cyberattacks Australia: MPs warned about careless tech use as hackers hit Parliament
The Australian Financial Review
@SaysSmithy
Australian members of Parliament, including government ministers, are wide open to cyberattacks, due to insufficient technology nous among politicians and a lack of firm guidelines about devices and apps, the shadow cybersecurity minister has warned. The criticism came as parliamentary staff scrambled to ward off a suspected hacking attempt over the weekend. Shadow cybersecurity minister Tim Watts said MPs were regularly using encrypted messaging apps like WhatsApp, Signal and Telegram, which have features that would prevent freedom of information (FOI) requests, and many MPs used their own devices, rather than Parliament-issued securely controlled devices.

South Australian government websites redirecting links through Liberal Party domain
ABC News
@isabeldayman
The South Australian Government may have breached its own privacy principles by using official government links to redirect users through a data-harvesting platform, a privacy expert has warned.

Tech portfolios are where the bodies get buried
InnovationAus
@888riley
What does it say about this government’s attitude to science and technology that the Prime Minister ‘buries’ his two most controversial Cabinet members by giving them tech-heavy portfolios, regardless of their suitability for the roles?

China

A U.S. Diplomat’s Wife Was a Social Media Star—Until Chinese Trolls, Aided by State Media, Came After Her
The Wall Street Journal
@lizalinwsj
Tzu-i Chuang was referred to as the ‘most famous diplomatic wife’ before she became the target of a vicious, monthslong attack on social media.

Outraged by Uyghur genocide, Europe picks a fight with China. And loses
The Guardian
Simon Tisdall
Outraged by tweets from Lu Shaye, China’s “wolf warrior” ambassador in Paris, in which he described a respected French academic as a “crazed hyena” and “small-time hoodlum”, Clément Beaune, France’s Europe minister, summoned the wayward diplomat for a customary dressing-down. Imagine his horror when Lu, ignoring protocol, said he was too busy to come. The French were aghast. “This is not how things are done,” Beaune spluttered. “Neither France nor Europe is a doormat.”

How China’s Outrage Machine Kicked Up a Storm Over H&M
The New York Times
@zhonggg @paulmozur
The Communist Party’s youth wing and official news outlets used grabby memes and hashtags to start a tsunami of nationalist fury over Xinjiang cotton.

Huawei removes Nike and Adidas from its app store amid Xinjiang cotton controversy
The South China Morning Post
@celiachensi
Chinese telecommunication giant Huawei Technologies Co has suspended downloads of sportswear brands Nike and Adidas from its app store amid a public uproar in China over their position on the alleged use of forced labour by Xinjiang cotton producers.

Chinese digital art mocks Western criticism of labour conditions in Xinjiang
Reuters
A digital illustration by a prominent Chinese propaganda artist mocking Western governments, media and businesses critical of labour conditions in Xinjiang has gone viral on China's social media.

Louise Matsakis @lmatsakis

OpenStreetMap is an open source tool used by many of the world's most prominent tech companies. Anyone can edit it. @NilChristopher & @telliotter chronicled the story of one user making changes in China's favor

The mysterious user editing a global open-source map in China’s favorOpen-source tools underpin technology used by millions of people, but they’re also vulnerable to manipulation.restofworld.org

Did Chinese censors mistake an Indonesian newspaper for a Japanese porn site?
Rest of World
@PeterGuest
Earlier this week, Chinese censors abruptly blocked access to the website of Jawa Pos, one of Indonesia’s largest newspapers, confounding its publishers. Hoàng Nguyên Phong, a researcher at the Open Technology Fund who tracks Chinese censorship, noticed on March 24 that Jawapos.com, which is published in Bahasa Indonesia, was being restricted using a technique known as DNS poisoning, which spoofs a website’s IP address to direct traffic to the wrong place. His findings were later confirmed by China-based researchers contacted by Rest of World.

