SolarWinds hack was 'largest and most sophisticated attack' ever: Microsoft | Anatomy of a conspiracy: With COVID, China took the lead | Google closing in on news content deals
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
A hacking campaign that used a U.S. tech company as a springboard to compromise a raft of U.S. government agencies is "the largest and most sophisticated attack the world has ever seen," Microsoft Corp President Brad Smith said. Reuters
A nine-month Associated Press investigation of state-sponsored disinformation conducted in collaboration with the Atlantic Council's Digital Forensic Research Lab, shows how a rumor that the US created the virus that causes COVID-19 was weaponized by the Chinese government, spreading from the dark corners of the Internet to millions across the globe. The analysis was based on a review of millions of social media postings and articles on Twitter, Facebook, VK, Weibo, WeChat, YouTube, Telegram and other platforms. Associated Press
Google has stepped back from a threat to shut down its search engine locally and is on the brink of striking commercial deals with some of Australia’s largest news organisations after months of hard fought negotiations over planned media bargaining laws.The ABC, Nine Entertainment Co (owner of this masthead) and Guardian Australia are in eleventh-hour negotiations with the $1.8 trillion tech giant for use of their content on various Google services. Industry sources briefed on the talks indicated the deals could be reached within 48 hours. However, while the talks are in advanced stages, there is no guarantee the agreements will be completed. The Sydney Morning Herald
ASPI ICPC
Security concerns over Clubhouse chat app
Asia Times Financial
@karina_tsui
"Clubhouse represents a new medium - real-time, participatory audio discussions that are perhaps more potent for changing people’s minds than most other mediums,” Fergus Ryan, an analyst at the Australian Strategic Policy Institute who is an expert on technology censorship in China. “From Beijing’s perspective, this new medium poses a unique threat to the efficacy of their propaganda efforts.”
Australia
Google closing in on news content deals with ABC, Nine, Guardian
The Sydney Morning Herald
@zoesam93 @LisaVisentin
Google has stepped back from a threat to shut down its search engine locally and is on the brink of striking commercial deals with some of Australia’s largest news organisations after months of hard fought negotiations over planned media bargaining laws.The ABC, Nine Entertainment Co (owner of this masthead) and Guardian Australia are in eleventh-hour negotiations with the $1.8 trillion tech giant for use of their content on various Google services. Industry sources briefed on the talks indicated the deals could be reached within 48 hours. However, while the talks are in advanced stages, there is no guarantee the agreements will be completed.
Defence extends contract for storage of sensitive military files with Chinese-owned company rather than ending it
ABC News
@andrewbgreene
Federal MPs are alarmed the Defence Department has quietly extended a contract with Chinese-owned company Global Switch to continue storing data in its Sydney facilities, despite a push to end the arrangement by 2020.
Unis slam cyber crackdown regime
The Australian
Australian universities say the Morrison government’s critical infrastructure crackdown will “unnecessarily” lumber them with extra red tape and the higher education sector is being treated differently to universities in other Five Eyes nations.
Microsoft asks government to stay out of its cyber attack response in Australia
ZDNet
@ashabeeeee
Microsoft has taken the opportunity to remind the federal government of the issues it takes with the proposed critical infrastructure legislation by flagging several aspects of the Bill that it believes could unintentionally make Australia's security posture less secure. Government intervention would result in 'The Fog of War', further complicating any attempt to mitigate cyber attack response, the company said.
AGL asks govt to pick up tab for cyber incident interventions
ZDNet
@rycrozier
AGL, which is already subject to existing cyber security rules for critical infrastructure, is worried the ASD could order costly cyber security enhancements and then leave.
ASD says cyber attack intervention will be 'rare' under critical infrastructure Bill
ZDNet
@ashabeeeee
The Australian Signals Directorate (ASD) expects intervention in the cyber attack response of companies considered critical infrastructure to only occur in "rare circumstances".
Stone & Chalk to merge with AustCyber
Australian Financial Review
@ronmjm
Innovation hub operator Stone & Chalk and federal government-backed cyber-security growth network AustCyber will merge to create a national powerhouse in the Australian start-up community.
China
Anatomy of a conspiracy: With COVID, China took leading role
Associated Press
@ekinetz
A nine-month Associated Press investigation of state-sponsored disinformation conducted in collaboration with the Atlantic Council's Digital Forensic Research Lab, shows how a rumor that the US created the virus that causes COVID-19 was weaponized by the Chinese government, spreading from the dark corners of the Internet to millions across the globe. The analysis was based on a review of millions of social media postings and articles on Twitter, Facebook, VK, Weibo, WeChat, YouTube, Telegram and other platforms.
