‘State actor’ responsible for cyber attack likely to stay a secret | Spies muscle in on foreign takeover deals | China sharpens hacking to hound minorities
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
A confidential report into a cyber attack on parliamentary systems in February by a “sophisticated state actor” is likely to remain secret, according to Senate president Scott Ryan. The Australian
Australia’s domestic spy agency probed 275 foreign investment proposals last year, its second-highest vetting on record, reflecting the Australian Security Intelligence Organisation's concern about personal data and critical infrastructure being acquired by Chinese and other foreign actors. Australian Financial Review
China’s state-sponsored hackers have drastically changed how they operate over the last three years, substituting selectivity for what had been a scattershot approach to their targets and showing a new determination by Beijing to push its surveillance state beyond its borders. The New York Times
ASPI ICPC
Engineering global consent: the Chinese Communist Party’s data-driven power expansion
ASPI ICPC
@He_Shumei
The Chinese party-state engages in data collection on a massive scale as a means of generating information to enhance state security—and, crucially, the political security of the Chinese Communist Party (CCP)—across multiple domains. The party-state intends to shape, manage and control its global operating environment so that public sentiment is favourable to its own interests. This report explains how the party-state’s tech-enhanced authoritarianism is expanding globally. The effort doesn’t always involve distinctly coercive and overtly invasive technology, such as surveillance cameras. In fact, it often relies on technologies that provide useful services.
Read Dr Samantha Hoffman’s accompanying article in The Strategist: Engineering global consent: the Chinese Communist Party’s data-driven power expansion
There's a good chance Beijing already has your face on file
The Sydney Morning Herald
Peter Hartcher
"The Chinese party-state's tech-enhanced authoritarianism is expanding globally," writes a leading international expert on the subject, Samantha Hoffman, in a new paper for the Australian Strategic Policy Institute. "The Chinese Communist Party is building a massive and global data-collection ecosystem," she writes. "Many Western governments will find themselves both struggling to understand the problem and struggling to respond."
Hybrid war targets business
Australian Financial Review
Mark Eggleton
A recent paper by the Australian Strategic Policy Institute’s Dr Samantha Hoffman, titled Engineering global consent: The Chinese Communist Party’s data-driven power expansion, outlines the extent the Chinese government’s tech-enhanced surveillance is expanding globally. In the report, Dr Hoffman says China’s efforts don’t revolve around obvious technology such as surveillance cameras, in countries outside China, but through useful technologies such as 5G and, potentially, smartphones.
Parliament hack to remain private
InnovationAus
@denhamsadler
The federal government should be making a routine of publicly attributes attacks such as the one this year on Parliament, Australian Strategic Policy Institute International Cyber Policy Centre director Fergus Hanson said. “Without being able to do that you can’t create deterrents, and you’re left with a permissive environment. It’s signalling that you’re not confident to make the declaration, and that effectively creates an overall permissive environment,” Mr Hanson told InnovationAus.com.
World
NordVPN confirms it was hacked
TechCrunch
@zackwhittaker
NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked. The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN.
Facebook will label false posts more clearly as part of an effort to prevent 2020 election interference
The Verge
@CaseyNewton
Facebook today released a new set of tools and policy changes intended to fight the spread of misinformation on the platform, moving to more clearly label false posts and content created by state media. Separately, the company removed four networks of accounts based in Iran and Russia that Facebook said misled users about their identities and posted inflammatory political news.
Inside the Phone Company Secretly Run By Drug Traffickers
Vice
@josephfcox
All over the world, in Dutch clubs like the one Kok frequented, or Australian biker hangouts and Mexican drug safe houses, there is an underground trade of custom-engineered phones. These phones typically run software for sending encrypted emails or messages, and use their own server infrastructure for routing communications.
An infographic from RWR Advisory Group’s newly launched Huawei Risk Tracker
Australia
Spies muscle in on foreign takeover deals
Australian Financial Review
@Johnkehoe23
The domestic spy agency probed 275 foreign investment proposals last year, its second-highest vetting on record, reflecting the Australian Security Intelligence Organisation's concern about personal data and critical infrastructure being acquired by Chinese and other foreign actors.
‘State actor’ responsible for cyber attack likely to stay a secret
The Australian
@MichaelRoddan
A confidential report into a cyber attack on parliamentary systems in February by a “sophisticated state actor” is likely to remain secret, according to Senate president Scott Ryan.
First official Australian ‘cyber crisis’ highlights growing threat | Defence Connect
Australia as concerned about cyber Bond villains as state actors
ZD Net
@dobes
Nation has a capability gap relating to economy-wide cyber attacks, the Department of Home Affairs has said.
Social media giants are not the only ones breaching your data
Australian Financial Review
The health sector is responsible for nearly one-in-five data breaches in Australia and finance is not far behind - and wrongly sent emails are mostly to blame, the privacy watchdog says.
Balance between scrutiny and security
Australian Financial Review
@JohnBlaxland1
There has been a torrent of security laws to deal with real threats. Now they need an overhaul that explains to Australians what these powers are for.
Time for industry to speak up on Australia’s encryption legislation
Australian Financial Review
Today, law abiding Australians are highly dependent on digital communications and devices, and digitised services, to conduct personal, corporate and government business: indeed, to live their lives.
