UK accuses China of cyberattacks on British democracy | EU probes Apple, Google and Meta over digital rules compliance | Millions of Americans caught up in Chinese hacking plot - US
Good morning. It's Tuesday 26th March.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Follow us on Twitter and on LinkedIn.
The British government formally pointed the finger at China Monday for a spate of cyberattacks on U.K. democratic institutions. Britain is slapping sanctions on two individuals in response and summoning the Chinese ambassador for a dressing down. POLITICO
The European Commission warned that Apple, Google and Meta may not be complying with new digital competition rules as it opened investigations that could lead to fines. The EU executive will investigate Google owner Alphabet and Apple's efforts to let developers steer consumers to offers outside their app stores. POLITICO
Millions of Americans' online accounts have been caught up in a "sinister" Chinese hacking plot that targeted US officials, the justice department and FBI said on Monday. Seven Chinese nationals have been charged with enacting a widespread cyber-attack campaign. BBC
ASPI
Where did that Chinese police video come from?
Lowy Institute
Graeme Smith & Daria Impiombato
Last night’s 60 Minutes broadcast in Australia featured extraordinary footage of 2017 Chinese police raids in Fiji, followed by the extraction of 77 People’s Republic of China citizens, hooded and marched onto a China Southern Airlines jet with a policeman on each arm. Here we explain how the video was found and why it was made. The video was found by Daria Impiombato, a researcher at the Australian Strategic Policy Institute, one of the authors of this piece.
Australia
New Zealand and Australia condemn cyber targeting by Chinese state sponsored actors
Reuters
Lucy Craymer
The New Zealand and Australian governments on Tuesday joined Britain and other international partners in expressing concerns about malicious cyber activity by Chinese state-backed actors, with New Zealand adding that its parliamentarian entities in 2021 were a victim. “The use of cyber-enabled espionage operations to interfere with democratic institutions and processes anywhere is unacceptable,” said Judith Collins, who is responsible for the New Zealand agency which overseas cyber security and signals intelligence known as the Government Communications Security Bureau.
Spies targeting journalists, intelligence chief warns
Canberra Times
Dominic Giannini
Australia's intelligence agency is warning against watering down secrecy laws when it comes to journalists, arguing they are targets for foreign spies, which creates a potential threat to national security. The disclosure of classified and top secret information and intelligence threatened Australia's economy and security, and posed a threat to life, ASIO Director-General Mike Burgess said.
Defence to trial drone-killing lasers that use advanced 'directed energy' technology
ABC
Andrew Greene
Australian troops could soon be equipped with a locally developed and transportable laser that is designed to shoot down lethal enemy drones travelling as fast as 100 kilometres per hour. Defence has for the first time awarded a multi-million-dollar contract to a Melbourne company to trial its "directed energy" technology as a way of combating unmanned aerial vehicles which are being used with devastating effect in the Ukraine war.
Inside Australia’s turbocharged battle against hackers
The Australian Financial Review
Max Mason
Hackers leave fingerprints, Australia’s top cyber spy Rachel Noble says. The voluntary but confidential sharing of those tiny little markers that a cybercriminal has broken into a company allows the Australian Signals Directorate to see more attacks coming and stop them in their tracks. As part of Microsoft’s $5 billion investment in Australia over two years, the ASD has become the first government agency anywhere in the world to integrate its own intelligence platform – Cyber Threat Intelligence Sharing – with the US technology giant’s Sentinel threat monitoring software in Australia.
Indigenous lesson alert for use of artificial intelligence
The Australian
Natasha Bita
Teachers have been instructed to consult Indigenous communities before using artificial intelligence to teach Aboriginal and Islander history and culture, due to bias and inaccuracy. The first curriculum advice for the teaching and use of AI, issued by the Australian Curriculum, Assessment and Reporting Authority, cautions teachers against and students using AI to generate Indigenous art. The advice, released on Monday, singles out Aboriginal and Torres Strait Islander history and culture – which must be taught across every subject area – in a warning to educators that AI can easily generate deepfakes and biased information. ACARA advises teachers to consider consulting Aboriginal and Torres Strait Islander people as “a primary source of information and gaining permission’’ before using AI to teach First Nations content.
China
China-hosted naval forum will seek to prevent drone collisions at sea
Nikkei Asia
Yukio Tajima
China will host a naval conference in the port city of Qingdao next month to bring together top naval officials from about 30 countries, including the U.S. and Japan, to discuss ways of preventing collisions involving drones. A main topic of discussion will be creating a framework to prevent accidental collisions between unmanned aerial vehicles flying over the sea, a heightened risk as navies around the world increasingly rely on drones for surveillance and more.
