Suspected North Korea hackers targeted Indian space agency | Leak from neo-Nazi site could identify hundreds of extremists worldwide | Breach at DNA-test firm exposed customer information
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
India’s space research agency was warned of a cyber attack in the middle of a landmark moon mission as part of a broader assault by suspected North Korean hackers, cyber security consultants with data on the incidents said. The attack on the Indian Space Research Organisation (ISRO) was flagged during its much-hyped Chandrayaan-2 moon mission in September that ended in failure. The latest revelation comes after the country’s nuclear authority confirmed last week the Kudankulam nuclear plant in the southern state of Tamil Nadu had also been hit by a cyber attack. Financial Times
An apparent online leak of materials from influential neo-Nazi website Iron March, which has linked to several murders and acts of extremist terrorism, has the potential to identify hundreds of extremists around the world. The Guardian
The DNA-testing firm Veritas Genetics experienced a security breach that included customer information, the startup said. Veritas, which sells whole-genome sequencing for $599, said it became aware that a customer-facing portal had been “recently” accessed by an unauthorized user. Bloomberg
ASPI ICPC
The Sino–Russian alliance and what it means for Australia
The Lowy Interpreter
@Stephen Blank
A third dimension of cooperation is the military one. ASPI has just published a report outlining the robust and growing civilian and military high-tech cooperation between Russia and China. This cooperation not only yields new capabilities in hard military power, but also fosters bilateral cooperation in authoritarian innovation, namely cyber and information technologies – including artificial intelligence (AI), which has profound applications for commercial and military applications alike, and is no less important to the conduct of cyber and information operations, as well as intelligence operations. As the report’s authors indicate, “Such cooperation in new media, internet governance, and propaganda extends from technical to policy-oriented engagements.”
Is WeChat a problem for democracies?
Quartz
@Muge_Niu @fryan @xu_xiuzhong
Like other social media platforms, WeChat is being used more and more by political parties around the world to appeal to potential voters. WeChat's unique information ecosystem means false and misleading stories run can rampant.
Read Isabelle’s twitter thread explaining the piece.
Podcast. The Risks of Engaging with China
Asia Rising
@alexjoske
Australian universities rely heavily on China for both students and research investment, but engagement brings considerable risk. Technology theft is common, and awareness of how research is being applied is necessary for institutional security.
Mysterious hacker dumps database of infamous IronMarch neo-nazi forum
ZDNet
@campuscodi
A mysterious hacker has published today a database dump of one of the internet's most infamous neo-nazi meeting places -- the IronMarch forum.
The World
Leak from neo-Nazi site could identify hundreds of extremists worldwide
The Guardian
@jason_a_w
An apparent online leak of materials from influential neo-Nazi website Iron March, which has linked to several murders and acts of extremist terrorism, has the potential to identify hundreds of extremists around the world.
A map showing the reported location of users compromised in the neo-Nazi site Iron March’s data breach.
Australia
RAAF launches new cyber force
Defence News
Air Force has launched a new cyber warfare workforce specifically selected, trained and prepared to lead a team of technical experts responsible for protecting networks, data and information systems. On October 31, Air Force introduced two new employment categories — cyber warfare officer (CWO) and cyber warfare analyst (CWA). The first round of successful candidates will undergo an intensive six-month training program beginning in February.
United Kingdom
Chinese government confiscating papers and getting events cancelled at British universities, MPs’ report warns
The Independent
@Eleanor_Busby @KimSengupta07
Authorities in Britain are not doing enough to protect academic freedom from financial, political and diplomatic pressures from autocratic states, it concludes, adding that the government has “failed” to consider the threat posed by the likes of China and Russia, and that guidance warning universities of potential risks is “non-existent”.
Europe
ASML chip tool delivery to China delayed amid US ire
Nikkei Asia Review
@dabieannie
ASML, Europe's largest manufacturer of specialized chipmaking machines, has fallen prey to Washington's desire to curb Beijing's technological ascent and delayed shipment of a crucial tool needed to develop China's semiconductor industry.
Hungary’s government is quietly neck-deep in the U.S.-Huawei war
Direkt36
@panyiszabolcs
Americans are very nervous about Huawei’s expansion, but the European Union does not have a unified voice on the issue. Several people linked to the company have been accused of espionage in recent years, and European intelligence services have issued multiple warnings that the company’s equipments pose security risks. Despite this, 5G networks are being built in many NATO member states with Huawei’s cutting-edge but inexpensive technology.. Hungary’s government regularly vetoes or blocks European decisions unfavorable to China’s political leadership, and one of Huawei’s most important European hubs is in Hungary. The company has been involved in a number of Hungarian state telecommunications development projects in recent years, and even Hungarian security services appear to use some of the company’s equipments.
