UK exposes attempted Russian cyber interference | Reversal of content policies at Alphabet, Meta and X threaten democracy | UAE’s top AI group vows to phase out Chinese hardware to appease US
Good morning. It's Friday 8th December.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
The UK and allies have today exposed a series of attempts by the Russian Intelligence Services to target high-profile individuals and entities through cyber operations. The UK Government judges that this was done with the intent to use information obtained to interfere in UK politics and democratic processes. UK Government
As the 2024 elections approach, experts warn that top social media firms have rolled back vital safety policies and laid off moderation staff, creating a “a toxic online environment” vulnerable to exploitation that threatens democracy. The Guardian
A leading Gulf artificial intelligence company has said it is cutting ties with Chinese hardware suppliers in favour of US counterparts, in a sign of the growing geopolitical struggle over the new technology. Financial Times
Australia needs to talk more openly about offensive cyber operations
Australia’s 2023 cybersecurity strategy makes clear that most of the things we need to do to protect ourselves in cyberspace are essentially defensive. The strategy is usefully organised according to six ‘shields’. Australia will be compelled by an increasingly complex and contested world to compete more in the grey zone. Decision-makers will face tough choices. A stronger and more public offensive cyber doctrine would keep them tethered to Australia’s values and interests as they make those decisions.
23andMe confirms hackers stole ancestry data on 6.9 million users
In an email sent to TechCrunch late on Saturday, 23andMe spokesperson Katie Watson confirmed that hackers accessed the personal information of about 5.5 million people who opted-in to 23andMe’s DNA Relatives feature, which allows customers to automatically share some of their data with others. The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.
Cyber agencies call on software developers to improve memory safety
Old favourites among software developers like C and C++ can’t guarantee memory safe software and should be replaced, according to 'Five Eyes' countries’ cyber security agencies. As part of their ongoing “secure by design” effort, the agencies have called on software developers to adopt memory-safe programming languages. Memory safety failures are responsible for the lion’s share of software vulnerabilities, the five-eyes sponsored document explains: 70 percent of common vulnerabilities and exposures in each of Microsoft’s products and Google’s Chromium project, and 32 out of 34 high- or critical-rated CVEs in Mozilla.
Australian spy chief reveals 'top secret' data cloud project that's interoperable with US, UK
Australia is developing a "top secret" intelligence community cloud to help national security agencies better detect threats through shared data, while also being interoperable with US and UK spy networks. Director-General of the Office of National Intelligence, Andrew Shearer, has revealed some details of the project which would facilitate the sharing of "vast amounts of data", during an address to the Centre for Strategic and International Studies in the United States.
‘Far from perfect’ face-matching laws pass Parliament
Companies will be able to use face matching systems operated by the federal government to verify a person’s identity after controversial legislation passed Parliament with almost 40 privacy-focused amendments. The changes, which seek to address privacy gaps identified in a committee report last month, including around consent, secured the bill’s passage for the government, with the Coalition and the Greens both backing the legislation. But the government stopped short of amendments that would have brought the privacy protections into line with the Digital ID Bill, despite pleas from legal and digital rights groups to do so.
Don’t hack it alone: Calls for Australians to report ransomware attacks
Australian Federal Police
The AFP is urging Australian victims to report incidents of ransomware attacks as soon as possible, amid concerns some businesses and individuals are dealing with breaches without the assistance of law enforcement. The renewed call for increased reporting to law enforcement follows the release of IBM Security’s Cost of a Data Breach Report 2023, which found organisations that did involve law enforcement in their response to cyber-attack incident saw significant time and cost savings as a result.
Aboriginal child protection service contracted by SA government hit by data breach
An Aboriginal community organisation that provides services to children under government protection in South Australia has been hit by a data breach, impacting about a thousand community members.The Department for Child Protection said Aboriginal Family Support Services, which is contracted by the South Australian government, detected the breach on November 27.
Antonio Rotondo guilty of contempt of court after allegedly creating deepfake images of school students and teachers
An Australian man who is being sued for allegedly making "deepfake" pornography of high-profile Australian women has admitted he continued to publish similar images, even after he was ordered by a court not to. Antonio 'Tony' Rotondo, 53, appeared via video link from prison and represented himself in the Federal Court in Brisbane on Wednesday. He is being sued by Australia's E-Safety commissioner, who alleges he created fake pornographic images of several women without their consent and published it to his own website.
