U.S. state governments hit in Chinese hacking spree | New sanctions on Russia as Australia seeks to counter Ukraine misinformation | EU countries call for cybersecurity emergency response fund
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Hackers believed to be sponsored by the Chinese government have accessed computer systems in six U.S. state governments in a continuing espionage campaign that included the use of the widespread Log4J computer bug detected late last year, according to cybersecurity researchers. The Wall Street Journal
Australia has hit Russia with another round of sanctions targeting senior military officers, as well as state propagandists spreading "pro-Kremlin disinformation". ABC News
Telecoms ministers from the 27 EU countries want the European Commission to set up a cybersecurity emergency response fund to counter large-scale cyberattacks, citing the recent attacks against Ukraine, according to an EU document. Reuters
ASPI ICPC
The World
DDoS attacks now use new record-breaking amplification vector
Bleeping Computer
Bill Toulas
A new reflection/amplification DDoS method is being used in attacks that provides a record-breaking amplification ratio of almost 4.3 billion to 1.
Ukraine-Russia
Telegram founder commits to Ukraine user privacy
BBC News
The billionaire Russian-born co-founder of messaging app Telegram has told Ukrainian users their data is safe. In a Telegram post, Pavel Durov, who lives in Dubai, wrote: "I stand for our users no matter what. Their right to privacy is sacred - now more than ever."
Lumen, a second major American Internet carrier, is pulling out of Russia
The Washington Post
Craig Timberg, Ellen Nakashima and Joseph Menn
Lumen, a leading American Internet provider to Russia, announced Tuesday that it was severing business relations in the country, a move likely to increase Russia’s isolation as its citizens slip behind what some analysts are calling a new digital Iron Curtain.
Tens of thousands of Russian gig workers left behind as tech platforms pull out
The Washington Post
Nitasha Tiku and Gerrit De Vynck
For more than a decade, American and European tech companies have made a business of facilitating online labor — from gig work to content creation and online marketplaces to payment processors. Now, tens of thousands of Russian video game streamers on Twitch, gig workers on Upwork, adult-content creators on OnlyFans and computer programmers working on contract have all lost their livelihoods, at least temporarily.
Apple suspends Search Ads on the Russian App Store ‘until further notice’
TechCrunch
Sarah Perez
After last week’s announcement that it would halt its product sales in Russia, Apple has now informed its developer community that it’s suspending its Apple Search Ads service on the App Store in Russia. According to an email shared with developers, Apple Search Ads ads — which allow developers to run advertising campaigns on the App Store — have now been placed on hold in Russia “until further notice.”
Twitter launches Tor Onion service making site easier to access in Russia
VICE
Joseph Cox
The Russian government may have blocked Twitter earlier this month, but now users in the country might have another way to bypass that censorship and access the social network. On Tuesday, a cybersecurity expert announced that they had helped implement an official Tor onion service version of Twitter, meaning that Russian users should be able to use the Tor anonymity network to reach the site.
Twitter says it’s trying to fully restore service in Russia
TechCrunch
Natasha Lomas
Twitter’s service continues to be partially accessible in Russia, although the social networking platform confirmed today that it is aware of reports of users in the country having “increasing difficulty” accessing its service, adding that it is investigating and working to restore full access.
Instagram warns users who share Russian state media, hides following lists in Russia and Ukraine
TechCrunch
Taylor Hatmaker
Instagram announced Tuesday that it would implement steps to dampen Russian government propaganda and protect the privacy of users across Ukraine and Russia. The company will begin downranking posts from Russian state-affiliated media, placing any stories from those outlets below other content from other sources. Users who go to share stories originating with any of these accounts will now see a pop-up message cautioning them against spreading “Russia state-controlled media.”
TikTok Has Blocked Russians From Covering Protests. Creators Feel Abandoned.
VICE
Sophia Smith Galer
TikTok users in Russia can no longer create new posts or view content from outside Russia. Creators who were livestreaming anti-war protests say they feel cut off from the world.
YouTube is making money off a false Ukraine-biolabs conspiracy theory that is tied to Russian disinformation and QAnon
Media Matters
Alex Kaplan
YouTube has been making money from videos pushing a false conspiracy theory about supposed biolabs in Ukraine, a claim that originated as part of a Russian disinformation effort and has become tied to supporters of the QAnon conspiracy theory.
Belarus conducted widespread phishing campaigns against Ukraine, Poland, Google says
The Washington Post
Joseph Menn
Belarus conducted widespread phishing attacks against members of the Polish military as well as Ukrainian officials, security researchers said Monday, providing more evidence that its role in Russia’s invasion of Ukraine has gone beyond serving as a staging area for Russian troops.
