U.S. to work with big tech & finance sector on new cybersecurity guidelines | fears loom over Afghanistan’s internet | China takes on its tech leaders

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

  • The U.S. government on Wednesday said it would work with industry to hammer out new guidelines to improve the security of the technology supply chain, as President Joe Biden appealed to private sector executives to "raise the bar on cybersecurity." Reuters

  • As the Taliban tighten their grip over Afghanistan, the militant group is setting its sights on a new target for conquest: the internet and the digital infrastructure which, for the past two decades, has allowed many Afghans access to free information. POLITICO

  • Over the last year, China has seen a struggle between state regulators and entrepreneurs as the government tries to bring technology companies increasingly in line with the goals of the Chinese Communist Party. Now some of China’s richest entrepreneurs have embraced philanthropy in a bid to stave off this unwelcome government attention. War on the Rocks

ASPI ICPC

China Takes on Its Tech Leaders
War on the Rocks
@fryan
Over the last year, China has seen a struggle between state regulators and entrepreneurs as the government tries to bring technology companies increasingly in line with the goals of the Chinese Communist Party. Now some of China’s richest entrepreneurs have embraced philanthropy in a bid to stave off this unwelcome government attention. China’s regulatory agencies had treated the country’s tech giants with a light touch for most of their history, favoring the pursuit of technological dominance and economic prosperity over the need to regulate their growing monopoly power. But that easy ride has come to an end. Tasked with “tackling monopolies” and “preventing disordered capital expansion,” the regulators have set their sights on a fundamental restructuring of the tech companies to ensure that they remain focused on technological innovation and align themselves even more closely with the strategic goals of the Chinese Communist Party.

World

Clearview AI Offered Free Facial Recognition Trials To Police All Around The World
BuzzFeed
@RMac18 @caro1inehaskins @Pequeno04
As of February 2020, 88 law enforcement and government-affiliated agencies in 24 countries outside the United States have tried to use controversial facial recognition technology Clearview AI, according to a BuzzFeed News investigation.

Australia

NSW Police monitor 1000 on ‘terrorism continuum’ as neo-Nazi risk grows
The Sydney Morning Herald
@fergushunter @Laura_R_Chung
"Mr Hudson warned of a new phase of extreme right-wing ideology and a proliferation of violent online sentiment” that could, without appropriate monitoring and intervention, lead to real-world violence."

China

TikTok Still Has Key Software Developers in China Despite Effort to Move Offshore
The Information
@JuroOsawa @amir @beijingscribe
TikTok has worked to separate its operations from Chinese owner ByteDance, particularly as foreign governments have scrutinized or punished the video app over fears that Beijing could hijack it for its own purposes. TikTok is incorporated in California; its CEO sits in Singapore; its chief information security officer is based in the U.S.; and the company says data on its hundreds of millions of users are stored on servers outside China. But TikTok’s ties to China remain deep: There are more algorithm engineers in China working on TikTok’s video recommendation engine than in any other international offices, according to people with knowledge of the matter. ByteDance also has China-based product managers, monetization experts and data analysts who all work on TikTok, and ByteDance’s Beijing office recently sought to hire a senior engineer to analyze TikTok’s user data.

  • ByteDance valuation soars despite China tech woes
    Nikkei Asia
    Ck Tan
    Valuations for ByteDance and Huawei Technologies have held up or even risen this year while the shares of many listed Chinese technology companies have tumbled amid Beijing's widening crackdown on the sector, according to a new ranking of the world's largest private sector companies.

  • Read more in our report - TikTok and WeChat.

Spies for Hire: China’s New Breed of Hackers Blends Espionage and Entrepreneurship
The New York Times
@paulmozur @ChuBailiang
The accusations appear to reflect an increasingly aggressive campaign by Chinese government hackers and a pronounced shift in their tactics: China’s premier spy agency is increasingly reaching beyond its own ranks to recruit from a vast pool of private-sector talent. This new group of hackers has made China’s state cyberspying machine stronger, more sophisticated and — for its growing array of government and private-sector targets — more dangerously unpredictable. Sponsored but not necessarily micromanaged by Beijing, this new breed of hacker attacks government targets and private companies alike, mixing traditional espionage with outright fraud and other crimes for profit.

SEC Chief Warns ‘Clock Is Ticking’ on Delisting Chinese Stocks
Bloomberg
Robert Schmidt Benjamin Bain
Securities and Exchange Commission Chair Gary Gensler has a warning for hundreds of Chinese companies that have raised billions of dollars in U.S. markets: Submit to more scrutiny soon or get kicked out.

China's government calls '996' schedule illegal
Protocol
@ZeyiYang
The "996" work culture — a 12-hour, six-day work schedule that had been popular among Chinese tech companies until recently — is a serious violation of Chinese labor law, according to China's Supreme People's Court and its Ministry of Human Resources and Social Security.