The Middle East
Former Twitter Employees Charged With Spying for Saudi Arabia
The New York Times
@kateconger @MikeIsaac @ktbenner @nicoleperlroth
Ali Alzabarah was an engineer who rose through the ranks at Twitter to a job that gave him access to personal information and account data of the social media service’s millions of users. Ahmad Abouammo was a media partnerships manager at the company who could see the email addresses and phone numbers of Twitter accounts. On Wednesday, the Justice Department accused the two men of using their positions and their access to Twitter’s internal systems to aid Saudi Arabia by obtaining information on American citizens and Saudi dissidents who opposed the policies of the kingdom and its leaders.
Misc
Breach at DNA-Test Firm Veritas Exposed Customer Information
Bloomberg
@Kristen V Brown
The DNA-testing firm Veritas Genetics experienced a security breach that included customer information, the startup said. Veritas, which sells whole-genome sequencing for $599, said it became aware that a customer-facing portal had been “recently” accessed by an unauthorized user.
Amazon Ring doorbells exposed home Wi-Fi passwords to hackers
Tech Crunch
@zackwhittaker
Security researchers have discovered a vulnerability in Ring doorbells that exposed the passwords for the Wi-Fi networks to which they were connected. Bitdefender said the Amazon-owned doorbell was sending owners’ Wi-Fi passwords in cleartext as the doorbell joins the local network.
Leaked documents show Facebook leveraged user data to fight rivals and help friends
NBC News
@oliviasolon @cfarivar
NBC News is releasing almost 7,000 pages of leaked documents showing how Facebook treated user data as a bargaining chip with external app developers.
Most Hackers Aren’t Criminals
The New York Times
@angus_tx
When asked what his father did for a living, my son explained to his kindergarten teacher that “he steals things, but it’s O.K. because he gets paid to do it.” He wasn’t wrong. I’m a hacker, and I run a team of hackers. We spend our days discovering ways to break into anything that can connect to the internet — servers, automated teller machines, light bulbs — in an attempt to access information that was never meant to be seen. If we get to it before a criminal does, then we’ve done our job.
Powerful Coalition Pushes Back on Anti-Tech Fervor
The New York Times
@dmccabe
The movement to reinterpret or change antimonopoly laws is running headlong into a legal community and interest groups just as invested in defending the status quo.
The Secret and Frustrating Life of a Google Contract Worker
Bloomberg
@mhbergen @ellenhuet
Kevin Kiprovski had a lofty title, "Expeditions Associate," and a fun job — he got to demo Google virtual reality gear to young students. When visiting schools, he wore a gray t-shirt with a cartoon whale and a Google logo. But sometimes the company's reputation made things awkward. Once, a teacher confronted Kiprovski. “‘How do you feel walking in here, showing stuff, when you know you're making so much more than all of us?’" he recalled the teacher asking. "I had to tell her," he said, "'I only make $40,000 a year." He left out another revealing detail: Kiprovski didn't actually work for Google.
Research
Securing Our 5G - Future The Competitive Challenge and Considerations for U.S. Policy
CNAS
@ebkania
The United States risks losing a critical competitive advantage if it fails to capitalize upon the opportunity and manage the challenges of 5G. Today, China seems poised to become a global leader and first mover in 5G. The United States may be situated in a position of relative disadvantage. The U.S. government has yet to commit to any funding or national initiatives in 5G that are close to comparable in scope and scale to those of China, which is dedicating hundreds of billions to 5G development and deployment. There are also reasons for serious concern about the long-term viability and diversity of global supply chains in this industry. Huawei, a Chinese company with global ambitions, seems to be on course to become dominant in 5G, establishing new pilots and partnerships worldwide.
Events
CyberWarCon 2
AESIR
CYBERWARCON is a one-day (Novembre 21st) conference in the Washington D.C. area focused on the specter of destruction, disruption, and malicious influence on our society through cyber capabilities.
Jobs/Opportunities
Australian businesses that support Indigenous pathways into Cyber Security careers
ASPI is looking for business which have a program, grant or any other initiative in place to facilitate entry into Cyber Security careers for our Indigenous students. We'd really appreciate a share to your networks, if possible.
Thank you for reading the Daily Cyber Digest. If you have any feedback, please let us know via email at icpc@aspi.org.au Know someone who may enjoy getting this? They can sign up here.