In the Ukraine Conflict, Fake Fact-Checks Are Being Used to Spread Disinformation
ProPublica
Craig Silverman and Jeff Kao
Researchers at Clemson University’s Media Forensics Hub and ProPublica identified more than a dozen videos that purport to debunk apparently nonexistent Ukrainian fakes. The videos have racked up more than 1 million views across pro-Russian channels on the messaging app Telegram, and have garnered thousands of likes and retweets on Twitter.
Intel chiefs, lawmakers wait for other shoe to drop on Russian cyberattacks against Ukraine
The Record by Recorded Future
Martin Matishak
U.S. intelligence leaders and House lawmakers on Tuesday signaled they remain on edge that Russia could unleash a digital salvo on the country, and its allies, as Moscow’s invasion of Ukraine escalates.
Crypto platform blocks thousands of Russia-linked wallets
BBC News
Crypto-currency trading platform Coinbase has blocked 25,000 wallet addresses related to Russia. The platform said the addresses were related to Russian individuals or entities it believed to have engaged in illicit activity. They outlined how the crypto exchange was complying with new rules imposed because of the Russia's invasion of Ukraine.
Australia
New sanctions on Russia as Australia seeks to counter Ukraine invasion misinformation
ABC News
Stephen Dziedzic
Australia has hit Russia with another round of sanctions targeting senior military officers, as well as state propagandists spreading "pro-Kremlin disinformation".
EU looks to Australia to hold big tech to account and protect children online
The Strategist
Julie Inman Grant
For seven years, eSafety, Australia’s independent regulator for online safety, has led the world when it comes to keeping people safer online, especially the protection of children. Global problems require global solutions and, of course, global cooperation. So, when a European Parliament delegation touched down in Sydney to learn about Australia’s unique approach to online safety regulation and child online protection, it marked a watershed moment in this global battle.
This bot will judge you in five questions at the first interview
Australian Financial Review
Yolanda Redrup
If you’re going for a job at Afterpay, Woolworths or Qantas, there’s one guaranteed commonality between all three experiences – your first interview is going to be with a bot.
China
Chinese companies that aid Russia could face U.S. repercussions, commerce secretary warns.
The New York Times
Ana Swanson
Gina Raimondo, the secretary of commerce, issued a stern warning Tuesday to Chinese companies that might defy U.S. restrictions against exporting to Russia, saying the United States would cut them off from American equipment and software they need to make their products.
USA
U.S. State Governments Hit in Chinese Hacking Spree
The Wall Street Journal
Dustin Volz
Hackers believed to be sponsored by the Chinese government have accessed computer systems in six U.S. state governments in a continuing espionage campaign that included the use of the widespread Log4J computer bug detected late last year, according to cybersecurity researchers.
FBI: Ransomware gang breached 52 US critical infrastructure orgs
Bleeping Computer
Sergiu Gatlan
The US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors.Three cybersecurity companies to offer free protection to U.S. hospitals and utilities amid concerns of hacking attacks
The Washington Post
Joseph Menn
While a growing number of U.S. companies are breaking business ties with Russia, three major cybersecurity companies are volunteering to protect U.S. utilities and hospitals free amid concerns about retaliatory hacks.
Biden to order studies on regulating, issuing cryptocurrency, sources say
Reuters
Andrea Shalal
US President Joe Biden is expected to sign a long-awaited executive order this week directing the Justice Department, Treasury and other agencies to study the legal and economic ramifications of creating a US central bank digital currency, a source familiar with the matter said on Monday.
Elon Musk tells SEC that preapproved tweets are 'unworkable'
Protocol
Sarah Roach
Musk has a track record of moving markets with his tweets — so much so that in 2018, securities regulators reached a deal with Elon Musk and Tesla that required Musk's tweets to be preapproved. But the SEC has been skeptical about whether Musk and Tesla are actually complying with those terms.
The Cyberspace Solarium Commission pushed some major policies into law. So what now?
CyberScoop
Tim Starks
A little more than a year removed from its role in advancing some of the most significant cybersecurity legislation ever enacted, the Cyberspace Solarium Commission is transforming into version 2.0 of itself.
2022 Annual Threat Assessment of the U.S. Intelligence Community
Office of the Director of National Intelligence
This annual report of worldwide threats to the national security of the United States responds to Section 617 of the FY21 Intelligence Authorization Act.
Poor tech, opaque rules, exhausted staff: inside the private company surveilling US immigrants
The Guardian
Johana Bhuiyan
BI claims it provides immigrant tracking and ‘high quality’ case management. A Guardian investigation paints a very different picture.
North Asia
These Campaigns Hope ‘Deepfake’ Candidates Help Get Out the Vote
The Wall Street Journal
Timothy W. Martin and Dasl Yoon
South Korean presidential front-runners court younger voters with avatars—who are wittier and more likable.