USA
Millions of Americans caught up in Chinese hacking plot - US
BBC
Mattea Bubalo
Millions of Americans' online accounts have been caught up in a "sinister" Chinese hacking plot that targeted US officials, the justice department and FBI said on Monday. Seven Chinese nationals have been charged with enacting a widespread cyber-attack campaign. They are accused of ties to a hacking operation that ran for 14 years. The justice department said hackers had targeted US and foreign critics of China, businesses, and politicians. The seven men allegedly sent over 10,000 "malicious emails, impacting thousands of victims, across multiple continents", in what the justice department called a "prolific global hacking operation" backed by China's government.
US sanctions APT31 hackers behind critical infrastructure attacks
Bleeping Computer
Sergiu Gatlan
The Office of Foreign Assets Control has also designated two Chinese nationals (Zhao Guangzong and Ni Gaobin) linked to the APT31 Chinese state-backed hacking group and who worked as contractors for the Wuhan Xiaoruizhi Science and Technology Company, Limited MSS front company for their involvement in the same attacks and "endangering U.S. national security." This action was part of a joint effort with the U.S. Department of Justice, Federal Bureau of Investigation, Department of State, and the United Kingdom Foreign, Commonwealth & Development Office.Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure
US Department of the Treasury
People’s Republic of China state-sponsored malicious cyber actors continue to be one of the greatest and most persistent threats to U.S. national security, as highlighted in the most recent Office of the Director of National Intelligence Annual Threat Assessment. “The United States is focused on both disrupting the dangerous and irresponsible actions of malicious cyber actors, as well as protecting our citizens and our critical infrastructure,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.
Officials plan for new age of cyber threats to satellites
POLITICO
Maggie Miller
Russia’s push to put an anti-satellite nuclear weapon in space has been worrying Washington for weeks. But there’s a far more immediate threat that could damage satellites with far less effort: cyberattacks. That concern is increasingly pushing the White House and Capitol Hill to take action to counter the digital threats in space, particularly as satellites play a growing role in the conflict in Ukraine.
Lawsuit from Elon Musk’s X against anti-hate speech group dismissed by US judge
Financial Times
Hannah Murphy
A US judge has struck down a lawsuit brought by X against a non-profit group that researched toxic content on the social media platform, finding the Elon Musk-owned company’s case appeared to be an attempt at “punishing” the group for exercising free speech. The Center for Countering Digital Hate had sought to dismiss the case from X, which alleged the non-profit unlawfully accessed and scraped X data for its studies.
Southeast Asia
Taiwan bets on Vietnam, Indonesia for future chip-industry talent
Nikkei Asia
Hideaki Ryugen
As a falling birthrate threatens to shrink Taiwan's pool of high-tech talent, the island has turned to Southeast Asian students as a source of workers for the semiconductor industry. On the outskirts of Hsinchu, a city nicknamed Taiwan's Silicon Valley, students at the Minghsin University of Science and Technology train on the kind of equipment used in real-life semiconductor factories.
EcoPro invests $11m in Indonesian nickel refinery to boost supply
The Chosun Daily
Park Sung-woo & Kim Seo-young
South Korean battery material company EcoPro has been ramping up its investments to secure nickel, a key mineral for secondary batteries. The company recently announced that it has invested about $11 million to acquire a 9% stake in Green Eco Nickel, a refinery operated by China’s Green Eco Manufacture in Indonesia. Located on Sulawesi Island, Green Eco Nickel produces about 20,000 tons of nickel annually. Indonesia is known to have the largest nickel reserves and production in the world.
Europe
EU probes Apple, Google and Meta over digital rules compliance
POLITICO
Edith Hancock & Varg Folkman
The European Commission warned that Apple, Google and Meta may not be complying with new digital competition rules as it opened investigations that could lead to fines. The probes come just 18 days after tech giants had to comply with Digital Markets Act to open up their services to rivals. The EU executive will investigate Google owner Alphabet and Apple's efforts to let developers steer consumers to offers outside their app stores. It will also probe Google to check if its display of search results favors its Shopping, Flights or other specialized search services over rivals.
EU Commission launches probes into Alphabet, Apple, Meta for anticompetitive behavior
EURACTIV
Julia Tar
The European Commission is opening non-compliance investigations into Alphabet, Google’s parent company, Apple, and Meta under the Digital Markets Act, the institution announced on Monday (25 March). The Digital Markets Act is a landmark EU legislation that addresses competition in the digital space. Companies with a dominant position in crucial segments of the internet economy, such as the ones investigated, are deemed gatekeepers and have to act in a way that does not hinder competition. The investigations focus on steering rules in Google Play and Google Search, Apple’s App Store policies and choice screen, and Meta’s “pay or consent” model. The Commission is also in a preliminary investigation into Amazon’s ranking practices and Apple’s new fee structure for alternative app stores.
