US to fund Pacific undersea cable after Huawei bid rejected | Germany to invest billions to revive European semiconductor industry | Australian Medicare app flaw allows fake COVID vaccine certificates
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Two sources with knowledge of the plans said [the Federated States of Micronesia] (FSM) would use U.S. funds to construct a line between two of its four states, Kosrae to Pohnpei, replicating part of a route proposed under a previous $72.6 million project backed by the World Bank and Asian Development Bank. One source told Reuters that FSM would draw around $14 million from the American Rescue Plan, a U.S. facility created by President Joe Biden to distribute funds both at home and abroad to combat the health and economic impacts of the COVID-19 pandemic. Reuters
The German government intends to invest around €3 billion to reclaim production sites along the entire value chain of semiconductor production. This initiative is primarily motivated by the worldwide semiconductor supply shortage resulting in production losses across the industry. For years, the manufacturing of semiconductors in Europe has been on the decline compared to production in the rest of the world. Europe’s share dropped from 35% in 1990 to a current meagre 9%. The European Commission now wants to reverse this trend. EURACTIV
A flaw has been discovered in the Express Plus Medicare app that allows people to fake their Covid vaccination certificates in under 10 minutes. The certificate has a digital animation behind it, which is designed to prevent people presenting fake versions, but Sydney software engineer Richard Nelson discovered he was able to exploit a security flaw in the app and provide it with fake vaccine information that looked identical to the real thing. The Guardian
ASPI ICPC
The U.S. Intelligence Model Is Dangerously Behind the Times
The Dispatch
@WeifengZhong
Satellite images helped the Australian Strategic Policy Institute locate Chinese factories that were using Uyghur forced labor. Thanks to amateur sleuths, law enforcement arrested January 6 Capitol attackers, the world learned that COVID-19 may have potentially originated from Wuhan’s virology lab, and criminal cold cases have been solved where police failed. A foreign regime’s propaganda also contains mineable intelligence; their publicly available words, while clearly not secrets, are windows into their minds.
World
Facebook Apologizes After A.I. Puts ‘Primates’ Label on Video of Black Men
The New York Times
@RMac18
Facebook users who recently watched a video from a British tabloid featuring Black men saw an automated prompt from the social network that asked if they would like to “keep seeing videos about Primates,” causing the company to investigate and disable the artificial intelligence-powered feature that pushed the message. On Friday, Facebook apologized for what it called “an unacceptable error” and said it was looking into the recommendation feature to “prevent this from happening again.”
Amazon is planning more aggressive moderation of its hosting platform AWS
The Verge
@russellbrandom
Amazon has long maintained an Acceptable Use Policy for AWS, which forbids using the service for computer intrusions, spam, or the promotion of violence or other crimes. But enforcement of those terms has been largely reactive, often relying on external user reports to identify prohibited content. While the policy itself will not change, the aggressive enforcement approach will put AWS in the same category as major platforms like Facebook and YouTube.
Australia
Medicare app flaw means vaccine certificates can be faked in less than 10 minutes
The Guardian
@joshgnosis
The certificate has a digital animation behind it, which is designed to prevent people presenting fake versions, but Sydney software engineer Richard Nelson discovered he was able to exploit a security flaw in the app and provide it with fake vaccine information that looked identical to the real thing.
The need for an Australian Government Vulnerability Disclosure Policy
Richard Nelson
@wabzqem
After I discovered how trivial it was to convince the medicare app to display a valid-looking COVID-19 vaccine certificate, I wanted to get in touch with Services Australia (the Express Plus Medicare app falls under them) and discuss. This was really, really hard.
Australia COVID: Police using QR check-in data to solve crimes
The Sydney Morning Herald
@Gallo_Ways
The nation’s privacy watchdog has called for police forces to be banned from accessing information from QR code check-in applications after law enforcement agencies have sought to use the contact-tracing data on at least six occasions to solve unrelated crimes. There are also growing calls from backbench MPs and civil liberties groups to phase out the compulsory check-in applications once the worst of the COVID-19 pandemic is over.
China
China’s SMIC to Build $8.87 Billion Chip Production Line in Shanghai
The Wall Street Journal
@stephanieayang
Semiconductor Manufacturing International Corp., China’s largest chip maker, said it is teaming up with the Shanghai government to build an $8.87 billion chip production line in the city, furthering China’s ambitions for semiconductor self-sufficiency in the middle of a global chip shortage.
