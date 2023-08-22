Good morning. It's Wednesday 23rd August.

A previously unknown hacking campaign targeted file protection, encryption and decryption software as part of a supply chain attack on unnamed targets in Hong Kong and other regions of Asia, according to an analysis published Tuesday. CyberScoop

Thousands of donors to Australian charities have had their personal information leaked to the dark web after a telemarketer was hacked by cybercriminals. The ABC understands more than 70 Australian charities used Brisbane-based Pareto Phone, but not all had been affected. The telemarketing company collected donations from supporters, with one charity alleging the company retained nine-year-old documents without its knowledge – which would be a breach of the privacy act. ABC News

Meta Platforms on Tuesday asked a court in Norway to stop a fine that the country's data regulator has imposed on the owner of Facebook and Instagram for breaching user privacy, in a case that could have wider European implications. Since Aug. 14, Meta Platforms has been fined 1 million crowns ($94,313) per day for harvesting user data and using it to target advertising at them, called behavioural advertising, a practice common to Big Tech. Reuters

ASPI

China hoped Fiji would be a template for the Pacific. Its plan backfired.

The Washington Post

Michael E. Miller and Matthew Abbott

The police cooperation between China and Fiji that began in 2011 with the six-page MOU would continue for more than a decade. The police agreement provided a blueprint for China to grow its security presence 5,600 miles away in Fiji — from the soft power of people-to-people exchanges to the hard power of arrests, extrajudicial deportations and the transfer of high-tech equipment such as closed-circuit cameras, surveillance gear and drones. Blake Johnson, an analyst at the Australian Strategic Policy Institute, said the Fiji-China MOU had started small but grown over time into something serious enough to trouble Australian officials. “Pretty much from the start, Fiji was interested in not just getting vehicles, which is very common in the Pacific, but also communications, surveillance equipment, anti-riot equipment, and that kept evolving,” he said. The drones and closed-circuit equipment were particularly concerning, he said, “because of how China uses that technology against its own population, raising questions about whether they are encouraging other countries to do the same.”

Australia

China

Baidu to debut next challenger to ChatGPT by end of the year

Nikkei Asia

Cissy Zhou

Chinese search giant Baidu plans to launch Ernie 4, the next version of its generative AI large language model, by the end of this year, CEO and founder Robin Li said Tuesday, ratcheting up the technology race with U.S. competitors. Baidu released Ernie 3.5 in June, claiming it broadly outperformed OpenAI's ChatGPT 3.5 and beat the more advanced GPT 4 in some Chinese language skills. Ernie Bot, China's first public answer to OpenAI's generative chat bot, was unveiled by Baidu in March.

What do Chinese university students think about U.S.-China tech competition?

Lawfare

Christina Knight

“We have this saying, technological backwardness brings on beatings by others (落后就要挨打),” Xinyi*, an electrical engineering doctoral student at Tsinghua University, China’s leading technology school, told me over coffee. We sat at Eureka, a Greek-inspired cat cafe hidden behind a hot-pot canteen on Tsinghua’s campus in a rare leafy corner of Beijing. “We had no technology before, and we suffered. Now, China has learned from the past,” she said. In other words, technological inferiority leads to hardship. Xinyi wants to help China avoid repeating this mistake. But she is also realistic, and slightly disillusioned. Her main priorities are a house, a car, and—more than anything—to escape neijuan: the stress, anxiety, and competitiveness in Chinese society. China’s technological advancement excites her, yet her own future raises concerns.

USA

A Pennsylvania court says state police can’t hide how it monitors social media

Associated Press

Mark Scolforo

Pennsylvania’s Supreme Court ruled Tuesday that the state police can’t hide from the public its policy on how it monitors social media. Advocates for civil liberties cheered the decision. The law enforcement agency had argued that fully disclosing its policy for using software to monitor online postings may compromise public safety. All four Democratic justices supported the majority decision, which said the lower Commonwealth Court went beyond its authority in trying to give the state police another attempt to justify keeping details of the policy a secret. Tuesday’s order appears to end a six-year legal battle.

Pioneering progress: How a munitions campus propels the US defense industrial base forward

Breaking Defense

Nadia Schadlow

Since the start of the Ukraine conflict, the US and its allies have been scrambling to find or produce enough munitions to both arm Kyiv and keep up with national requirements. In this new op-ed, former US deputy national security advisor Nadia Schadlow says there may be a new solution underway at the Pentagon to alleviate the issue. It’s now almost trite to point out the cracks in the foundation of the US defense industrial base. Many facilities are over a half century old, filled with outdated equipment, unable to meet production requirements, and often dependent on minerals and chemicals produced mainly by our adversaries. The issue is particularly acute for missiles and munitions, both the weapons needed for today’s fight in Ukraine and future capabilities such as hypersonic weapons.