China rejects spying concerns from Costa Rica leader over 5G network
China forcefully rejected cyber-security and spying concerns on Thursday raised by Costa Rica's president as he explained why Chinese tech company Huawei is ineligible to run 5G mobile data networks in the Central American country. In a statement, China's embassy in San Jose blasted the government's position as baseless, and in the past has said such statements could undermine economic ties with the Asian giant, the world's second-biggest economy.
TikTok owner ByteDance to trim stake in Chinese mobile reading platform IReader
South China Morning Post
Chinese short-video giant ByteDance is selling about 4.38 million shares in digital reading platform operator IReader Technology, a stake worth about 106 million yuan (US$14.9 million) based on closing share prices on Thursday.This is the third time that ByteDance, which currently owns around 7.5 per cent of IReader, is cutting back its holdings in one of China’s most popular mobile reading platforms, after it bought a roughly 11 per cent stake for 1.1 billion yuan in 2020. China’s web literature industry saw its total revenue grow by nearly 19 per cent to more than 31 billion yuan last year, according to research published on Tuesday by Tencent-backed China Literature.
McDonald’s China pushes development of native apps based on HarmonyOS, as adoption of Huawei’s mobile operating system accelerates
South China Morning Post
McDonald’s China unit will work with Huawei Technologies to build a native app based on the next iteration of HarmonyOS, according to the fast-food giant, as adoption of the US-sanctioned telecommunications equipment and smartphone maker’s self-developed operating system gathers momentum in its vast home market.
Russian hackers targeted US intel officers in ‘sophisticated spear phishing campaign,’ DOJ says
Hackers acting on behalf of the Russian government targeted U.S. intelligence officers in a “sophisticated spear phishing campaign” designed to influence elections in the United Kingdom, the Justice Department alleged Thursday.
U.S. must take tougher approach on tech to China, says U.S. House committee
The U.S. must take immediate action to stop "the hemorrhaging of sensitive U.S. technology to China" by tightening up enforcement of existing rules and adding new ones, according to a House of Representatives report released on Thursday.
Belgian national charged with crimes related to scheme to illegally procure critical U.S. technology for end users in China and Russia
Office of Public Affairs, U.S. Department of Justice
In two separate indictments unsealed yesterday, Hans Maria De Geetere, 61, of Knokke-Heist, Belgium, is charged with crimes related to a years-long scheme to unlawfully export sensitive, military-grade technology from the United States to end users located in the People’s Republic of China and the Russian Federation. Concurrent with the unsealing, authorities in Belgium, in coordination with the FBI’s Legal Attaché Office in Brussels, Belgium, executed search warrants and arrested De Geetere and others for questioning on Dec. 5 in connection with a Belgian investigation into De Geetere’s global illicit procurement scheme.
Governments spying on Apple, Google users through push notifications - US senator
Unidentified governments are surveilling smartphone users via their apps' push notifications, a U.S. senator warned on Wednesday. In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet's Google and Apple. Although details were sparse, the letter lays out yet another path by which governments can track smartphones.The source said they did not know how long such information had been gathered in that way. Most users give push notifications little thought, but they have occasionally attracted attention from technologists because of the difficulty of deploying them without sending data to Google or Apple.
Lawmakers press Biden administration for tougher curbs on China tech
The New York Times
Republican legislators argue that the Biden administration has been ill-equipped and unmotivated in a technology fight with Beijing. They said the administration is still allowing semiconductors and other American innovation to flow to Beijing that could ultimately aid China in a military conflict. In a report released on Thursday, the House Foreign Affairs Committee said the administration had failed to enforce export controls that limit sales of advanced technology to China. The federal government has been steadily ramping up limits on sales to China of advanced chips and chip-making equipment over the past few years. The United States has also placed restrictions on Chinese companies or organizations accused of aiding the Chinese military or Russia’s war effort, or participating in human rights abuses in Xinjiang.