Alibaba Pledges $15.5 Billion as Chinese Companies Extol Beijing’s ‘Common Prosperity’ Push
The Wall Street Journal
Alibaba Group Holding Ltd. vowed to spend the equivalent of $15.5 billion fostering social equality, becoming the latest big Chinese company to take up Beijing’s drive for what it calls “common prosperity.” Businesses and individual entrepreneurs are in some cases pledging billions of dollars to good causes, and companies have quickly adopted the newly popular slogan, as they seek to stay on the right side of President Xi Jinping’s government amid a series of corporate crackdowns.
FBI says Chinese authorities are hacking US-based Uyghurs
TechCrunch
@CarlyPage_
The FBI has warned that the Chinese government is using both in-person and digital techniques to intimidate, silence and harass U.S.-based Uyghur Muslims. The Chinese government has long been accused of human rights abuses over its treatment of the Uyghur population and other mostly Muslim ethnic groups in China’s Xinjiang region. More than a million Uyghurs have been detained in internment camps, according to a United Nations human rights committee, and many other Uyghurs have been targeted and hacked by state-backed cyberattacks. China has repeatedly denied the claims. In recent months, the Chinese government has become increasingly aggressive in its efforts to shut down foreign critics, including those based in the United States and other Western democracies. These efforts have now caught the attention of the FBI.
Beijing’s City Government Seeks to Take Didi Under State Control
Bloomberg
Beijing’s municipal government has proposed an investment in Didi Global Inc. that would give state-run firms control of the world’s largest ride-hailing company, according to people familiar with the matter. Under the preliminary proposal, Shouqi Group -- part of the influential Beijing Tourism Group -- and other firms based in the capital would acquire a stake in Didi, the people said, asking not to be identified discussing private information. Scenarios under consideration include the consortium taking a so-called “golden share” with veto power and a board seat, they added.
The Rare Earth Myth
SupChina
@changxche
Eighty-five miles east of El Paso, the global contest for technological supremacy sounds like the din of diesel engines. Countries around the world, from the U.S. to Japan to the E.U., are seeking their own metallic ores independent from the world’s largest producer of rare earth metals: China. As tensions between the U.S. and China rise, rare earths have come to represent the China threat in sedimentary form.
China's Video-Game Crackdown Gives America an Edge
Bloomberg
@firstadopter
China is not a fan of video games. Earlier this week, a government agency announced new rules that would restrict the time that minors’ can play online games to about three hours a week — down drastically from a prior limit of roughly 10 hours. Beijing has said the constraints were imposed to protect its youth from becoming addicted to gaming and getting distracted from their studies. But are games really so dangerous to young minds?
China's Tech Crackdown Could Make US Regulation More Likely
TIME
@billyperrigo
In the latest sign that the unfettered growth enjoyed by China’s tech giants is coming to an end, Beijing has unveiled a raft of new regulations that reasserts the ruling Chinese Communist Party’s authority over every aspect of its citizens’ digital lives.
USA
McCarthy Threatens Technology Firms That Comply With Riot Inquiry
The New York Times
@lukebroadwater
Representative Kevin McCarthy, the House Republican leader, has threatened to retaliate against any company that complies with the congressional committee investigating the Jan. 6 riot, after the panel asked dozens of firms to preserve the phone and social media records of 11 far-right members of Congress who pushed to overturn the results of the 2020 election.
US govt warns orgs to patch massively exploited Confluence bug
Bleeping Computer
@serghei
US Cyber Command (USCYBERCOM) has issued a rare alert today urging US organizations to patch a massively exploited Atlassian Confluence critical vulnerability immediately. "Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate," said Cyber National Mission Force (CNMF). The USCYBERCOM unit also stressed the importance of patching vulnerable Confluence servers as soon as possible: "Please patch immediately if you haven’t already— this cannot wait until after the weekend."
STRATCOM Commander Warns Of China-Russia Coordination; Report Details AI Collaboration
Breaking Defense
@BradCyberWriter
Today, China and Russia are cooperating on numerous fronts, perhaps most notably on energy issues. But the two countries appear to be testing the waters for broader partnerships, ranging from military and economic to scientific and technological.
Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role
Bloomberg
@jordanr1000
Days before Christmas in 2015, Juniper Networks Inc. alerted users that it had been breached. In a brief statement, the company said it had discovered “unauthorized code” in one of its network security products, allowing hackers to decipher encrypted communications and gain high-level access to customers’ computer systems. More than five years later, the breach of Juniper’s network remains an enduring mystery in computer security, an attack on America’s software supply chain that potentially exposed highly sensitive customers including telecommunications companies and U.S. military agencies to years of spying before the company issued a patch.
Amazon, Google, Microsoft, and other tech companies are in a 'frenzy' to help ICE build its own data-mining tool for targeting unauthorized workers
Business Insider
@caro1inehaskins
Amazon, Google, and Microsoft have shown interest in working on a system being developed by Immigration and Customs Enforcement that targets people not authorized to work in the US by mining social-media information, and processing surveillance footage and biometric data, according to interviews and documents obtained by Insider.
Crypto’s Rapid Move Into Banking Elicits Alarm in Washington
The New York Times
@EricLiptonNYT @el72champs
BlockFi, a fast-growing financial start-up whose headquarters in Jersey City are across the Hudson River from Wall Street, aspires to be the JPMorgan Chase of cryptocurrency. It offers credit cards, loans and interest-generating accounts. But rather than dealing primarily in dollars, BlockFi operates in the rapidly expanding world of digital currencies, one of a new generation of institutions effectively creating an alternative banking system on the frontiers of technology.
North Asia
Japan's new Digital Agency prepares for daunting task of overhauling tech policy
Japan Times
Kazuaki Nagata
Japan may have a reputation for cutting-edge technology, but anyone who has lived here knows that digital services in the country are often rigid, antiquated and slow to change — especially in the public sector. The country has proved it again amid the coronavirus pandemic: Failures range from major glitches with a government-backed COVID-19 contact tracking app to the delayed distribution of cash handouts due to inefficient online application systems.
Japan launches agency to undo 'digital defeat': 5 things to know
Nikkei Asia
@wata_suzu
Japan's Digital Agency, a new government body aimed at upgrading online services and infrastructure in the public sector, begins work on Wednesday. When Prime Minister Yoshihide Suga announced the move about a year ago, he called it a "pillar of the new growth strategy."
Taiwan aiming to set up ministry of digital development next year
Focus Taiwan
Lee Hsin-Yin
Taiwan's Cabinet has put forth a plan to establish a ministry of digital development next year, to improve information security and encourage related industrial growth, Minister without Portfolio Kuo Yau-hwang said Thursday. Kuo, who has been assigned to head the effort, said Premier Su Tseng-chang wants to see portfolios such as telecommunications, information security, and internet communications brought under one ministry.
South-East Asia
Singtel joint venture to sell 4,000 telco towers in Indonesia for $580 million
The Straits Times
Claudia Tan
Singtel said its joint-venture company, Telekomunikasi Selular (Telkomsel) has entered into a sale-and-purchase agreement for the sale of 4,000 telecommunication towers to Dayamitra Telekomunikasi (Mitratel) for 6.2 trillion rupiah (S$580 million).
New Zealand & The Pacific
U.S. funding tapped for Pacific undersea cable after China rebuffed
Reuters
@barrett_ink
The Federated States of Micronesia will tap a U.S. funding facility to construct a Pacific undersea communications cable, two sources told Reuters, after rejecting a Chinese company-led proposal that was deemed a security threat by U.S. officials. The United States has taken great interest in several plans in recent years to lay optic fibre cables across the Pacific, projects that would bring vastly improved communications to island nations.
After Stabbing Attack, New Zealand Examines Its Antiterrorism Efforts
The New York Times
Natasha Frost
A man who wounded seven people in a supermarket had been under surveillance for months. Officials say a loophole in the country’s laws needs to be closed.
South and Central Asia
Google locks Afghan government accounts as Taliban seek emails
Reuters
@razhael
Google has temporarily locked down an unspecified number of Afghan government email accounts, according to a person familiar with the matter, as fears grow over the digital paper trail left by former officials and their international partners.
UK
GCHQ uses social media in place of ‘tap on the shoulder’ to recruit cyber spies
Evening Standard
Jamie Harris
GCHQ has turned to social media in place of the traditional “tap on the shoulder” approach as part of its biggest ever recruitment drive for cyber operations. The agency’s cyber spies have been allowed to lift the lid on their roles in the first-ever Reddit and Instagram Q&A sessions, in a bid to attract more creative people with a Stem (science, technology, engineering and mathematics) degree, from diverse backgrounds.