Russian-backed hackers caught targeting German political parties
Cyber Daily
David Hollingworth
Researchers with the Google-owned Mandiant security firm have outlined the details of a Russian hacking campaign targeting political parties in Germany. Mandiant believes the group is APT29, a threat actor with ties to Russia’s Foreign Intelligence Service. APT29 has historically gone after ruling governments and diplomats – according to Mandiant, targeting political parties is a new twist to the threat actor’s techniques, tactics, and procedures.
Furious Russians summon Australian diplomat over social media post criticising presidential election
ABC News
Riley Stuart
Russian officials have summoned a top Australian diplomat in Moscow for a please explain over a social media post describing the country's presidential election as a "flagrant violation of international law". A statement on the Russian Foreign Ministry's website revealed chargé d'affaires Jeremy Guthrie had been "summoned" on Friday so it could lodge "a strong protest".
Nemesis Market dismantled by German law enforcement
Cyber Daily
Daniel Croft
Launched in 2021 Nemesis Market is a darknet marketplace based in Lithuania and Germany, on which users buy and sell cybercrime services such as ransomware and DDoS attacks, stolen data such as financial information and drugs. On March 20, 2024, the Federal Criminal Police Office in Germany and the Frankfurt cybercrime combating unit launched an attack on Nemesis Market, seizing its website and preventing its peak 150,000 user base and 1,100 sellers from accessing it.
UK
UK accuses China of cyberattacks on British democracy
POLITICO
Andrew McDonald & Stuart Lau
The British government formally pointed the finger at China Monday for a spate of cyberattacks on U.K. democratic institutions. Addressing the House of Commons, Britain’s Deputy Prime Minister Oliver Dowden said “Chinese state-affiliated actors” had been behind two separate “malicious” attacks on both the U.K.’s electoral watchdog and on lawmakers themselves. Britain is slapping sanctions on two individuals in response and summoning the Chinese ambassador for a dressing down. Beijing has angrily hit back at the claims, calling them “slander.”
Chinese cyberattacks won’t silence us, say British lawmakers
POLITICO
Andrew McDonald & Stuart Lau
A group of British lawmakers insisted they won't be "bullied into silence" by Beijing amid new allegations of Chinese-linked cyberattacks on U.K. democratic institutions. Three MPs — all prominent critics of the Chinese state — were briefed by the U.K. parliament's director of security Monday morning after reports at the weekend that Beijing will be formally linked by British authorities to a string of attacks on U.K. lawmakers.
UK politicians should use ‘disappearing messages’ on devices, says GCHQ
Financial Times
Lucy Fisher
British politicians have been urged to turn on the “disappearing messages” function to automatically delete their WhatsApp exchanges, in new guidance from UK spies to protect against hacking attempts. The National Cyber Security Centre, a branch of the signals intelligence agency GCHQ, published fresh advice on Monday for “high-risk individuals” whose work or public status means they can access or influence sensitive information that could be of interest to foreign states.
NZ & Pacific Islands
New Zealand Parliament systems targeted by China-based hackers
NZ Herald
Adam Pearse
The Government isn’t looking to introduce sanctions against China after New Zealand’s spy agency, the Government Communications Security Bureau, has tied a state-sponsored actor linked to China to historical targeting of Parliamentary entities in New Zealand. It comes as New Zealand joins with the United Kingdom to condemn China’s “malicious cyber activity” aimed at the UK’s Electoral Commission and members of its Parliament. It follows reports of United States, British and Australian officials filing charges, imposing sanctions or calling out Beijing over a sweeping cyber-espionage campaign that allegedly hit millions of people, including lawmakers, academics and journalists.
Big Tech
Behind the plot to break Nvidia’s grip on AI by targeting software
Reuters
Max A. Cherney
Nvidia earned its $2.2 trillion market cap by producing artificial-intelligence chips that have become the lifeblood powering the new era of generative AI developers from startups to Microsoft, OpenAI and Google parent Alphabet. Now a coalition of tech companies that includes Qualcomm, Google and Intel plans to loosen Nvidia’s chokehold by going after the chip giant’s secret weapon: the software that keeps developers tied to Nvidia chips. They are part of an expanding group of financiers and companies hacking away at Nvidia's dominance in AI.