Microsoft anoints new CISO in major security shake-up
Software giant Microsoft has announced a reshuffle of its security roles, seeing some people move into new roles or leave the company. At the same time, a recent hire takes on the mantle of chief information security officer. Microsoft executive vice-president Charlie Bell explained the changing roles in a LinkedIn post, praising the outgoing CISO Bret Arsenault and relative newcomer Igor Tsyganskiy, who will take up the role starting 1 January 2024.
Asia has to make itself heard in global AI governance discussions
The current focus of discussions about potential risks from the use of artificial intelligence, as showcased at last month's AI Safety Summit in the U.K., is concerning, especially for the 6 billion people of the Global South.
South & Central Asia
Reuters takes down blockbuster hacker-for-hire investigation after Indian court order
Reuters temporarily removed an investigative article on an Indian hacker-for-hire operation due to an Indian court order. The article, which Reuters stands by, involved extensive research, including documents and interviews, revealing insights into the workings of a sophisticated hacking group. The report detailed the transition of Appin, a cybersecurity firm, into a hacker-for-hire service and its global operations.
Ukraine - Russia
Russia’s latest disinformation tactic exploits American celebrities
The New York Times
Steven Lee Myers
The Kremlin has unleashed a new weapon in its information war with the West: the fake celebrity cameo. The video was recorded on Cameo, the popular, though now struggling, app where users can pay for personalized messages from famous people — in Mr. Wood’s case, starting at $340. While a genuine video, it was repurposed as part of Russia’s efforts to falsely denigrate Mr. Zelensky as a drug-addled neo-Nazi.
Congress and E.U. diverge on AI policy, as Brussels races to reach deal
The Washington Post
Cat Zakrzewski, Anthony Faiola and Cristiano Lima
Policymakers in Brussels were locked in late-night negotiations Wednesday to reach a deal on the world’s most ambitious law to regulate artificial intelligence. Meanwhile, senators signaled that the U.S. Congress is taking a divergent approach from the European Union on the emerging technology, with lawmakers raising concerns that the bloc’s approach could be heavy-handed and risk alienating AI developers.
UK exposes attempted Russian cyber interference in politics and democratic processes
The UK and allies have today exposed a series of attempts by the Russian Intelligence Services to target high-profile individuals and entities through cyber operations. The UK Government judges that this was done with the intent to use information obtained to interfere in UK politics and democratic processes.
UK and allies expose Russian intelligence services for cyber campaign of attempted political interference
National Cyber Security Centre
The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes. THE UK and international partners on Thursday called out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes. The National Cyber Security Centre – a part of GCHQ – assesses that Star Blizzard, a group that has been identified using cyber operations to target high-profile individuals and entities, is almost certainly subordinate to Centre 18 of Russia’s Federal Security Service .
Russia hacking: 'FSB in years-long cyber attacks on UK', says government
The UK is accusing Russia's Security Service, the FSB, of a sustained cyber-hacking campaign, targeting politicians and others in public life. The government said one group stole data through cyber-attacks, which was later made public, including material linked to the 2019 election. Foreign Office Minister Leo Docherty told the House of Commons on Thursday that Russia's ambassador has been summoned and two individuals were being sanctioned. One of them is a serving FSB officer.
Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns
National Cyber Security Centre
The Russia-based actor is targeting organisations and individuals in the UK and other geographical areas of interest. Star Blizzard, formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie, continues to successfully use spear-phishing attacks against targeted organisations and individuals in the UK, and other geographical areas of interest, for information-gathering activity.
U.K. says Russia has targeted lawmakers and others in cyberattacks for years
The New York Times
Adam Satariano, Megan Specia and Glenn Thrush
Russia’s intelligence service has carried out a yearslong cyberattack campaign against high-profile politicians, civil servants, journalists and others, according to the British government, as part of what it called “unsuccessful attempts to interfere in U.K. political processes.” The announcement, part of a joint action with allies including the United States, which announced related indictments and sanctions on Thursday, was intended to sound the alarm that Russia intends to sow chaos and doubt ahead of elections in the United States and Britain.
UK backs chipmaker Pragmatic to boost domestic tech manufacturing
The £182mn funding sets Pragmatic on course to become the UK’s biggest semiconductor manufacturer by volume, overtaking Newport Wafer Fab in Wales. Pragmatic develops and manufactures flexible integrated circuits, which use substrates made of polymers instead of silicon, to create chips for smart and digital packaging that can be used to track and trace goods through a supply chain.