Europe
Germany to invest billions to bring semiconductor production back to Europe
EURACTIV
@noyan_oliver
As part of a major European project, Germany wants to invest several billion euros into bringing semiconductor production back to Europe, with the aim of strengthening German and European technological sovereignty. To promote the expansion of microelectronics in Germany, Economy Minister Peter Altmaier held talks with 50 representatives of the European and international semiconductor industry on Wednesday (1 September) to encourage them to invest in Germany by presenting them with a support package.
Ericsson CEO vows to fight for Chinese presence
Telecoms
@scottbicheno
Börje Ekholm, CEO of Swedish kit vendor Ericsson, is determined not to throw in the towel over China despite geopolitical forces working against him.
Middle East
Undercurrents: Politics in Lebanon, and the rise of digital repression
Chatham House
@SteveJFeldstein @BenRHorton @LinaKhatibUK Mariana Vieira
Amidst severe governance challenges, Hezbollah has risen to become the dominant political actor in Lebanon. In this episode, Mariana is joined by Dr Lina Khatib to discuss the dynamics underlying the Lebanese political system, and how a series of crises have affected the balance of power in the country. Then Ben explores how digital technologies are enabling state repression in both authoritarian and liberal states in conversation with Dr Steven Feldstein.
Misc
Wellness Mommy Bloggers and the Cultish Language They Use
Harper's Bazaar
@slouisepetersen
By employing certain words and phrases, social media-savvy mothers are able to create insulated online environments and ultimately spread dangerous misinformation.
Meet the Self-Hosters, Taking Back the Internet One Server at a Time
VICE
John Kehayias
Tired of Big Tech monopolies, a community of hobbyists is taking their digital lives off the cloud and onto DIY hardware that they control.
Bitcoin Uses More Electricity Than Many Countries. How Is That Possible?
The New York Times
Jon Huang Claire O’Neill Hiroko Tabuchi
In the process of simply existing, cryptocurrencies like Bitcoin, one of the most popular, use astonishing amounts of electricity. We’ll explain how that works in a minute. But first, consider this: The process of creating Bitcoin to spend or trade consumes around 91 terawatt-hours of electricity annually, more than is used by Finland, a nation of about 5.5 million.
Events
Bridging the divide: Technology and inclusion in the Asia-Pacific
Chatham House
As Asia-Pacific emerges from COVID-19, experts consider how policymakers can harness technology for inclusive economic growth.
WEBINAR 9 SEPTEMBER 2021 — 12:00PM TO 1:00PM ONLINE
Inclusive cybercrime policymaking: an online training programme for civil society
Chatham House
Join Chatham House for this online training programme for civil society around the world to equip civil society organizations with substantive knowledge on cybercrime and help create a common understanding on key issues.
18 OCTOBER 2021 TO 28 OCTOBER 2021 — 12:00PM TO 1:30PM ONLINE
Research
The lobby network: Big Tech's web of influence in the EU
Corporate Europe Observatory
As Big Tech’s market power has grown, so has its political clout. Just as the EU tries to rein in the most problematic aspects of Big Tech – from disinformation, targeted advertising to excessive market power – the digital giants are lobbying hard to shape new regulations.
Jobs
New ICPC Program on Critical Technologies - 3 positions
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for three exceptional and experienced senior analysts and analysts to join its large team from October 2021. These new roles will focus on original research, analysis and stakeholder engagement centred around international critical technology development, including analysis of which countries are leading on what technologies.
ICPC Pacific Islands Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has an outstanding opportunity for a talented and proactive Pacific Islands analyst who will work with the Centre’s information operations and disinformation program. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by actors in the Pacific Islands region. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies. Candidates must have a demonstrated background in, and strong knowledge of, the Pacific Islands region, including the region’s digital, media and social media landscape.
ICPC Analyst & Project Manager - Coercive diplomacy
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an Analyst and Project Manager to manage, and help lead, a project on coercive diplomacy in the Indo-Pacific region. This new role will focus on analysis, workshops and stakeholder engagement centred around coercive diplomacy, including how countries in the Indo-Pacific can work together to tackle this complicated policy challenge. Candidates must have excellent coordination, project management and stakeholder engagement skills.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.