CISA, NSA and NIST publish new resource for migrating to post-quantum cryptography

Cybersecurity & Infrastructure Security Agency

Kyle Miller and Andrew Lohn

The Cybersecurity and Infrastructure Security Agency, National Security Agency, and National Institute of Standards and Technology published a factsheet today about the impacts of quantum capabilities. The agencies urge all organizations, especially those that support critical infrastructure, to begin early planning for migration to post-quantum cryptographic standards by developing their own quantum-readiness roadmap. The first set of PQC standards to protect against future, potentially adversarial, cryptanalytically-relevant quantum computer capabilities are being developed by NIST and planned for release in 2024. Having a roadmap and inventory enables an organization to begin the quantum risk assessment processes and provides needed visibility of application and functional dependencies on public-key cryptography that exist within their operational environment.

Army cyber officials want to harness AI, but not over-hype

Breaking Defense

Jaspreet Gill

Army cyber leaders want to harness the potential of artificial intelligence for a role in future operations, but are trying to balance excitement about the capabilities with caution not to get hopes up on how soon it can make a real difference. Speaking to reporters Aug. 17 at the AFCEA TechNet Augusta conference, officials said the service is actively exploring ways AI can be used in offensive operations against its networks, while service coders are looking at how it can also benefit them.

The secret weapon hackers can use to dox nearly anyone in America for $15

404 Media

Joseph Cox

It took only a few seconds to uncover the target’s entire life. On the messaging app Telegram, I entered a tiny amount of information about my target into the dark blue text box—their name and the state I believed they lived in—and pressed enter. A short while later, the bot spat out a file containing every address that person had ever lived at in the U.S., all the way back to their college dorm more than a decade earlier. The file included the names and birth years of their relatives. It listed the target’s mobile phone numbers and provider, as well as personal email addresses. Finally, the file contained information from their drivers’ license, including its unique identification number. All of that data cost $15 in Bitcoin. The bot sometimes offers the Social Security number too for $20. This is the result of a secret weapon criminals are selling access to online that appears to tap into an especially powerful set of data: the target’s credit header.

Americas

Trudeau says foreign interference inquiry coming, but details still being worked out

National Post

Ryan Tumilty

Prime Minister Justin Trudeau insisted Monday his government is committed to a full public inquiry on foreign interference, but is still working through the details with opposition parties, giving no date for when an inquiry might get underway. Trudeau was asked about the potential inquiry at a cabinet retreat in Prince Edward Island on Monday. He said they’re working on it, but want a process everyone will stand behind.

Southeast Asia

Singapore voters urged to be alert for phishing scams, cyber attacks mimicking election campaigning

The Straits Times

Osmond Chia

Voters are urged to watch out for scams and cyber attacks that attempt to trick them into downloading malware, the Cyber Security Agency of Singapore said in an advisory as campaigning for the presidential election kicked off on Tuesday. Such threats could surface with the use of digital means for election campaigning, such as online rallies and social media, said CSA in a statement. Threat actors could create fake social media accounts or circulate fake websites that mimic the content of official campaign websites to carry out phishing or social engineering attacks.

South & Central Asia

Bangladesh, India keen to work together against cyber threats

The Business Standard

Bangladesh and neighbouring India are keen to work together to deal with cyber threats. To this end, the two countries agreed to jointly conduct cyber drills and capacity building workshops. The information was disclosed in a bilateral meeting between Dr Sanjay Bahl, director general of Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and IT of Government of India, and Bangladesh State Minister for ICT Division Zunaid Ahmed Palak at the head office of CERT-In in New Delhi on Monday, said a press release today.

Cyber security is global problem, declares G20 Digital Economy Ministers' meet

The Economic Times

Union Minister Ashwini Vaishnaw on Saturday said there was a consensus during the G20 Digital Economy Ministers' Meeting that cyber security is an international problem that requires collaboration and steps for building trust and respect for other economies. The minister, who holds the Electronics, IT, Communications and Railways portfolios, said there was absolute consensus in the G20 meeting on the concept and application of Digital Public Infrastructure, cyber security and skilling in handling digital technology.

Europe

US tech firms offer data protections for Europeans to comply with EU big tech rules

CyberScoop

Tonya Riley

tarting Friday, Europeans will have a much different experience than their American counterparts when dealing with large tech companies. The European Union’s Digital Services Act, which will eventually apply to any online service provider, will take effect for very large online platforms with more than 45 million users. Requirements under the law include a ban on targeting users with ads based on sensitive data, transparency requirements about how platforms’ algorithms work, and new liability obligations for illegal content such as hate speech and bans on deceptive design patterns.