Zheping Huang @pingroma

In his first intv with int'l media, Bilibili CEO Chen Rui told @BloombergTV that video will be a major trend in China internet in the next 5 yrs. Chen took the helm in 2014 and has transformed the video site from a hobby project to a promising biz. Bloomberg - Are you a robot?bloomberg.com

The Public AI Research Portfolio of China’s Security Forces
Center for Security and Emerging Technology
@DeweyAM @emily_sw1 @RyanFedasiuk Daniel Chou
New analytic tools are used in this data brief to explore the public artificial intelligence (AI) research portfolio of China’s security forces. The methods contextualize Chinese-language scholarly papers that claim a direct working affiliation with components of the Ministry of Public Security, People's Armed Police Force, and People’s Liberation Army. The authors review potential uses of computer vision, robotics, natural language processing and general AI research.

USA

AP sources: SolarWinds hack got emails of top DHS officials
Associated Press
@alansuderman
Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries, The Associated Press has learned.

Spencer Ackerman @attackerman

NEW: NSA/CYBERCOM, which denies it’s seeking any such authority, is conspicuously musing that preventing the next SolarWinds intrusion requires ever deeper surveillance on the domestic internet. A decade-old cybersecurity Chekhov’s gun might soon fire.

NSA Suggests It Should Spy on Domestic Internet UseThe establishment of the NSA’s twin, Cyber Command, also created a Chekhov’s gun: broad access to the American internet. Now the SolarWinds hack has NSA’s finger on the trigger.thedailybeast.com

The United States has a major hole in its cyberdefense. Here’s how to fix it.
The Washington Post
Robert M. Gates
For Cyber Command to be able to respond instantly to attacks, the commander also had to be in charge of the National Security Agency, the only U.S. institution with the capability to defend the country against such attacks and retaliate. Cyberdefense and cyberoffense, I was convinced (and still am), needed to be commanded by one person. The commander of Cyber Command could not be in the position of having to ask for or negotiate NSA support, thus increasing the danger of delays in our response time.

ProPublica @propublica

In "American Insurrection," @frontlinepbs, @propublica & @ucbsoj investigate the threat posed by violent far-right groups that have ties to anti-government, white supremacist ideologies and criminality. Tune in or stream 4/13 on @PBS. to.pbs.org/3stBauE

Amazon started a Twitter war because Jeff Bezos was pissed
Vox
@DelRey
Snarky tweets targeting Sens. Bernie Sanders and Elizabeth Warren came after the CEO told executives they weren’t pushing back hard enough on critics.

Amazon Security Staff Reported Its Own Hostile Tweets as 'Suspicious,' Fearing They'd Been Hacked
The Interpreter
@kenklippenstein
“These tweets are unnecessarily antagonistic (risking Amazon’s brand), and may be a result of unauthorized access,” read an employee help ticket.

Ariel Bogle @arielbogle

A short thread about Darla, who really really loves working for Amazon! Her account was created on Mar 26--curiously, right in the middle of a union fight in Alabama. But take a look at her profile pic...

Google Faces Class Action for Allegedly 'Selling Users Data'
VICE
@josephfcox
The lawsuit centers around how companies obtain sensitive information about users during the real-time bidding process.

New Zealand & The Pacific

Coronavirus: PNG is on the precipice and it needs an urgent intervention
Lowy Institute
@jonathan_pryke
Finally, Australia should provide any support needed for a comprehensive communications rollout. Through Facebook, the primary means of information sharing in the country, fake news and misinformation is spreading faster than the virus. An alarming number of PNG’s educated and elite are sceptical of the reality of COVID-19, let alone the efficacy of a vaccine. Every leader in the country must be quickly vaccinated, and do it publicly. NRL players — celebrities in PNG — should be speaking up. Facebook should be co-opted to coordinate a mass information campaign on its platform.

