US nuclear weapons agency breached | France feuds with Facebook over disinformation | Alibaba showed clients how to use software that detected Uighur faces
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies, officials directly familiar with the matter said. Politico
Paris is in an escalating spat with Facebook after the social networking giant outed a disinformation campaign across parts of Africa allegedly tied to individuals associated with the French military. Senior French officials in Paris — as well as in discussions with counterparts in other European countries — have raised doubt around Facebook’s findings and questioned the company’s decision to make them public. Politico
As the Chinese government tracked and persecuted members of predominantly Muslim minority groups, the technology giant Alibaba taught its corporate customers how they could play a part. Alibaba’s website for its cloud computing business showed how clients could use its software to detect the faces of Uighurs and other ethnic minorities within images and videos. New York Times
ASPI ICPC
Australia must protect its Chinese-language media
ASPI Strategist
@alexjoske @nathanattrill @AlexandraPasc_
Ensuring our foreign interference and influence laws are enforced should be a priority. Security agencies must seek to disrupt and shine a light on interference in media. Outlets that are clearly being guided by the CCP should be made to register on the Foreign Influence Transparency Scheme. The government should also do more to support independent Chinese-language media, such as by expanding ABC and SBS offerings and establishing scholarships for Chinese-speaking journalism students. But WeChat might be the bigger and more consequential part of this challenge.
Devolved data centre decisions: Opportunities for reform?
ASPI Strategist
@LeadAbilityGrp @AussieArchivist
Government data creation, collection, storage and analysis has grown and continues to grow, as does government reliance on it. With continued government policy directions promoting increased outsourcing of data storage, processing and cloud storage, the value and protection that disaggregation and diversification generate may be lost in the absence of appropriate oversight. In this report, ASPI’s Gill Savage and Anne Lyons provide an overview of the current state, the implications of the panel arrangements and the resulting challenges.
China
Shares of China’s biggest chipmaker drop on reports co-CEO has quit
Financial Times
Shares of China’s biggest chipmaker fell sharply after it said it was “verifying” reports that its co-chief executive had abruptly quit, in what would be the latest blow to the company targeted by US sanctions.
As China Tracked Muslims, Alibaba Showed Customers How They Could, Too
New York Times
@zhonggg
As the Chinese government tracked and persecuted members of predominantly Muslim minority groups, the technology giant Alibaba taught its corporate customers how they could play a part. Alibaba’s website for its cloud computing business showed how clients could use its software to detect the faces of Uighurs and other ethnic minorities within images and videos, according to pages on the site that were discovered by the surveillance industry publication IPVM and shared with The New York Times.
These ByteDance apps stored U.S. user data in China – at least until they started to disappear
Protocol
@issielapowsky
TikTok may keep U.S. user data out of China, but other ByteDance apps downloaded hundreds of thousands of times in the U.S. play by a different set of rules.
USA
Texas and other states sue Google for abusing 'monopolistic power'
The Guardian
@kari_paul
Lawsuit accusing company of ‘tremendous violation of justice’ is latest bid to rein in big tech.
Nuclear weapons agency breached amid massive cyber onslaught
Politico
@NatashaBertrand @ericwolff
Hackers accessed systems at the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile.
Suspected Russian hacking spree used another major tech supplier -sources
Reuters
@josephmenn
The massive hacking campaign disclosed by U.S. officials this week and tentatively attributed to the Russian government extended beyond users of pervasive network software that had been compromised.
Enough is enough. Here’s what we should do to defend against the next Russian cyberattacks.
Washington Post
@alexstamos
While we don’t have all the details, it is already clear that something is wrong with how our country protects itself against the hackers working for our adversaries in Russia, China, Iran and North Korea. As the Biden administration puts together its plan to secure the United States against these kinds of attacks, and Congress considers how to update the existing bipartisan cybersecurity consensus, I offer three initial fixes.
I Was the Homeland Security Adviser to Trump. We’re Being Hacked.
New York Times
@TomBossert
The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated. But it is unclear what the Russians intend to do next. The access the Russians now enjoy could be used for far more than simply spying.
The SolarWinds Wake-Up Call
Project Syndicate
The recently discovered SolarWinds hack holds obvious lessons for governments around the world, particularly after a year in which cyber attacks on critical infrastructure have surged. International action is urgently needed, not to write new treaties or codes of conduct, but to enforce existing norms.
Russian Hackers Have Been Inside Austin City Network for Months
The Intercept
@MaraHvistendahl @micahflee @chronic_jordan
State-sponsored hackers believed to be from Russia have breached the city network of Austin, Texas, The Intercept has learned. The breach, which appears to date from at least mid-October, adds to the stunning array of intrusions attributed to Russia over the past few months.
