Turkey headed towards showdown with Twitter, Facebook and YouTube | Malaysia asking users for a TikTok License | EU to impose santions on cyberattacking GRU and North Korean entitites
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Turkey is headed for a showdown with Twitter, YouTube and Facebook after pushing ahead with a proposal to block social media sites if they refuse to comply with stringent new conditions. President Recep Tayyip Erdogan warned this month that he wanted the “immoral” platforms to be either “completely banned or controlled” after Twitter users posted harsh personal attacks against his daughter and son-in-law after the birth of their fourth child. The Financial Times
Malaysians were left baffled after the government on Thursday announced that all video producers – including media agencies and users of social media platforms such as TikTok and Facebook – must obtain official licences. South China Morning Post
European Union ambassadors have given the green light to sanctions on Russia's GRU military intelligence unit, as well as on Chinese and North Korean entities over three separate cyberattacks in recent years. Several sources familiar with the file told RFE/RL on July 22 that the ambassadors decided to freeze assets of the GRU, China's Tianjin Huaying Haitai Science & technology development Co., and North Korea's Chosun Expo. Radio Free Europe/Radio Liberty
ASPI ICPC
Toward a ‘clean pipes’ cyber strategy: ASPI
Innovation Aus
@tomatospy
A new report written by Tom Uren, a senior analyst at the Australian Strategic Policy Institute’s International Cyber Policy Centre, said the federal government should implement a Clean Pipes policy, through incentives for ISPs to improve default cyber security, and potential new laws requiring them to do so.
Support grows for an Australian active cyber defence program
ZD Net
@stilgherrian
Tuesday's industry advisory panel input into Australia's long overdue 2020 Cyber Security Strategy is a grab-bag of ideas, but what jumps out at your correspondent is its support for active cyber defence (ACD).. The Australian Strategic Policy Institute (ASPI) echoed these thoughts on Thursday in a report on ACD, titled Clean Pipes. “The key advantage of Clean Pipes is that it brings advanced scalable protection to an ISP's entire customer base, which is particularly important to that majority of customers who don't have the skills and resources to provide for their own security," ASPI wrote. “ISP-level protections could be particularly useful in mitigating the risk from poorly secured IoT [internet of things] devices."
Queensland Government investigates whether new trains use parts made by slave labour from Chinese Uyghur camps
ABC News
Queensland's Transport and Main Roads Minister Mark Bailey has directed his department to review whether the state's New Generation Rollingstock trains contain parts sourced from slave labour factories in China..Earlier this year the Australian Strategic Policy Institute published a report that named KTK Group as a company that had used forced labour of Uyghurs in at least one of its factories. The report's author Vicky Xiuzhong Xu said ASPI had verified the claims by reading hundreds of government documents, Chinese state media reports, and via an investigation with the Washington Post. "We found that typically these workers live under very close surveillance, they have a surveillance app on their phone, and they are being watched by the police officers at the factories," Ms Xu said.
Coalition Brings Pressure to End Forced Uighur Labor
The New York Times
@LizziePaton @austinramzy
On Thursday, more than 190 organizations spanning 36 countries issued a call to action, seeking formal commitments from clothing brands to cut all ties with suppliers implicated in Uighur forced labor and to end all sourcing from the Xinjiang region of China in the next twelve months.. That campaign prompted Adidas and then Lacoste to “agree to cease all activity with suppliers and subcontractors” in Xinjiang after they were implicated in a report published in March by the Australian Strategic Policy Institute.
Read our report: Uyghurs for Sale
Twitter moves against QAnon conspiracy theorists
ASPI Strategist
@elisethoma5
This is not an existential threat to QAnon, which is an explicitly political and pro-Trump conspiracy theory. As Daily Beast journalist Will Sommer has written, QAnon has established a meaningful offline presence, and is a fringe but growing force in the Republican Party. However, Twitter’s decision to restrict—but not evict—QAnon, and expected similar actions from Facebook, could still have a major impact on the conspiracy movement’s trajectory. What happens next may determine whether the movement goes onwards and upwards into the mainstream or gets funnelled off into ever smaller and more extreme niche communities.
The World
Popular Chinese-Made Drone Is Found to Have Security Weakness
The New York Times
@paulmozur @julianbarnes
Cybersecurity researchers revealed on Thursday a newfound vulnerability in an app that controls the world’s most popular consumer drones, threatening to intensify the growing tensions between China and the United States.
COVID-19 and Future of Cyber Conflict
The Diplomat
Smaller states must prepare for a more contested cyberspace environment in the wake of the COVID-19 pandemic.
