UK to create regulator to police big tech companies / Japan, US and Europe team up to counter China's quantum rise / China ramping up ability to spy on 1.4 billion people
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The UK government will create a technology regulator next year to police companies such as Facebook and Google after Brexit, according to several people who were involved in the process. The regulator will be given powers to implement a range of new rules, including an enforceable code of conduct for the biggest groups and greater data accessibility for consumers. The Financial Times
Japan will partner with the U.S. and Europe to develop quantum computers and related technology, Nikkei has learned, broadening their efforts as China pours national resources into the race for ultrafast processing power. Nikkei Asian Review
China is ramping up its ability to spy on its nearly 1.4 billion people to new and disturbing levels, giving the world a blueprint for how to build a digital totalitarian state. The authorities can scan your phones, track your face and find out when you leave your home. One of the world’s biggest spying networks is aimed at regular people, and nobody can stop it. The New York Times
The World
Conflicts to Watch in 2020
Council on Foreign Relations
Paul B. Stares
For the second year in a row, a highly disruptive cyberattack on critical infrastructure, including electoral systems, was the top-ranked homeland security–related concern.
Hack And Inject: Inside The Shady Global Trade In Website Links
BuzzFeed News
@CraigSilverman & Dean Sterling Jones
Google made the link a valuable commodity, so hackers are compromising sites and then getting paid to inject links.
Australia
Australia keen to strengthen ties with India in hi-tech area
ET CIO
Ahead of Australian PM Scott Morrison's visit to India early next year and with Canberra keen to lessen its reliance on China in hi-tech sectors, a top Australian official said that India and Australia would be looking to further their cooperation in areas including cyber and critical technologies. Australian Deputy High Commissioner Rod Hilton, in his address at the Chanakya Chakra forum on Foreign and security policies, said that 5G and 6G and quantum computing are priority areas for both sides.
Google settles $481.5m tax bill with the ATO after decade-long dispute
The Sydney Morning Herald
@erykbagshaw @JennieDuke
Google has reached a settlement worth almost half-a-billion dollars with the Tax Office after a marathon dispute over its tax practices.
ASIC says cybersecurity risk management is improving in Aussie financial market
ZDNet
@ashabeeeee
The corporate watchdog had financial markets firms self-assess against the NIST Framework.
China
A Surveillance Net Blankets China’s Cities, Giving Police Vast Powers
NYT
@paulmozur @aaron_krolik
China is ramping up its ability to spy on its nearly 1.4 billion people to new and disturbing levels, giving the world a blueprint for how to build a digital totalitarian state..The authorities can scan your phones, track your face and find out when you leave your home. One of the world’s biggest spying networks is aimed at regular people, and nobody can stop it.
China’s Tencent apologizes after WeChat translates Canadian flag into ‘He’s in prison’
The Globe and Mail
@nvanderklippe
The maker of Chinese app WeChat has apologized after its auto-translation software rendered an emoji of the Canadian flag into the phrase “He’s in prison.”
Congress Orders Probe of Satellite Loophole China Exploited
WSJ
@bspegele @Kate_OKeeffe
Congress ordered the Commerce Department to examine a loophole in federal law that has allowed China’s government to use U.S.-built satellites to support its police and military, following an investigation by The Wall Street Journal.
China Just Crossed A Dangerous New Line For Huawei: ‘There Will Be Consequences’
Forbes
@UKZak
But the coming weeks and months will see decisions being taken in key European markets, and this is the telco heartland from which Huawei cannot afford to be excluded. There were signs of this new, more forceful approach a week ago, when it was reported that China’s ambassador to Denmark had threatened to drop a trade agreement with the Faroe Islands if the Danish outpost failed to sign one of those 5G contracts. The threats were captured in an audio recording from November, an audio recording that the Faroese government had been seeking to keep sealed.
USA
DHS Was Finally Getting Serious About Cybersecurity. Then Came Trump.
Politico
@breanne_dep
Secretary Kirstjen Nielsen came in with the potential to be the most effective cyber leader in agency history—only to be sideswiped by the president’s fixation on the Mexican border.
Tech Shudders as U.S. Weighs New Limits on Huawei Sales
Bloomberg
@jendeben @ianmking
The U.S. government is weighing new limits on sales of chips and other vital components to China’s Huawei Technologies Co., sparking another furious round of lobbying by technology companies.
Hundreds of ‘pink slime’ local news outlets are distributing algorithmic stories and conservative talking points
The Tow Center for Digital Journalism
@acookiecrumbles
An investigation by the Tow Center for Digital Journalism at Columbia Journalism School has discovered at least 450 websites in a network of local and business news organizations, each distributing thousands of algorithmically generated articles and a smaller number of reported stories. Of the 450 sites we discovered, at least 189 were set up as local news networks across ten states within the last twelve months by an organization called Metric Media.