Anti-vaccination groups target local media after social media crackdowns
NBC
@BrandyZadrozny
From California to Maine, local news stations have been giving anti-vaccination activists a platform to spread misinformation.
North-East Asia
How Singapore launched a healthtech sandbox
GovInsider
Singapore has launched a new platform to make it easier and faster for healthcare institutions to implement new tech.
South-East Asia
Software Supply-Chain Attack Hits Vietnam Government Certification Authority
Hacker News
Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency's digital signature toolkit to install a backdoor on victim systems.
South and Central Asia
How Alibaba Lost India: A Tale of Missed Opportunities and Bad Luck
The Information
@kellymakena
In the fall of 2016, Cyrus Mistry, then chairman of India’s biggest conglomerate, Tata Group, flew to China for a crucial meeting with Joe Tsai, Alibaba’s co-founder and executive vice chairman, according to two people with direct knowledge of the visit. Alibaba had been courting Tata, hoping an alliance would jump-start its business in India.
Govt announces National Security Directive on Telecom Sector for secure networks
Mint
In a bid to tighten security of communications network, the Cabinet Committee on Security on Wednesday announced the National Security Directive on Telecommunication Sector, which will mandate service providers to purchase equipment from trusted sources. Law and Telecom Minister Ravi Shankar Prasad said the directive has been framed from the perspective of national security.
UK
Google’s AI unit DeepMind swallows £1.6bn as losses continue
Financial Times
Google’s UK-based artificial intelligence unit DeepMind lost half a billion pounds last year, a similar figure to 2018, and its parent company Alphabet wrote off a further £1.1bn in debt, according to its latest accounts. The figures underline the huge investment that Google continues to make in the London-based AI team that it acquired in 2014 for about £400m, with the most talented machine-learning researchers able to command huge salaries.
The Online Harms edifice takes shape
Cyberleagle
Reminiscent of a sheriff in the Wild West, to which the internet is so often likened, Ofcom would enlist deputies - social media platforms and other intermediaries acting under a legal duty of care - to police the unruly online population. Unlike its Wild West equivalent, however, Ofcom would get to define its territory and write the rules, as well as enforce them.
Europe
Huawei Gets Conditional Green Light in Germany as Government Approves Security Bill
Wall Street Journal
@berlindiary @stuwoo
Germany edged closer to allowing the use of Huawei’s technology in 5G mobile networks, giving the Chinese company a victory on a European continent increasingly aligned with the Trump administration’s anti-Huawei views.
France feuds with Facebook over disinformation claims
Politico
@markscott82 @ElisaBraun
Paris is in an escalating spat with Facebook after the social networking giant outed a disinformation campaign across parts of Africa allegedly tied to individuals associated with the French military. Senior French officials in Paris — as well as in discussions with counterparts in other European countries — have raised doubt around Facebook’s findings and questioned the company’s decision to make them public, according to several officials who spoke with POLITICO.
EU approves Google’s $2.1 billion acquisition of Fitbit, subject to conditions
CNBC
@Ryan_Browne_
Google’s $2.1 billion acquisition of Fitbit has been conditionally approved by the European Commission, the executive arm of the EU.
Gender and Women in Cyber
Misc
Facebook Attacks Apple Software Changes in Newspaper Ads
Bloomberg
@KurtWagner8 @markgurman
Facebook Inc. lashed out at Apple Inc. in a series of full-page newspaper ads, claiming the iPhone maker’s coming mobile software changes around data gathering and targeted advertising are bad for small businesses.
Twitter says it will start removing COVID-19 vaccine misinformation
The Verge
@kellymakena
Twitter announced Wednesday that it will remove tweets making false or misleading claims about COVID-19 vaccinations.
Our plans to relaunch verification and what’s next
Twitter
A couple of weeks ago, we announced that we’re planning to bring back our public verification program in 2021, shared a draft of our new policy, and asked for public feedback to help shape our approach. This new policy will lay the foundation for future improvements by defining what verification means, who is eligible for verification and why some accounts might lose verification to ensure the program is more equitable.
Events
Jobs
ICPC Analyst - Information operations & disinformation
ASPI’s International Cyber Policy Centre (ICPC) has an outstanding opportunity for a talented and proactive analyst to join its centre. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by state and non-state actors. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies.
ICPC Senior Analyst or Analyst - China
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional and experienced China-focused senior analyst or analyst to join its centre in 2021. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on.