UK

Investors sound alarm over Arm’s exposure to China

Financial Times

Leo Lewis, Kana Inagaki, Ryan McMorrow and Qianer Liu

Prospective investors in Arm’s initial public offering have raised concerns over the UK chip designer’s exposure to China, after the release of a prospectus that warned of “significant risks” in the way the company was set up to do business there. Over the past three years Arm has confronted a succession of difficulties over doing business in China, from losing control of its local unit for nearly two years to a renegade chief executive, to facing obstacles registering a deal to offload its stake in the ailing venture.

Cyber attack on Aussie energy services firm may hit UK CNI

Computer Weekly

Alex Scroxton

Operators of critical utility infrastructure across the UK may have been affected by a developing cyber attack on the systems of Energy One, an Australia-based supplier of software and services for the energy sector. The ongoing incident was disclosed via a statement to the Australian Securities Exchange (ASX) on the morning of Monday 21 August (Sunday evening on UK time), but appears to have begun on Friday 18 August.

Exposed: the Chinese spy using LinkedIn to hunt UK secrets

The Times

Fiona Hamilton

A single Chinese spy is using LinkedIn profiles to try to lure thousands of British officials to hand over state secrets in exchange for large sums of money and lucrative business deals, The Times has learnt. The intelligence officer for Beijing’s main spy agency created a string of aliases and fake companies to target security officials, civil servants, scientists and academics with access to classified information or commercially sensitive technology.

Big Tech

Elon Musk's X plans to remove headlines from links to news articles

Reuters

Yuvraj Malik

Elon Musk is pushing to change how news links appear on his social media platform X, formerly called Twitter, in a move that could potentially undermine the ability of news publishers to draw audience. X is planning to remove the headline and text while retaining just the lead image from links to news articles shared on the platform, Musk said in a post late on Monday.

Misc

Building a digital army: UN peacekeepers fight deadly disinformation

UN News

Designing ways to fight back against falsehoods that can trigger tensions, violence, or even death, the UN has been monitoring how mis- and disinformation and hate speech can attack health, security, stability as well as progress towards the Sustainable Development Goals. “It has become clear that business as usual is not an option,” UN Secretary-General António Guterres said in a policy brief launched in June on information integrity on digital platforms. “The ability to disseminate large-scale disinformation to undermine scientifically established facts poses an existential risk to humanity and endangers democratic institutions and fundamental human rights,” he wrote in the brief.

Innovation and its discontents: Societies get the technology they deserve

Foreign Affairs

Diane Coyle

In the space of just a few months, the specter of artificial intelligence has come to haunt the world. The release in late 2022 of ChatGPT, the most prominent of a new wave of generative AI models, has ignited concerns about the potentially disastrous consequences of the technology. Depending on the telling, AI could lead to the rapid spread of misinformation, kill democracy, eliminate millions of jobs, or even result in the end of the human species. These fears have overshadowed discussions of the technology’s promise. Whereas the rapid advances of recent decades—in telecommunications and digital technology, for instance—were often greeted with unwise euphoria, the recent leaps forward in AI have inspired much more circumspection about the direction of technological change. Many people are questioning the hype, realizing that innovation may not always be a good thing.

The internet is turning into a data black box. An ‘inspectability API’ could crack it open

WIRED

Surya Mattu

In today’s digital world, injustice lurks in the shadows of the Facebook post that’s delivered to certain groups of people at the exclusion of others, the hidden algorithm used to profile candidates during job interviews, and the risk-assessment algorithms used for criminal sentencing and welfare fraud detention. As algorithmic systems are integrated into every aspect of society, regulatory mechanisms struggle to keep up. Over the past decade, researchers and journalists have found ways to unveil and scrutinize these discriminatory systems, developing their own data collection tools. As the internet has moved from browsers to mobile apps, however, this crucial transparency is quickly disappearing.

Research

Onboard AI: Constraints and limitations

Center for Security and Emerging Technology

Kyle Miller and Andrew Lohn

AI that makes news headlines, such as ChatGPT, typically runs in well-maintained data centers with an abundant supply of compute and power. However, these resources are more limited on many systems in the real world, such as drones, satellites, or ground vehicles. As a result, the AI that can run onboard these devices will often be inferior to state of the art models. That can affect their usability and the need for additional safeguards in high-risk contexts. This issue brief contextualizes these challenges and provides policymakers with recommendations on how to engage with these technologies.

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.