Almost 100,000 scams detected on Meta’s Facebook and other platforms, dwarfing rivals
The Australian
Jared Lynch
Meta and its social media platforms, including Facebook, Instagram and WhatsApp, have attracted tens of thousands more scammers than rivals such as X and Reddit, according to data from a leading mobile security company. Texas-based Zimperium, which was formerly backed by Telstra Ventures and protects the mobile devices of US troops, has detected 99,690 scam hits on Meta’s platforms since October last year. It comes as Australia’s banks are demanding tech giants, including Meta, be forced to sign up to new mandatory scam codes and have launched a broadside against social media platforms for failing to protect their customers from scammers.
Meta’s encryption to ‘conceal the worst crimes’ against kids
The Australian
David Murray
Child abuse investigators are bracing for expanded encryption on Facebook and Messenger to have crushing impacts that may be disguised by a rise in meaningless tips that lead nowhere. Tech giant Meta revealed in December it had begun a global rollout of default end-to-end encryption for messages and calls across its Facebook and Messenger platforms, but would not detail progress in individual countries. While privacy advocates welcomed the move, crime-fighting agencies and charities said it would have a devastating effect on the ability to detect and prevent child abuse.
Artificial Intelligence
Beware AI euphoria
Financial Times
Rana Foroohar
AI will “change the world”, we are told. It will radically increase productivity (albeit by disrupting millions of jobs). It will create a huge new wealth pie for the world to share. And, according to a breathless ARK Invest report that last week predicted a $40tn boost to global gross domestic product from AI by 2030, it will “transform every sector, impact every business, and catalyze every innovation platform”. It’s the euphoria and sense of inevitability in this straightforward narrative that makes me nervous.
Research
An Argument for Hybrid AI Incident Reporting: Lessons Learned from Other Incident Reporting Systems
Center for Security and Emerging Technology
Ren Bin Lee Dixon & Heather Frase
Artificial Intelligence incidents have been occurring with the rapid advancement of AI capabilities over the past decade. However, there is not yet a concerted policy effort in the United States to monitor, document, and aggregate AI incident data to enhance the understanding of AI-related harm and inform safety policies. This report proposes a federated approach consisting of hybrid incident reporting frameworks to standardize reporting practices and prevent missing data.
Events & Podcasts
The Sydney Dialogue
ASPI
The Sydney Dialogue was created to help bring together governments, businesses and civil society to discuss and progress policy options. We will forecast the technologies of the next decade that will change our societies, economies and national security, prioritising speakers and delegates who are willing to push the envelope. We will promote diverse views that stimulate real conversations about the best ways to seize opportunities and minimise risks.
Development Futures: Richard Baldwin on how globalisation and robotics will impact developing economies
Lowy Institute
Alexandre Dayant
Today, the dynamic duo of globalisation and robotics, which international economist Richard Baldwin calls “globotics”, is disrupting the service sector and professional jobs faster than ever. Digital technology is empowering “white-collar robots” to take over many service sector and professional jobs, while “telemigration” opens doors for skilled workers in low-wage countries to join high-wage economies remotely. But what’s next? What new jobs will “globotics” create, and how will they shape the future of work?
Jobs
ASPI Northern Australia Strategic Policy Centre (NASPC) Administration Officer
ASPI
This role also works across the Head of the NASPC's alternate policy centres, the Strategic Policing and Law Enforcement Program, involving work across illicit drugs, illicit finance, transnational serious organised crime, and modern slavery, and ASPI’s Counter-terrorism Policy Centre. The successful applicant will have the chance to assist with coordinating a project in the first half of 2024 focused on northern Australia's connections with Pacific Island Countries, liaising with senior Government and international representatives. The closing date for applications is 29 March 2024– an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
Director of Cyber, Technology & Security (CTS)
ASPI
ASPI is looking for an exceptional and experienced leader to lead our largest team focused on emerging security challenges, particularly in cyberspace and the information domain. Director CTS leads ASPI’s largest team to develop and deliver a range of applied research projects on existing and emerging security challenges. CTS’ projects range across cyber and critical infrastructure security, critical and emerging technologies, national resilience and social cohesion, and hybrid threats. The closing date for applications is 22 April 2024 – an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
China Analyst or Senior Analyst
ASPI
ASPI has an exciting opportunity for an analyst or senior analyst to explore China's evolving foreign and security policy, political economy and impact on the Indo-Pacific and the world. ASPI’s China analysts conduct rigorous data-driven research, publish impactful reports that shape the public policy discourse and contribute to the wide catalogue of influential China work published by ASPI. The difference between the analyst and senior analyst levels will depend on experience level and demonstration of past work. The closing date for applications is 10 May 2024– an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.