Australia
Lightbulb moment in fight against hack attacks
The Australian
Critical infrastructure — the functions and services that make life run smoothly — underpins almost everything we do. So, imagine if these services just stopped. When people think about cyber crime and its intentions, data theft generally comes to mind. This is undoubtedly often a prime objective of cyber criminals, but disruption to critical infrastructure has increasingly been highlighted as another key goal. Simply making a network (and its functions and services) unavailable can wreak havoc. The federal government’s decision to exclude high-risk vendors from Australia’s 5G network is an example of protecting a critical network from such risk.
Muscling up on cyber security
The Australian
New US Department of Justice legal documents underline the importance of recommendations made by the Morrison government’s expert panel on cyber security. The documents make up the formal indictment of two Chinese hackers, both former engineering students working undercover for Beijing’s notorious Ministry of State Security spy agency.
Trust is key to building cyber resilience
Innovation Aus
Prof Seebeck believes there are also strong opportunities for Australia to become more resilient and independent technologically and as a nation in general. It will be difficult for Australia which has typically relied on offshore partners and alliances. “Now we’re going to have to build [our] own capacity and capability in R&D and people, and building societal resilience.
China
Hikvision Admits Minority Recognition, Now Claims Canceled
IPVM
For the first time, Hikvision has directly addressed its minority recognition software, acknowledging that it offered this, but now claims to have removed it. However, Hikvision declined to clarify the status of their Uyghur recognition analytics.
China’s BSN and Irisnet are building an ‘internet of blockchains’
Tech Node
The chief architect of the Blockchain Services Network (BSN), a crucial component of China’s blockchain strategy, explained how it will work with Shanghai-based Irisnet to develop an “internet of blockchains”.
USA
U.S. Orders China to Close Houston Consulate, Citing Efforts to Steal Trade Secrets
The New York Times
@ewong @jakesNYT @stevenleemyers
A seven-page document compiled by American law enforcement officials and obtained by The New York Times broadly outlined several F.B.I. investigations linked to the Houston consulate. Those included attempts to illegally transfer medical research and other sensitive information from institutions in the area; talent recruitment plans to persuade more than 50 researchers, professors and academics in the area to turn over tightly held research or information to Chinese institutions; and the coercion of Chinese citizens in the United States whom the Chinese government has deemed as wanted fugitives to return to their homeland.
Accuse, Evict, Repeat: Why Punishing China and Russia for Cyberattacks Fails
The New York Times
@SangerNYT
After years of trying to figure out how to deter cyberattacks — by naming and shaming, indicting and sometimes even counterattacking — the problem of halting attacks that remain short of war is proving far more complex than deterring nuclear holocaust. “Our problem is that we have to be much more clear about what actions we won’t tolerate and what the consequences will be,” said Representative Jim Langevin, a Rhode Island Democrat.
These Creators Say They’re Still Being Suppressed for Posting Black Lives Matter Content on TikTok
TIME
@MegzyM27
Videos being taken down, muted or hidden from followers: These are all issues that some TikTok creators say they’re facing for posting Black Lives Matter content.
Sens. Sanders, Warren, Wyden back national facial recognition ban bill
CNET
@alfredwkng
The Ban Facial Recognition group launched its Congressional Scoreboard for keeping track of lawmakers who have and haven't endorsed the Facial Recognition and Biometric Technology Moratorium Act.
NSO Group Pitched Its Spyware to the Secret Service
Vice News
@josephfcox
Westbridge Technologies, an American-branch of Israeli surveillance firm NSO Group, pitched its phone hacking product to the U.S. Secret Service, according to emails obtained by Motherboard. The emails also show Westbridge was trying to pitch NSO's phone hacking technology to U.S. agencies more recently than previously known; this time, some of the emails date from 2018.
Researchers Charged with Visa Fraud After Lying About Their Work for China’s People’s Liberation Army
US Justice Department
Four individuals have recently been charged with visa fraud in connection with a scheme to lie about their status as members of the People’s Republic of China’s military forces, the People’s Liberation Army (PLA), while in the United States conducting research.
Read out report: Picking Flowers Making Honey
Protect Operational Technologies and Control Systems against Cyber Attacks
CISA
Today, the National Security Agency and Cybersecurity and Infrastructure Security Agency released an advisory for critical infrastructure OT and control systems assets to be aware of current threats we observe, prioritize assessing their cybersecurity defenses and take appropriate action to secure their systems.
North Asia
EU 'To Impose Sanctions' On Russia, China, North Korea Over Cyberattacks
RFE/RL
European Union ambassadors have given the green light to sanctions on Russia's GRU military intelligence unit, as well as on Chinese and North Korean entities over three separate cyberattacks in recent years. Several sources familiar with the file told RFE/RL on July 22 that the ambassadors decided to freeze assets of the GRU, China's Tianjin Huaying Haitai Science & technology development Co., and North Korea's Chosun Expo.