Chinese Police Kept Buying Cellebrite Phone Crackers After Cellebrite Said It Ended Sales
The Intercept
@MaraHvistendahl
But even after Cellebrite said it withdrew from China and Hong Kong, an Intercept investigation has found, police on the mainland continued to buy the company’s Universal Forensic Extraction Device, or UFED, products, which allow officers to break into phones in their possession and siphon off data. While Cellebrite did deregister its Chinese subsidiary earlier this year, it appears to have done little about the brokers that peddle its hacking technology. Chinese government procurement award notices and posts on resellers’ websites show that police have continued to purchase powerful Cellebrite software, while resellers have continued to provide updates for the software. In one case, a reseller reported delivering the Israeli company’s software to border guards in Tibet and demonstrating how it could be used to search people’s WeChat accounts.

USA

U.S. to work with Big Tech, finance sector on new cybersecurity guidelines
Reuters
@andrea_shalal
The U.S. government on Wednesday said it would work with industry to hammer out new guidelines to improve the security of the technology supply chain, as President Joe Biden appealed to private sector executives to "raise the bar on cybersecurity." At White House meetings with Biden and members of his Cabinet, executives from Big Tech, the finance industry and infrastructure companies said they would do more about the growing threat of cyber attacks to the U.S. economy.

New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them
CyberScoop
@snlyngaas
Jen Easterly, the new director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), wants to break that cycle, and spend less time putting out fires and more time preparing for incidents in an attempt to reduce their impact.

The Right Way to Structure Cyber Diplomacy
War on the Rocks
@natalierthom @Laura_K_Bate
Today, the State Department is once again confronting the challenge of how to organize itself to cope with new international challenges — not those of wartime, but ones created by rapid technological change. There are ongoing conversations about how the department should handle cyberspace policy, as well as concerns about emerging technologies like artificial intelligence, quantum computing, next generation telecommunications, hypersonics, biotechnology, space capabilities, autonomous vehicles, and many others.

Google brings Samsung 5G modem tech to U.S. market with new Pixel phone
Reuters
@StephenNellis @peard33
Google will tap Samsung Electronics Co Ltd to supply the 5G modem for its next flagship Pixel smart phone, sources familiar with the matter told Reuters, signaling the first win for the Korean firm in a U.S. market dominated by Qualcomm Inc.

Facebook Said to Consider Forming an Election Commission
The New York Times
@MikeIsaac @sheeraf
Facebook has approached academics and policy experts about forming a commission to advise it on global election-related matters, said five people with knowledge of the discussions, a move that would allow the social network to shift some of its political decision-making to an advisory body. The proposed commission could decide on matters such as the viability of political ads and what to do about election-related misinformation, said the people, who spoke on the condition of anonymity because the discussions were confidential. Facebook is expected to announce the commission this fall in preparation for the 2022 midterm elections, they said, though the effort is preliminary and could still fall apart.

White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending
CyberScoop
@timstarks
The Biden administration on Wednesday announced initiatives to bolster supply chain and natural gas pipeline security, following a White House private sector cybersecurity summit where major companies pledged billions of dollars in cyber spending. The National Institute of Standards and Technology will collaborate with industry to develop guidelines for building secure technology, in the first of two administration initiatives. In the other, the administration formally expanded its industrial control systems cybersecurity initiative — under which 150 electric utilities agreed to deploy control system security tech — to natural gas pipelines.

South and Central Asia

Fears loom over Afghanistan’s internet
POLITICO
@laurenscerulus
As the Taliban tighten their grip over Afghanistan, the militant group is setting its sights on a new target for conquest: the internet and the digital infrastructure which, for the past two decades, has allowed many Afghans access to free information.

India deploys facial recognition surveilling millions of commuters
Financial Times
@madhumita29
Indian Railways, one of the world’s busiest urban rail systems, has deployed a network of almost 500 facial recognition cameras to track millions of daily commuters, as the Indian government increases its surveillance efforts. The system, developed by Russian start-up NtechLab, has been live for the past month at 30 railway stations in the densely populated western states of Gujarat and Maharashtra, including the city of Mumbai. The latter’s suburban trains carry more than 7m passengers daily.

Afghan all-girl robotics team members, journalists land in Mexico
Reuters
@kjspeakstruth @chitalomericano
Five members of an all-girl Afghan robotics team and more than a hundred media workers have arrived in Mexico, fleeing an uncertain future at home after the recent collapse of the U.S.-backed government and takeover by the Taliban militant group.

Europe

German Election Misinformation Tracker
NewsGuard
@Marie_E_Richter @FlorianMeissner @mskibinski
In September 2021, Germany will elect a new Bundestag. Its members in turn elect a new chancellor and thus — for the first time in 16 years — a new head of government. As became apparent during and in the wake of the US presidential elections in November 2020, national elections are a fertile growing ground for misinformation… On this page, NewsGuard’s team of journalists is tracking the top myths related to the Bundestagswahl 2021 that have appeared on websites rated by NewsGuard and cataloguing the number of websites spreading those myths.