Dr Amanda H A Watson @ahawatson

Communication minister @TimMasiuMP says there’ll be a new mobile operator in #PapuaNewGuinea this year. Digitec is owned by ATH, a public company on the South Pacific Stock Exchange with $ from @ADB_HQ for a new #mobile network in #PNG. kalangfm.com/news/third-mob… #tech #Pacific #ICT

Third mobile network operator to enter PNG marketA third mobile network operator will enter the market before year end. Digitec Communications Limited will be rolling out their 4G and 5G telecommunications network in preparation for its launch in...kalangfm.com

Misinformation threatens control of Covid-19 outbreak in Papua New Guinea
The Strategist
@sueahearn
A member of the PNG parliament died from Covid-19 last week, but it still wasn’t enough to convince many Papua New Guineans that the virus is real and is probably out of control in their country. Misinformation and lack of trust in authority are so widespread in PNG that people on social media are questioning and vilifying the country’s most experienced doctors and scientists.

UK

Legal challenge seeks to stop ministers sending disappearing messages
The Guardian
@jimwaterson
Ministers could be stopped from using self-destructing messages to conduct government business, following a legal challenge supported by an alliance of transparency campaigners and university archivists.

Europe

EU: Robustly Carry Out New Surveillance Tech Rules
Human Rights Watch
The improvements to the European Union’s export controls rules on surveillance technology are so fragile that only rigorous efforts to carry them out will prevent EU technology from landing in the hands of abusive governments, Human Rights Watch said today.

The Americas

Facebook freezes Nicolás Maduro’s page for spreading virus misinformation.
The New York Times
@MikeIsaac @bybryanpietsch
The Facebook page of Venezuela’s president, Nicolás Maduro, was frozen for “repeated” violations of its misinformation policies, including a post about an unproven remedy for Covid-19, the company said on Sunday, the latest example of the social media giant cracking down on political figures who violate its content policies.

Misc

Building a community to counter influence operations: Four questions for Alicia Wanless
Hewlett Foundation
@kellykborn
Alicia Wanless is the director of the Partnership for Countering Influence Operations at the Carnegie Endowment for International Peace, a grantee of our Cyber Initiative. Influence operations—the kind of coordinated efforts, often using social media platforms, to affect public opinion and interfere in elections that have played out in democracies around the world in recent years—represent a complex challenge to society, and countering them requires responses from sectors including government, nonprofits, academia and the social platforms themselves. The goal of the Partnership, in its own words, is “to grow this community and equip it to fight influence operations worldwide.” We asked Alicia about the work of the Partnership on this critically important issue.

Avi Asher-Schapiro @AASchapiro

I spoke to Guido Girardi, a Chilean senator who wants to make Chile the first country to legislate rights for the brain. He sees companies like Facebook racing to build 'human-computer-interfaces,' & he sees a "fundamental threat to human autonomy."

Advances in brain tech spur calls for ‘neuro-rights’As scientists learn more about how to manipulate the brain, ethicists say data could one day be collected, sold and exploitednews.trust.org

Why This Teen Walked Away From Millions of TikTok Followers
VICE
@samleecole
Ava was stalked, harassed, hacked, physically threatened, and forced to move—all from some random man who became obsessed with her on TikTok

Lauren Masks Are Goode @LaurenGoode

"The GPT-3 might be considered the field’s Sputnik...[it] can be startlingly eloquent and articulate; it can also spurt out gibberish and offensive statements. Dozens of research groups and companies are seeking ways to make use of the tech." wired.com/story/ai-gener… @willknight

This AI Can Generate Convincing Text—and Anyone Can Use ItThe makers of Eleuther hope it will be an open source alternative to GPT-3, the well-known language program from OpenAI.wired.com

People's Expensive NFTs Keep Vanishing. This Is Why
VICE
@ben_munster
“There was no history of my ever purchasing it, or ever owning it,” said one confused NFT buyer. “Now there’s nothing. My money’s gone.”

Daily Cyber Digest