Discovery of a New Malware Framework and Its Linkages with a North Korean Hacker Group
E Hacking News
The discovery of a brand new malware framework and its linkages with a North Korean hacker group has heightened the panic within the digital world. Kaspersky, the cybersecurity company has already alerted the SOC groups of the discovery.
How Taiwan’s Unlikely Digital Minister Hacked the Pandemic
Wired
@koxinga21
Taiwan and Audrey Tang occupy a unique spot in a world, where the ascendance of the internet and digital technology is marked by the twin dystopias of “post-truth” information chaos in the United States and China’s totalitarian, technologically mediated surveillance-and-censorship regime.
South East Asia
In Malaysia, you now need a licence for TikTok or Facebook videos
South China Morning Post
@tashny
Malaysians were left baffled after the government on Thursday announced that all video producers – including media agencies and users of social media platforms such as TikTok and Facebook – must obtain official licences.
South Asia
Letters from Peking: What Galwan Valley taught us this summer
Observer Research Foundation
@samirsaran
The fourth takeaway is simply: “No way, Huawei”. India must attach costs to Chinese ambitions. Even though there is stark asymmetry between the economic and military capabilities of the two countries, the defender has the advantage of being able to deploy specific tools that even unequal realities. Banning Chinese apps and making this tendency viral globally must be an Indian priority.
India coronavirus: Online classes expose extent of digital divide
BBC News
@imranqureshi14
Mahima and Ananya are in the same class at a small private school in the northern Indian state of Punjab. Teachers describe them both as "brilliant" students, but ever since classes moved online, they have found themselves on opposite sides of India's digital divide.
Endgame for Huawei? India likely to exclude Chinese firm from 5G roll-out, say govt sources
India Today
@Rahulshrivstv
The chances of Chinese giant Huawei participating in the roll-out of the high-speed 5G network in India have gone down substantially with the government veering towards a tough stand on security and strategy related issues.
What India’s App Ban Can Learn from China’s Great Firewall
Marco Polo
This analysis will focus on a narrower question: if India continues to block Chinese apps, what can it learn from China’s own experiences?
UK
Cybersecurity at risk after hackers try to sabotage Premier League transfer deal
The Guardian
rofessional sports organisations have been urged to tighten their cybersecurity after it was revealed hackers attempted to sabotage a Premier League transfer deal. The National Cyber Security Centre (NCSC) said the email address of a Premier League club’s managing director had been hacked during a transfer negotiation and only intervention from the bank prevented the club losing around £1m.
US senators warn UK digital services tax could derail trade talks
The Finiancial Times
Top members of the US Senate committee overseeing trade have issued a warning shot to the UK over its hopes of a swift deal due to the country’s newly implemented digital services tax. Chuck Grassley, the Republican chairman of the Senate finance committee, and Ron Wyden, the committee’s top Democrat, said that London’s digital services tax “unnecessarily complicates the path forward for a US-UK trade deal”, and urged the UK to “reconsider this punitive action against its ally”.
Stephen Harper: Britain can play a vital role in the Pacific
The National Post
@stephenharper
The U.K. acted wisely in blocking Huawei from its 5G network, but it has a larger role to play.
UK trade department to tackle 'fake news' with new rebuttal role
The Guardian
@lisaocarroll
Liz Truss’s Department of International Trade is to tackle what it views as “fake news” about the UK’s post Brexit trade policy with its own rapid rebuttal expert. The DIT has just advertised a new position of “chief media officer, trade policy and rebuttal” to handle the press and denounce stories it believes are false or contain false information.
Europe
Twitter says hackers accessed the DMs of one elected official in last week’s attack
The Verge
@Jaypeters
Twitter believes the perpetrators of last week’s unprecedented attack on the company accessed the direct message (DM) inbox of an elected official in the Netherlands, the company said Wednesday evening. The revelation comes as part of the company’s ongoing investigation into last Thursday’s attack that allowed attackers to hijack the accounts of some of the service’s most high-profile users, including politicians Barack Obama and Joe Biden, to tweet a bitcoin scam.
European police bust Polish gang suspected of hacking and stealing cars
CyberScoop
@snlyngaas
German and Polish police agencies announced Wednesday they had dismantled a Polish criminal network accused of stealing dozens of cars by breaching the keyless systems used to start the vehicles.
Spain's digital future rests on learning from past errors
about:intel
The future of Spanish and European prosperity but also a distinctly European approach to digital rights pivot on whether we will be able to transform our economies to meet the requirements of a digital age, also in light of political sovereignty and geopolitical rivalry.