Europe
EU countries call for cybersecurity emergency response fund
Reuters
Foo Yun Chee
Telecoms ministers from the 27 EU countries want the European Commission to set up a cybersecurity emergency response fund to counter large-scale cyberattacks, citing the recent attacks against Ukraine, according to an EU document.
Big Tech
Google to Buy Cybersecurity Firm Mandiant in $5.4 Billion Deal
The Wall Street Journal
Will Feuer, Dustin Volz and David Uberti
Google said it reached a deal to buy cybersecurity company Mandiant for nearly $5.4 billion, aiming to bolster its cloud unit with more cybersecurity offerings at a time when businesses have seen a wave of attacks on their systems.
Apple Has to Try Hard Now
The New York Times
Shira Ovide
The tech giant used to give us only a few cool options. Now it has to work harder to win us over.
Twitter is looking for younger users. It’s turning to the tech world’s teen savant to help find them.
The Washington Post
Taylor Lorenz
Teenagers have flocked to TikTok in recent years, abandoning apps like Facebook and Instagram. Twitter is stuck somewhere in the middle. Despite its large cultural relevance, Twitter has repeatedly failed to gain mass adoption, and its forays into new formats like short-form video and live-streaming have flopped. But cultivating a young, hyper-engaged user base could be a key step toward becoming a platform as influential as its power users believe it to be.
Misc
Inside Conti leaks: The Panama Papers of ransomware
The Record by Recorded Future
Dina Temple-Raston
The ransomware group Conti has only been around for two years, but in that short time it has emerged as one of the most successful online extortion groups of all time. The group almost exclusively targets companies with more than $100 million in annual revenues, which, in turn, allows it to routinely extract multimillion-dollar ransom payments from its victims. The group seemed poised to continue in that vein until late last month, when it made a fatal mistake: it publicly supported Russia’s invasion of Ukraine. Within days, the gang’s internal Jabber/XMPP server – which carried their private messaging channel – was hacked, and two years of the group’s chat logs appeared on a new Twitter handle called @ContiLeaks.
Islam has a rich tradition around finance. Crypto is prompting new questions.
The Washington Post
Gerrit De Vynck
“Cryptocurrencies as commodities or digital assets are unlawful for trading because they have elements of uncertainty, wagering and harm,” Asrorun Niam Sholeh, head of religious decrees for the Indonesian council of Islamic scholars, told reporters in November after issuing a fatwa against using crypto. “It’s like a gambling bet.” Though no less devout, Tucker is part of a younger, tech-savvy vanguard arguing that crypto offers Muslims a viable alternative to the traditional financial system.
Reality Intrudes on a Utopian Crypto Vision
The New York Times
Eric Lipton and Ephrat Livni
American CryptoFed is a “decentralized autonomous organization” that is supposed to be steered automatically by computer code and governed by a community of users who vote on proposals with crypto tokens. To their proponents, these types of ventures, known as DAOs, are a new model for commerce, one that could democratize business enterprises and break the hold that Big Tech and other entrenched middlemen have over innovation in the information age. But they are also coming under fire from multiple angles, reflecting both the disruptive force of the crypto phenomenon and the struggle to prove its practical use beyond financial speculation.
What Is ‘Bigorexia’?
The New York Times
Alex Hawgood
A social media diet of perfect bodies is spurring some teenage boys to form muscle dysmorphia.
Events
The Sydney Dialogue: Who Works? The Crisis of Automation in the Indo-Pacific
The Sydney Dialogue
The world is undergoing the largest workforce transition since the industrial revolution, and the Indo-Pacific is at the epicentre of this shift. Post pandemic, public and private sector enterprises of all sizes are capitalising on improvements in productivity, efficiency, and profitability by accelerating the rate at which they are applying technology to automate and augment work with more machines doing the work once done by people. Watch on catch-up now.
Pandemic detection and surveillance data roundtable
Atlantic Council
A public roundtable presented by the GeoTech Center and SICPA featuring experts from the health industry, government, and civil society discussing solutions to help governments address major technological and data gaps plaguing variant identification and tracking.
Research
Jobs
The Sydney Dialogue - Director
ASPI ICPC
The Australian Strategic Policy Institute (ASPI) is currently recruiting for a Director to lead the second iteration of ASPI’s Sydney Dialogue - the world’s premier summit on emerging, critical and cyber technologies.
The Sydney Dialogue - Senior Events Coordinator
ASPI ICPC
The Australian Strategic Policy Institute (ASPI) is currently recruiting for an experienced events professional to coordinate the planning and logistics of the second iteration of ASPI’s Sydney Dialogue - the world’s premier summit on emerging, critical and cyber technologies.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice.
Important disclaimer: This digest is a daily collation of material designed to provide authoritative information and commentary in relation to the subject matters covered. The views expressed in this material are those of the authors only. To provide feedback please contact: icpc@aspi.org.au