UAE’s top AI group vows to phase out Chinese hardware to appease US
Michael Peel and Simeon Kerr
A leading Gulf artificial intelligence company has said it is cutting ties with Chinese hardware suppliers in favour of US counterparts, in a sign of the growing geopolitical struggle over the new technology.
Israel–Hamas conflict sparks Meta Oversight Board’s first emergency case
Today, Meta’s Oversight Board announced it would take on two expedited cases, the first ever, both dealing with the ongoing conflict between Israel and Hamas. The case will look at two posts that were initially removed from and then reinstated on Instagram and Facebook for violating Meta’s policies against sharing graphic imagery and depicting dangerous organizations and individuals, respectively. One of the posts showed the aftermath of the attack on Al-Shifa Hospital by the Israel Defense Forces, and the other was a video of an Israeli hostage being taken by Hamas on October 7.
Gender & Women in Tech
Fei-Fei Li and the binders full of women in AI
A professor of computer science at Stanford University for nearly 15 years and co-director of the Stanford University Human-Centered AI Institute, Fei-Fei Li was mysteriously missing from a list published yesterday by the New York Times called “Who’s Who Behind the Dawn of the Modern Artificial Intelligence Movement”, highlighting the underrepresentation of women in AI. Li, a prominent AI researcher and professor, known for her work on ImageNet and contributions to computer vision and AI, exemplifies the overlooked contributions of women in the field.
Reversal of content policies at Alphabet, Meta and X threaten democracy, warn experts
As the 2024 elections approach, experts warn that top social media firms have rolled back vital safety policies and laid off moderation staff, creating a “a toxic online environment” vulnerable to exploitation that threatens democracy.
Nvidia’s CEO still plans to sell high-end chips in China
The Wall Street Journal
Jensen Huang, Nvidia’s CEO said he still hopes to supply high-end processors to China, days after US Commerce Secretary Gina Raimondo warned US companies against sales of AI-enabling chips to the country in the name of national security. The latest round of U.S. export curbs had left $5 billion worth of Nvidia’s chips in limbo, The Wall Street Journal has reported. China has historically formed about 20% of Nvidia’s revenue, Huang said on Wednesday. Huang didn’t confirm the company was working on the chips, choosing instead to emphasize Nvidia’s acquiescence with US export rules.
Bitcoin mining used more water than new york city last year
The Wall Street Journal
Bitcoin-mining operations slurp up billions of gallons of water globally each year. Estimates vary, but the annual footprint is projected to surpass 591 billion gallons of water this year, according to an article published last week in the peer-reviewed journal Cell Reports Sustainability. For comparison, New York City residents and businesses consumed 403 billion gallons in 2022, according to the U.S. Geological Survey.
A ‘thirsty’ generative AI boom poses a growing problem for Big Tech
Hundreds of millions of monthly users all submitting questions on the popular chatbot quickly illustrates just how “thirsty” AI models can be. The study’s authors warned that if the growing water footprint of AI models is not sufficiently addressed, the issue could become a major roadblock to the socially responsible and sustainable use of AI in the future.
The Binance crackdown will be an 'unprecedented' bonanza for crypto surveillance
Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.” One attraction of Binance, as the company grew from its 2017 founding into the biggest cryptocurrency exchange in the world, was the firm's freewheeling flouting of rules. As it amassed well over 100 million crypto-trading users globally, it openly told the United States government that, as an offshore operation, it didn't have to comply with the country's financial regulations and money-laundering laws.
“Hey, fellow humans!”: What can a ChatGPT campaign targeting pro-Ukraine Americans tell us about the future of generative AI and disinformation?
Institute for Strategic Dialogue
Disinformation campaign using ChatGPT to influence pro-Ukraine Americans. The growing role of generative AI in misinformation, raising concerns about its impact on public opinion and political landscapes. The focus is on the increasing sophistication of AI in manipulating narratives, underscoring the need for awareness and strategic responses to these emerging digital threats.
Events & Podcasts
Digital literacy amid the rise of artificial intelligence in elections
In a KCBS Radio segment that explores the rapid rise of AI and its potential impact on the 2024 election, CSET's Josh Goldstein provides his expert insights.
The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.