Russia

The Curious Omission in Russia’s New Security Strategy
Defense One
David Shedd @ivanastradner
After spending most of 2021 unleashing cyberattacks on a range of Western nations, Russia recently released its new National Security Strategy, or NSS, a consequential document in which the word “cyber” is conspicuously absent. The omission is not a matter of translation—it’s strategic. It is high time U.S. policymakers began to understand what Russia’s curious word choice reveals about its cyber schemes.

Middle East

Trial & Error in Kuwait
CyberScoop
@snlyngaas
Gulf Bank executives, who had tried to keep information about the incident tightly held, would file a complaint against Aldoub under Kuwait’s cybercrime and telecommunications laws — and the public prosecutor would take up a criminal investigation. Aldoub would go on to delete the messages, but the bank seemed bent on proving that he had smeared its reputation by posting about the incident. Under Kuwait’s cybercrime law, plaintiffs can bring charges against those who “disclose secrets that would harm the reputation of persons, or their worth, or their commercial names.”

Israel’s Spy Agency Snubbed the U.S. Can Trust Be Restored?
The New York Times
@julianbarnes @ronenbergman @adamgoldmanNYT
In his meeting with Mr. Biden, Mr. Bennett’s hand will be strengthened by the fact that the United States has become more dependent on Israel for information on Iran. The United States has other sources of information, including electronic eavesdropping by the National Security Agency, but it lacks the in-country spy network Israel has.

Africa

China seeks to expand influence in Africa with more digital projects
South China Morning Post
@_szheng
China said it would step up digital cooperation and investments in Africa, as Beijing seeks to deepen its influence on the continent alongside its pledges for trade, infrastructure and Covid-19 vaccines. At a time when the US is also seeking to reinvigorate its trade and investment with Africa, assistant foreign minister Deng Li told a virtual forum on Tuesday that China would boost its partnership with African nations in areas such as the digital economy, smart cities and 5G networks.

Misc

The Role of Online Communities in Supporting 3D-Printed Firearms
Global Network on Extremism & Technology
@MiottoNicolo
The Halle shooting constituted the first use of partially 3D-printed guns in a terrorist attack, shedding a light on the disruptive potential of this technology. The case of Balliet is still unique. However, multiple violent actors, ranging from jihadi groups like Hamas to far-right organisations such as the Atomwaffen Division, are expressing their interest in this cutting-edge technology.

Accountability for illegal surveillance by spyware
CyberPeace Institute
@JordanKlara
To achieve accountability for abuses of human rights and fundamental freedoms due to the use of spyware, there has to be public attribution, by a government, to those who ordered or sanctioned the deployment of such tools. The government has to rely on its investigative and judicial capabilities, analysis of geopolitical events and particular timing of triggering events, in addition to forensic evidence, to link the deployment of the spyware on a device to a particular individual, group or state.

Research

How Politics, Generation, News Use, and Time Online Play Into Attitudes About Anonymity
Center for Media Engagement
Craig R. Scott Karen E. Schlag
Anonymity has become an increasingly common aspect of everyday society, appearing in the form of anonymous leaks and unnamed media sources, anonymous chat rooms, undisclosed political donors, and even groups like “QAnon” and “Anonymous.” Use of anonymous communication can be controversial amid tensions between the desire to hold people accountable for their communicative behaviors and the desire to protect people from unjust retaliation when they do speak.

Headline or Trend Line?
Center for Security and Emerging Technology
@RitaKonaev @Andrew_Imbrie @RyanFedasiuk @emily_sw1 Katerina Sedova James Dunham
Chinese and Russian sources are keen to publicize their “comprehensive strategic partnership of coordination for the new era,” potentially underscoring the seriousness of their joint ambitions. Yet the scale and scope of this emerging partnership deserve closer scrutiny, particularly in the field of AI.

Events

ASPI Webinar: Cybersecurity, critical technologies and energy: Japan and its role in the Indo-Pacific
ASPI ICPC
Tokyo is becoming more vocal in calling out cyber risks and threat actors. Just this year, Japan called out the Chinese Communist Party for malicious cyber attacks, the only country in Asia to do so. In September, the Japanese Government is expected to present their new national cybersecurity strategy. At the same time, Japan is pursuing ‘Society 5.0’, the country's national vision for a digital nation, which seeks to harness technologies such as artificial intelligence, robotics, internet of things, synthetic biology, quantum to tackle social issues including the country’s ageing population, pollution, productivity and sustainable energy. Join the Director of ASPI’s International Cyber Policy Centre Fergus Hanson on Monday 30 August at 1pm, for an online panel discussion on Japan's approach to cyber issues, technology, digital innovation and energy transition.

Jobs

ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.

Share