WeChat app brings neighbourhood watch to Chinese community
ABC
@Anna_Hartley1
For most people in Australia triple-0 is their first and only point of call in an emergency, but tens of thousands of Chinese-speaking residents are using social media groups to get help when they fear for their safety.
China
China Sharpens Hacking to Hound Its Minorities, Far and Wide
The New York Times
China’s state-sponsored hackers have drastically changed how they operate over the last three years, substituting selectivity for what had been a scattershot approach to their targets and showing a new determination by Beijing to push its surveillance state beyond its borders. The primary targets for these more sophisticated attacks: China’s ethnic minorities and their diaspora in other countries, the researchers said. In several instances, hackers targeted the cellphones of a minority known as Uighurs, whose home region, Xinjiang, has been the site of a vast build-out of surveillance tech in recent years.
Hong Kong Police Already Have AI Tech That Can Recognize Faces
Bloomberg
@BlakeSchmidt
Police have been able to use the technology from Sydney-based iOmniscient for at least three years, and engineers from the company have trained dozens of officers on how to use it, said the people, who asked not to be identified because the information isn’t public. The software can scan footage including from closed-circuit television to automatically match faces and license plates to a police database and pick out suspects in a crowd.
China trumpets tech power at 6th World Internet Conference, signalling a 'digital arms race'
ABC
@_alanweedon
This week, at an annual showcase run by the Cyberspace Administration of China — the body responsible for Beijing's censorship apparatus — various elements of China's booming digital power were on show.
Google, Facebook skip China’s World Internet Conference this year
Tech in Asia
@cissy_chow
Many big technology names from the US stayed away from China’s main internet conference during the weekend, but some smaller American firms showed up, as the trade war between Beijing and Washington continues to expand into a technology conflict.
Beijing exports 'China-style' internet across Belt and Road
Nikkei Asian Review
Chinese censorship has soared under President Xi Jinping through such measures as mandatory face scans and registration of phone numbers and bank account information for internet access.
Xinjiang Backlash Is Hitting Chinese Firms Hard
Foreign Policy
@CharlesRollet1
The U.S. government’s decision on Oct. 7 to blacklist top Chinese surveillance companies marked the first concrete policy response to the human rights crisis in China’s western region of Xinjiang. The entities affected include the world’s two largest security camera manufacturers and three multibillion-dollar facial recognition start-ups. All eagerly profit from the Chinese government’s sweeping surveillance state in Xinjiang, which has overseen the detention of an estimated 1.5 million members of ethnic minority groups, chiefly Uighur, in so-called reeducation camps.
USA
Under digital surveillance: how American schools spy on millions of kids
The Guardian
@loisbeckett
Bark and similar tech companies are now monitoring the emails and documents of millions of American students, across thousands of school districts, looking for signs of suicidal thoughts, bullying or plans for a school shooting.
Why did Cyber Command back off its recent plans to call out North Korean hacking?
Cyber Scoop
@shanvav
U.S. Cyber Command was on the verge of again publicly calling out North Korean hackers for targeting the financial sector in late September, but ultimately backed off the plan by early October, multiple sources familiar with the decision tell CyberScoop.
Southeast Asia
Cyber attacks pose serious threat to rail operations and can cause problems such as signalling faults, say experts
The Straits Times
These threats, which are exacerbated by issues such as legacy components in the transport system, will need to be addressed to safeguard the safety of commuters on trains, said the panel, which includes the Land Transport Authority's (LTA) chief information security officer Huang Shao Fei.
Europe
Czech agencies smash spy ring operated by “very aggressive” Russians | Radio Prague International
Radio Prague International
Last year the Czech authorities broke up a Russian spy network operating in the country, the head of the BIS counter-intelligence service, Michal Koudelka, told MPs on Monday. The FSB spy ring – financed directly by Moscow and the Russian Embassy – was uncovered by BIS and the Czech Republic’s national organised crime unit. I discussed the revelation with former Czech Military Intelligence chief Andor Šándor.
Should Europe Regulate American Tech Companies?
Wired
Four technology policy experts debate whether the EU has declared war on Silicon Valley.
Misc
Help Desk: Can your medical records become marketing? We investigate a reader’s suspicious ‘patient portal.’
The Washington Post
@geoffreyfowler
Our tech columnist helps identify a HIPAA loophole, explains Apple Pay and shares a Firefox upgrade that helps you track the data trackers on your computer.
Events
The rise of information warfare: in-conversation with Peter W. Singer
ASPI ICPC
This event for 29 October is SOLD OUT but you can watch a livestream on the ASPI facebook page: https://www.facebook.com/ASPI.org/ - ASPI's International Cyber Policy Centre invites you to an in-conversation with Peter W. Singer and Danielle Cave to consider the rise of information warfare. Peter Warren Singer is strategist and senior fellow at New America. He has been named by the Smithsonian as one of the nation’s 100 leading innovators, by Defense News as one of the 100 most influential people in defense issues, by Foreign Policy to their Top 100 Global Thinkers List, and as an official “Mad Scientist” for the U.S. Army’s Training and Doctrine Command. A drinks and canapes reception will conclude the event. This event is kindly supported by Microsoft.
Jobs
UNIDIR Cyber Researcher – Security and Technology Programme
United Nationa Institute For Disarmament Research
We're looking for a Cyber Researcher to work on new research and other activities to contribute to the strategic goal of achieving greater cyber stability, including supporting the further development of our Cyber Policy Portal!