Russia
Russia just tested satellite-destroying tech in space, US Space Command claims
The Verge
@lorengrush
The Department of Defense believes that Russia may have tested out a new technology in space that could be used to destroy other satellites already in orbit. This particular test didn’t destroy anything, but military officials are worried it could be used to target US satellites in the future.
Middle East
Turkey threatens to block social media sites in ‘draconian’ new law
The Finiancial Times
Turkey is headed for a showdown with Twitter, YouTube and Facebook after pushing ahead with a proposal to block social media sites if they refuse to comply with stringent new conditions. President Recep Tayyip Erdogan warned this month that he wanted the “immoral” platforms to be either “completely banned or controlled” after Twitter users posted harsh personal attacks against his daughter and son-in-law after the birth of their fourth child.
Israel and India sign cybersecurity agreement to protect against Covid-19 cyber-attacks
The Daily Swig
@JesscaHaworth
Israel has signed an agreement with India that’s focused on fighting cybersecurity threats heightened by Covid-19.
Misc
Nearly half of employees have made a serious security mistake at work
Tech Radar
New researcher from the email security firm Tessian has revealed that almost half (43%) of employees in the US and UK have made mistakes at work that have resulted in cybersecurity repercussions for themselves or their company.
Twitter hackers accessed direct messages of 36 accounts, company says
CNN
@b_fung
"We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands,".
Facebook is simulating users’ bad behavior using AI
The Verge
@jjvincent
Facebook’s engineers have developed a new method to help them identify and prevent harmful behavior like users spreading spam, scamming others, or buying and selling weapons and drugs. They can now simulate the actions of bad actors using AI-powered bots by letting them loose on a parallel version of Facebook. Researchers can then study the bots’ behavior in simulation and experiment with new ways to stop them.
Listen to This Deepfake Audio Impersonating a CEO in Brazen Fraud Attempt
Vice News
A security firm analyzed a suspicious voicemail left to a tech company employee, part of an attempt to get the employee to send money to criminals.. As it turns out, despite sounding almost like the CEO, the voicemail was actually created with computer software. It was an audio deepfake, according to a security company that investigated the incident.
Garmin services and production go down after ransomware attack
ZDNet
Smartwatch and wearables maker Garmin has shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems.
Facebook management ignored internal research showing racial bias, current and former employees say
NBC News
In mid-2019, researchers at Facebook began studying a new set of rules proposed for the automated system that Instagram uses to remove accounts for bullying and other infractions. What they found was alarming.
Hundreds Of Thousands Of Instacart Customers’ Personal Data Is Being Sold Online
Buzzfeed News
@JaneLytv
Names, credit card data, addresses, and information on transactions as recent as yesterday are being sold online.
Research
Holding a Pen in One Hand, Gripping a Gun in the Other
The Wilson Center
@Anne_MarieBrady
In 2017, a Chinese military company proudly announced production of an innovative cargo drone, marketed as suitable as an armed one-use military cargo plane which could drop off supplies in difficult mountainous terrain. China’s contested mountainous border with India would be one such location. The plane’s technology originated from a well-known New Zealand company that had once been owned by New Zealand taxpayers.
Events
SecuriDay | Canberra 2020
Kids SecuriDay
Kids SecuriDay is going digital! Our August event is tied to National Science Week which will be going entirely digital so we will be too. The National Science Week schools theme this year is 'Deep Blue: innovations for the future of our oceans' so our theme will be pirates! We've got a stack of fun talks, workshops, competitions and games planned so keep an eye out for our upcoming announcements.
Jobs
Program Manager/Senior Analyst
ASPI’s International Cyber Policy Centre (ICPC) has an outstanding opportunity for a talented, proactive and super efficient program manager/senior analyst to join its growing centre. The successful candidate will need to have a proven track record of leading teams and experience in project management including financial and stakeholder management (which will include industry, the Australian Government, Parliament and foreign governments). To succeed in this position candidates should have exceptional communication and problem-solving skills and experience in research, policy analysis or policy development.
Analyst
ASPI’s International Cyber Policy Centre has an outstanding opportunity for a talented and proactive allrounder to join its growing centre. The ICPC is looking for someone who is an excellent writer and researcher and who is a team player - you will need to juggle multiple research projects that could span the range of topics listed above. This is not an entry level position. Analysts in ICPC have between 5-15 years’ relevant work experience and, depending on experience, are involved in stakeholder and project management, fundraising and the management of small teams.
GFCE Working Group Coordinator
GFCE
The Global Forum on Cyber Expertise (GFCE) Secretariat is seeking an organized, efficient, and communicative GFCE Working Group Coordinator to join the GFCE Secretariat’s team in its main office in The Hague, the Netherlands, starting 16 August 2020.