Census Bureau Works to Combat Disinformation About 2020 Count
WSJ
@saraheneedleman
The Census Bureau has set up a task force to combat the spread of false or misleading information online about its coming population count, a move that could test the government’s ability to thwart disinformation efforts from affecting the 2020 election.
Cyber-sleuths: Ransomware used in New Orleans attack likely tied to organized crime
Nola.com
@johnsimerman
While New Orleans officials remain tight-lipped about a cyber-attack that has hobbled city government since Friday, cyber-sleuths have homed in on the likely weapon: Ryuk, a menacing breed of “ransomware” used to lock up computer data until the target pays in Bitcoin for the key to release it.
Peter Thiel at Center of Facebook’s Internal Divisions on Politics
WSJ
@emilyglazer @dseetharaman & Jeff Horwitz
Facebook ’s senior leadership is increasingly divided over how to address criticism of the company’s effect on U.S. politics, with board member and billionaire investor Peter Thiel serving as an influential voice advising CEO Mark Zuckerberg not to bow to public pressure, according to people familiar with the matter. One flashpoint of late: political advertisements. Mr. Thiel has argued that Facebook should stick to its controversial decision, announced in September, to continue accepting them and to not fact-check those from politicians, the people said. However, some directors and executives are pushing for changes to the policy, including possibly banning political ads altogether, they said.
Google has fired another worker-activist
Tech Crunch
@meganrosedickey
Google has fired another worker-activist: Kathryn Spiers. Spiers, who worked on the platform security team, was generally tasked with writing code for browser notifications to automatically notify employees of guidelines and company policies while surfing the web. According to Spiers, Google fired her because she created a browser notification to educate her colleagues about their labor rights. What prompted Spiers to create the tool was the news of Google working with a union-busting firm, as well as Google’s alleged retaliation against employees for organizing. The notification read, “Googlers have the right to participate in protected concerted activities.”
A Twitter cyberattack on the Epilepsy Foundation posted strobing images that could trigger seizures
CNN
Elizabeth Wolfe & @saeed_ahmed
Attackers sent videos of flashing and strobing lights to people on Twitter last month as part of a cyberattack which deliberately targeted people with epilepsy. The attacks targeted the Twitter feed of the Epilepsy Foundation, the organization said Monday.
North Asia
Japan, US and Europe team up to counter China's quantum rise
Nikkei Asian Review
Akira Oikawa
Japan will partner with the U.S. and Europe to develop quantum computers and related technology, Nikkei has learned, broadening their efforts as China pours national resources into the race for ultrafast processing power.
A Janitor Allegedly Used a Botanical Code to Broker Weapons Deals for North Korea
WSJ
In a case spotlighting role of regime allies in the West, Australian prosecution document alleges South Korean-born citizen tried to broker deals to sell missile parts and coal on the black market.
Chinese 'rumors' and 'cyber armies' - Taiwan fights election 'fake news'
Reuters
@yimoulee @baibinbeijing
Taiwan is ramping up efforts ahead of a Jan. 11 election to combat fake news and disinformation that the government says China is bombarding the island with to undermine its democracy.
Southeast Asia
This China-linked espionage group keeps trying to hack the Cambodian government
Cyberscoop
@snlyngaas
There is no shortage of malware that government-backed hackers can get from the public domain, saving them the trouble of developing their own code. But to meet their intelligence-gathering needs, plenty of groups still roll up their sleeves and build their own kits. A Chinese espionage outfit known as Rancor has been particularly active on that front. New findings from Palo Alto Networks’ Unit 42 research unit, shared exclusively with CyberScoop, show how, over the past year, the group has tried to break into the network of an unnamed Cambodian government organization and deploy their custom malware.
NZ & Pacific Islands
To block or not to block Technical and policy considerations of Internet filtering
Internet NZ
@InternetNZ
To block or not to block Technical and policy considerations of Internet filtering.
UK
UK to create regulator to police big tech companies
FT
@madhumita29 @katebeioley_ft
The UK government will create a technology regulator next year to police companies such as Facebook and Google after Brexit, according to several people who were involved in the process. The regulator will be given powers to implement a range of new rules, including an enforceable code of conduct for the biggest groups and greater data accessibility for consumers.
Creating the Defence Digital Service (DDS) in MOD
U.K. Ministry of Defence
Hello, we are the Defence Digital Service (DDS) - a new group in the Ministry of Defence (MOD), here to help pave the way for the rapid delivery of user-centred products and services in Defence. Using modern practices and technologies, we’re aiming to bring tactical and strategic advantage by responding rapidly to user needs, both in the office and in the battlespace.
Europe
The Biggest Social Media Operation You've Never Heard Of Is Run Out of Cyprus by Russians
Lawfare
@lisackaplan
What the heck is TheSoul Publishing? I’m still honestly not sure. Here’s what I do know: Measured in terms of views and subscribers, it had the third-largest reach of any group of entertainment channels on YouTube in November—outranked only by Disney and WarnerMedia. It is run by Russian nationals and based in and managed from Cyprus, with U.S. operations housed in a shared work space in New York. It funds itself with ad revenues from YouTube and Google worth tens of millions of dollars. And in 2018, it purchased a small suite of Facebook advertisements targeting U.S. citizens on political issues—and it made those purchases in rubles.
