UK's ICO Says Mobile Tracking is Legal During COVID-19 Crisis | Security Lapse Exposed Republican Voter Data |Twitter Deleted Tweets from Brazil’s President for Spreading Misinformation
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
UK's Information Commissioner's Office (ICO) has announced over the weekend that the government can use anonymised mobile phone tracking data to help fight the current coronavirus pandemic. Bleeping Computer
A voter contact and canvassing company, used exclusively by Republican political campaigns, mistakenly left an unprotected copy of its app’s code on its website for anyone to find. The data included personally identifiable information, amounting to dozens of spreadsheets packed with voter names, addresses and voting history. Tech Crunch
Twitter has deleted two tweets by Brazilian President Jair Bolsonaro because they contained false or misleading information about COVID-19, the disease caused by the novel coronavirus. BuzzFeed
On Thursday, 2 April at noon (AEDT), ASPI’s International Cyber Policy Centre is running an online Q&A with the co-authors of the ‘Uyghurs for sale’ report.
Co-authors Vicky Xiuzhong Xu, Dr James Leibold, Kelsey Munro & Nathan Ruser will be on hand to take your questions for an hour on what has quickly become ASPI’s most-read report ever.
If you would like to take part, please email fergusryan@aspi.org.au with your name and ‘Q&A’ as the subject line.
ASPI ICPC
The power of narratives and risk of surveillance creep in the response to Covid-19
ASPI Strategist
@KelseyMunro
A geostrategic risk out of all of this is that the perceived ‘lesson’ of the pandemic will be that authoritarianism works and democracy is chaos. Anywhere you look, government is back, in a big way. Most national governments, both democratic and autocratic, have concluded they need to fight the virus by throttling the freedoms underpinning market economies.. The pandemic is also likely to hardwire our dependence on technology, making our reliance on digital connectivity so absolute that we become more willing to tolerate the downsides of life in a post-privacy age. Democratic governments may be tempted—or driven— to emulate the techniques of autocratic ones. Surveillance creep seems inevitable.
Forced Labor: Government And Industry Groups Intensify Focus On Xinjiang
Mondaq
On March 1, an Australian think tank issued a report identifying 83 global companies alleged to use labor and materials sourced from the XUAR. On March 10, five major footwear and apparel industry groups (AAFA, NRF, RILA, USFIA, and the FDRA) issued a joint statement responding to reports of forced labor in the XUAR, calling on the U.S. government to "immediately engage" with global stakeholders to find solutions.
The World
Here’s How to Fight Coronavirus Misinformation
The Atlantic
@acarvin @GrahamBrookie
The world has faced, and overcome, pandemics before. We’ve never faced one in this information climate. This is, as the World Health Organization declared in February, an infodemic: “an over-abundance of information—some accurate and some not—that makes it hard for people to find trustworthy sources and reliable guidance when they need it.” So what do you do when a friend or family member sends you a screenshot promising “THE TRUTH ABOUT CORONAVIRUS”?
Australia
Huawei dumped from Western Australian train radio contract due to US trade restrictions
ZDNet
@dobes
The contract between Huawei Australia and UGL (HUGL Consortium) and the government of Western Australian to provide the state with a digital radio system for its trains has been mutually abandoned by both parties, Minister for Transport; Planning Rita Saffioti said on Friday.
China
The Alliance for Securing Democracy Expands Hamilton 2.0 Dashboard to Include China
Alliance for Securing Democracy
@SecureDemocracy
The Alliance for Securing Democracy at the German Marshall Fund of the United States today expanded the Hamilton 2.0 dashboard to include the tracking of Chinese government-backed information operations on social media, state-sponsored information websites, YouTube, and via official diplomatic channels. The interactive, publicly accessible dashboard captures content from more than 150 Chinese diplomatic and media accounts on Twitter, five state-sponsored news websites, CGTN America and CCTV+’s channels on YouTube, and official statements made by the Permanent Mission of China to the United Nations. Data from these accounts will be added to the existing Hamilton 2.0 dashboard, which publicly tracks Russian government and government-funded media outputs.
US
Tech Giants Prepared for 2016-Style Meddling. But the Threat Has Changed.
NYT
@kevinroose @sheeraf @nicoleperlroth
After spending billions to avoid a repeat of 2016, the tech giants are careening from crisis to crisis as their foes change tactics.
Security lapse exposed Republican voter firm’s internal app code
Tech Crunch
@zackwhittaker
A voter contact and canvassing company, used exclusively by Republican political campaigns, mistakenly left an unprotected copy of its app’s code on its website for anyone to find. The data included personally identifiable information, amounting to dozens of spreadsheets packed with voter names, addresses and voting history.
The Cybersecurity 202: Cybersecurity experts slam child protection bill that risks rolling back encryption (Opinion)
The Washington Post
@Joseph_Marks_
The EARN IT Act would strip tech companies of their prized liability protections for what users share on their platforms, unless they follow rules designed by a new government task force — which experts fear would require companies to give law enforcement special access to encrypted communications.