A range of actors are manipulating the information environment to exploit the COVID-19 crisis for strategic gain. ASPI’s International Cyber Policy Centre is tracking many of these state and non-state actors online, and will occasionally publish investigative, data-driven reporting that will focus on the use of disinformation, propaganda, extremist narratives and conspiracy theories by these actors. See our related reports:
USA
SolarWinds hack was 'largest and most sophisticated attack' ever: Microsoft president
Reuters
A hacking campaign that used a U.S. tech company as a springboard to compromise a raft of U.S. government agencies is "the largest and most sophisticated attack the world has ever seen," Microsoft Corp President Brad Smith said.
SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments
CBS News
@BillWhitakerCBS
How Russian spies used a popular piece of software to unleash a virus that spread to 18,000 government and private computer networks.
The Untold History of America’s Zero-Day Market
WIRED
@nicoleperlroth
The lucrative business of dealing in code vulnerabilities is central to espionage and war planning, which is why brokers never spoke about it - until now.
The Technology 202: Microsoft takes aim at Google and Facebook with call for new U.S. media rules
The Washington Post
@Cat_Zakrzewski
The comments underscore Microsoft's unique position in the tech policy reckoning.
Scientists said claims about China creating the coronavirus were misleading. They went viral anyway.
The Washington Post
@craigtimberg
But in an age when anyone can publish anything online with a few clicks, this response was not fast enough to keep Yan’s disputed allegations from going viral, reaching an audience in the millions on social media and Fox News. It was a development, according to experts on misinformation, that underscored how systems built to advance scientific understanding can be used to spread politically charged claims dramatically at odds with scientific consensus.
UK
Covid-19: How did a volunteer panel react when we showed them an anti-vax video?
BBC News
Activists have been targeting people with fears about vaccines in a social media blitz. In an experiment, BBC Panorama showed a panel one video filled with falsehoods to see how it affected their willingness to get a jab.
Former BT chair Rake quits Huawei UK board after a year
Sky News
@MarkKleinmanSky
Sir Mike Rake is to step down from the Chinese telecoms group's UK board as a government ban looms, Sky News learns.
Europe
Create a bulwark against Chinese economic coercion: Advance open RAN in Europe
The Hill
@CarisaNietsche @MartijnRasser
In an effort to broaden its threat, the Chinese delegation added a clause to the recently negotiated EU-China Comprehensive Agreement on Investment punishing European states who ban Huawei. While EU negotiators struck it from the final text, the Chinese delegation’s attempt is a remarkable example of China using its market size to advance its national champions abroad. With key countries such as Germany still on the fence on the Huawei issue, it remains critical for the Biden administration and the U.S. Congress to work with transatlantic allies to create a bulwark against Beijing’s economic coercion and advance new telecommunications solutions based on shared interests and values.
Read ASPI ICPC's report 'The Chinese Communist Party’s coercive diplomacy' here.
France identifies Russia-linked hackers in large cyberattack
POLITICO
@laurenscerulus
France’s cybersecurity agency ANSSI on Monday said “several French entities” had been breached, and linked the attacks to a Russian hacker group thought to be behind some of the most devastating cyberattacks in past years.
Brussels to allow data to continue to flow to UK
The Financial Times
@JavierespFT @Mikepeeljourno
Brussels is set to allow data to continue to flow freely from the EU to the UK after concluding that the British had ensured an adequate level of protection for personal information.
France pushes for big changes to proposed EU tech regulation
The Financial Times
@JavierespFT @labboudles
France is pushing for the EU's upcoming regulations on Big Tech to be changed so that member states could wield more power to punish bad behaviour and police more types of content.
The Americas
Ottawa partners with Huawei to fund university research despite security concerns
The Globe and Mail
@RobertFife @stevenchase
A Globe and Mail investigation previously revealed that Huawei established a vast network of relationships with leading research-heavy universities in Canada to create a steady pipeline of intellectual property.
Misc
Authoritarian Regimes Could Exploit Cries of ‘Deepfake’
WIRED
@SamGregory
Political opportunism also thrives on panic. Deepfake fears will be used to justify authoritarian “fake news†laws globally or the co-opting of approaches like authenticity infrastructure to make them reinforce power and repress our voices, rather than challenge misinformation and disinformation.
Read ASPI ICPC's Report 'Weaponised Deep Fakes' here.
Clubhouse says reviewing data protection practices after report points to flaws
Reuters
U.S. audio app Clubhouse said it is reviewing its data protection practices, after a report by the Stanford Internet Observatory said it contained security flaws that left users' data vulnerable to access by the Chinese government.
Who Should Stop Unethical A.I.?
The New Yorker
@SilverJacket
Many kinds of researchers - biologists, psychologists, anthropologists, and so on - encounter checkpoints at which they are asked about the ethics of their research. This doesn’t happen as much in computer science. Funding agencies might inquire about a project’s potential applications, but not its risks. University research that involves human subjects is typically scrutinized by an I.R.B., but most computer science doesn’t rely on people in the same way.