EU needs common telecoms rules to thwart Huawei’s 5G threat
FT
@hallbenjamin
The rise of China’s Huawei as the leading supplier of 5G telecoms equipment has triggered big concerns about national security, European competitiveness and the prospect of long-term dependency on a potentially unreliable company. Having given up their indigenous industry, US officials are now mulling over whether to channel American taxpayers’ money to Huawei’s European rivals Nokia and Ericsson to ensure security of supply. Europe, by contrast, seems remarkably passive.
Russian interview with Carles Puigdemont airs on hacked Spanish TV
The Guardian
@swajones
Spain’s public broadcaster has inadvertently carried an interview with the exiled Catalan separatist leader Carles Puigdemont after hackers hijacked its online news channel and substituted its content for that of Russia’s state-backed RT network.
Americas
Lab results of 15 million Canadians hacked
AFP
Privacy watchdogs have launched an investigation into a hack of health records, which a laboratory said Tuesday may have compromised data on up to 15 million Canadians or nearly half the population.
Misc
Meet Cliff Stoll, the Mad Scientist Who Invented the Art of Hunting Hackers
WIRED
@a_greenberg
Thirty years ago, Cliff Stoll published The Cuckoo's Egg, a book about his cat-and-mouse game with a KGB-sponsored hacker. Today, the internet is a far darker place—and Stoll has become a cybersecurity icon.
24 Hours in Hell With Only 2010 Technology
WSJ
@JoannaStern
As 2020 approaches, WSJ's Joanna Stern wanted to see just how much the smartphone has changed our lives in the past decade. So she ditched her iPhone and traveled to Hell, Mich., with a bag of 2010 gadgets, including an old BlackBerry, a Garmin GPS and a Canon point-and-shoot.
In The 2010s, We All Became Alienated By Technology
BuzzFeed News
@bernstein
We were promised community, civics, and convenience. Instead, we found ourselves dislocated, distrustful, and disengaged.
Cloud flaws expose millions of child watch trackers
Tech Crunch
@zackwhittaker
Parents buy their children GPS-enabled smartwatches to keep track of them, but security flaws mean they’re not the only ones who can. This year alone, researchers have found several vulnerabilities in a number of child-tracking smartwatches. But new findings out today show that nearly all were harboring a far greater, more damaging flaw in a common shared cloud platform used to power millions of cellular-enabled smartwatches.
We Tested Ring’s Security. It’s Awful
VICE
@josephfcox
Ring lacks basic security features, making it easy for hackers to turn the company's cameras against its customers.
What does your car know about you? We hacked a Chevy to find out.
The Washington Post
@geoffreyfowler
Our privacy experiment found that automakers collect data through hundreds of sensors and an always-on Internet connection. Driving surveillance is becoming hard to avoid.
Research
A Public, Private War: How the U.S. Government and U.S. Technology Sector Can Build Trust and Better Prepare for Conflict in the Digital Age
Center for Long-Term Cybersecurity and Technology for Global Security
@jonathanreiber
A new report co-published by the Center for Long-Term Cybersecurity and Technology for Global Security (Tech4GS) provides a blueprint for how the U.S. government and private-sector companies can collaborate to prepare for a cyberwar or other massive cyberattack on U.S. interests.
Fake media and NGOs: A pro-Indian network designed to influence policymakers
EU DisinfoLab
How could you know that your local news website, such as newyorkmorningtelegraph.com, thedublingazette.com, or timesofportugal.com serves Indian governmental interests? Over 265 fake local news sites in more than 65 countries are managed by an Indian influence network. Here’s the story of how we uncovered this network designed to influence the EU and the UN by repeatedly criticising Pakistan.
Bing’s Top Search Results Contain an Alarming Amount of Disinformation
Stanford Internet Observatory
Daniel Bush & Alex Zaheer
Bing’s importance in the information landscape of the U.S. shouldn’t be overlooked. While its share of the search market in the U.S. might be dwarfed by that of Google, it has steadily increased over the past ten years.. It is something of a problem, then, that Bing appears to be returning an alarming amount of disinformation and misinformation in response to user queries — far more than Google does, for instance.
The American AI Century: A Blueprint for Action
CNAS
The United States needs to respond to this technological challenge in the same way it responded to prior technology competitions, such as the space race. U.S. leadership in AI is critical not only because technology is a key enabler of political, economic, and military power, but also because the United States can shape how AI is used around the world. As this report explains, while AI can be used for incredible good by societies, it already is being abused by authoritarian states to surveil and repress their populations. And advances in AI technology are enabling future malign uses, such as launching sophisticated influence attacks against democratic nations. The United States must make sure it leads in AI technologies and shapes global norms for usage in ways that are consistent with democratic values and respect for human rights.