Federal Court Rules ‘Big Data’ Discrimination Studies Do Not Violate Federal Anti-Hacking Law
ACLU
In a major victory for civil liberties and civil rights enforcement during the digital age, a federal court has ruled that research aimed at uncovering whether online algorithms result in racial, gender, or other discrimination does not violate the Computer Fraud and Abuse Act (CFAA).
Facebook’s private groups are abuzz with coronavirus fake news
Politico
@markscott82
Conspiracy theories, bogus scientific information and links to online scams about the coronavirus pandemic are rife on Facebook despite the social networking giant's efforts to clamp down on misinformation, according to a review by POLITICO of thousands of Facebook posts. These falsities — often born out of people's hunger to find accurate information about COVID-19 — are being shared in so-called private groups, or invite-only sections of the global platform, which have gained tens of thousands of participants, collectively, in recent weeks.
Medical Expert Who Corrects Trump Is Now a Target of the Far Right
NYT
@daveyalba @sheeraf
Dr. Anthony Fauci, the administration’s most outspoken advocate of emergency virus measures, faces a torrent of false claims that he is mobilizing to undermine the president. He has become the target of an online conspiracy theory that he is mobilizing to undermine the president.
Internal Documents Show How the US Army Makes a Video Game
Vice
@josephfcox
Hundreds of pages of documents obtained by Motherboard lay out the development of 'Operation Overmatch.' The game isn't just to provide a fun distraction for members of the Army. Player decisions, movements, and tactics are collected and analyzed in the hope they can provide insights on how the Army should plan in real-life.
UK
UK's ICO Says Mobile Tracking is Legal During COVID-19 Crisis
Bleeping Computer
@serghei
UK's Information Commissioner's Office (ICO) has announced over the weekend that the government can use anonymized mobile phone tracking data to help fight the current coronavirus pandemic. ICO’s Deputy Commissioner Steve Wood said in a statement that as long as the government anonymizes the mobile phone tracking data, it has the green light to do so as no individuals can be identified and privacy laws aren't breached.
South America
Twitter Deleted Two Tweets From Brazil’s President Jair Bolsonaro For Spreading Coronavirus Misinformation
BuzzFeed News
@broderick
On Sunday, Twitter deleted two tweets by Brazilian President Jair Bolsonaro because they contained false or misleading information about COVID-19, the disease caused by the novel coronavirus. In the tweets, Bosolonaro posted videos of himself taken during a walking tour in Brasília on Sunday, in which the president praised the use of anti-malaria drug hydroxychloroquine for treating the virus and encouraged an end to social distancing and isolation measures in the country.
Misc
The Internet in the Coronavirus Era
Besa Center
The coronavirus (COVID-19) pandemic is causing an online revolution—one that provides opportunities but also creates risks. Surveillance of infected and quarantined individuals through mobile applications is helping to slow the spread of the contagion, but contains an implicit threat to privacy. Cybersecurity is being tested as hackers look for ways to use the unprecedented situation to strike governments, companies and individuals.
COVID-19: Hackers Begin Exploiting Zoom's Overnight Success to Spread Malware
The Hacker News
As people increasingly work from home and online communication platforms such as Zoom explode in popularity in the wake of coronavirus outbreak, cybercriminals are taking advantage of the spike in usage by registering new fake "Zoom" domains and malicious "Zoom" executable files in an attempt to trick people into downloading malware on their devices.
FBI Warns of Ongoing Zoom-Bombing Attacks on Video Meetings
Bleeping Computer
Hacker hijacks Microsoft YouTube accounts to broadcast crypto Ponzi scam
ZDNet
@campuscodi
Several of Microsoft's YouTube accounts appear to have been hacked. Other YouTube accounts were also hacked and renamed to Microsoft to amplify the scam.
Malware from notorious FIN7 group is being delivered by snail mail
Cyber Scoop
@snlyngaas
Malware authored by FIN7, which researchers say has stolen over $1 billion in recent years, has been delivered by the U.S. Postal Service to multiple organizations in recent months, according to security company FireEye.
(One client of the cybersecurity company received a package, with a loyalty reward $50 gift card. The envelope included a USB drive claiming to contain a list of products eligible for purchase using the gift card.)
HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers
Cyber Scoop
@snlyngaas
HackerOne, a company that pairs ethical hackers with organizations to fix software flaws, has kicked mobile voting vendor Voatz off its platform, citing the vendor’s hostile interactions with security researchers. It is the first time in its eight-year existence that HackerOne, which works with companies from AT&T to Uber, has expelled an organization from its security program.
(This SIPRI Reflection Film takes stock of the challenges posed by autonomy in weapons systems and explores how these challenges might be addressed by states. )
Research
Pandemic Mitigation in the Digital Age: Digital Epidemiological Measures to Combat the Coronavirus Pandemic
HCSS
@hcssnl
The report reviews specific digital contact tracing & quarantine measures (CTQ) measures (Taiwan, South Korea, Singapore, China, and Israel, as well as industry tracking), and places them on the spectrum of user-based and provider-based measures, and recommends CTQ measures that are in accordance with existing EU legislation. Finally, it offers a way forward to consider a principle towards “data for the common good” to help combat the current coronavirus pandemic.