US warns of increased China aid to Russia | Tech giants' data harvesting for A.I. raises legal and ethical concerns | Japan to join AUKUS 'Pillar 2' in defense technology sharing pact
Good morning. It's Monday 8th April.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Follow us on Twitter and on LinkedIn.
The US warned allies of China's increased support for Russia in the Ukraine conflict, including sharing geospatial intelligence and other resources. China-Russia trade reached $240 billion in 2023. Blinken briefed European allies on the issue and urged actions against Chinese entities. Yellen warned of consequences for companies aiding Russia's military industry. Russia boosted arms production as Ukraine faced shortages. Bloomberg
Tech giants like OpenAI, Google, and Meta have aggressively pursued data collection, bending rules and potentially violating copyright laws to train their A.I. systems. OpenAI's Whisper transcribed over a million hours of YouTube videos, Google expanded data usage terms, and Meta explored acquiring publishing houses. The New York Times
Japan is set to join the AUKUS agreement's second pillar, expanding the defence technology-sharing pact with Australia, the UK, and the US, with an announcement expected soon as Prime Minister Fumio Kishida prepares to visit Washington. ABC News
World
Japan to take part in AUKUS 'Pillar 2', America's ambassador to Japan tells Wall Street Journal
ABC News
Stephen Dziedzic
Japan is set to participate in the second pillar of the AUKUS pact with Australia, the United Kingdom and United States in the first expansion to date of the defence technology-sharing arrangement. Australia is working to develop nuclear-powered submarines under "Pillar 1" of AUKUS, utilising US and UK technology. But there has been persistent speculation that Japan will at some point join "Pillar 2" of AUKUS, which is being used as a mechanism for all three countries to share advanced defence technologies across a range of fields including quantum technology, hypersonic missiles and artificial intelligence.
Japan, U.S., Philippines to cooperate in clean energy, chips: Kishida
Nikkei Asia
Japan, the U.S. and the Philippines will work together in areas such as semiconductors, digitalization, communication networks, clean energy and critical minerals, Japanese Prime Minister Fumio Kishida told Nikkei ahead of a historic three-way summit in Washington next week. Kishida said in an exclusive interview on Thursday that the world is entering a "new phase" and Japan needs to show a bigger presence and "take greater responsibility" to provide options for countries in Southeast Asia such as the Philippines.
Australia
Australian Secret Intelligence Service AI fears and how it’ll aid investigations
The Australian
Joseph Lam
Australia’s secret service says applying artificial intelligence at the earliest stages of an investigation could be the key to finding a “needle in a haystack”. It also recognises that it might not be set up to simply retrofit the technology and like many others, it will need to spend on new teams to implement it safely. As with most Australian organisations, AI has become a priority but its full value is still being tested – and in the Australian Secret Intelligence Service, its outcome could prove devastating.
ATO in stand-off with US tech giants over software tax grab
The Sydney Morning Herald
Colin Kruger
The Australian Taxation Office is in a stand-off with the US trade agencies and tech giants over plans to tax billions of dollars’ worth of software transactions for the first time – a move that the US Treasury has warned could trigger a treaty dispute between the two countries. The issue arose because software is no longer sold in a box with manuals – the transaction is now all digital. As a result, the Tax Office has been developing a new ruling on payments for software, focusing on what it sees as the substance of what consumers pay for: intellectual property.
A practical agenda for India-Australia semiconductor collaboration
The Strategist
Nadia Court and Pranay Kotasthane
With the global semiconductor supply chain under strain, India and Australia have a timely opportunity to strengthen their partnership in the critical sector. Both recognise the strategic importance of developing domestic semiconductor capabilities. As Quad members, they are also a part of the Quad Semiconductor Supply Chain Initiative, which seeks to ‘map capacity, identify vulnerabilities, and bolster supply-chain security for semiconductors and their vital components.’
Initial access brokers are the latest cybercriminals targeting Australians. Here's how they work
ABC News
Danny Tran
In some ways, the newest cybercriminals attacking Australia are a lot like real estate agents. It's all about location, location, location. Marketing is key, of course, and so is plenty of stock. And, like the housing market, there's plenty of money to be made. A big difference is that when real estate agents hand over the keys, it's not a crime. Known as initial access brokers, this emerging class of hackers use their specialist skills to break into businesses and then sell usernames and passwords — the keys, so to speak — to ransomware gangs on the dark web.
China
China Providing Geospatial Intelligence to Russia, US Warns
Bloomberg
Alberto Nardelli and Jennifer Jacobs
The US is warning allies that China has stepped up its support for Russia, including by providing geospatial intelligence, to help Moscow in its war against Ukraine. Amid signs of continued military integration between the two nations, China has provided Russia with satellite imagery for military purposes, as well as microelectronics and machine tools for tanks, according to people familiar with the matter.
China’s EV battery sector has an Achilles’ heel
The Strategist
Grant Wilson
To make a good battery, you need fluorine, an element that is sourced from the mineral fluorspar. That presents a looming problem for China and its considerable efforts to dominate the global electric vehicle industry. The country is the dominant producer and consumer of fluorspar, but it’s rapidly running down its reserves. So, among the many critical minerals worth watching, this one is a standout.
Linwei Ding was a Google software engineer. He was also a prolific thief of trade secrets, say prosecutors.
NBC News
Ken Dilanian and Anna Schecter
Though he lived in Silicon Valley, Linwei Ding spent months at a time in his native China, according to court papers. Nothing unusual about that — except that he was supposed to be working full time as a software engineer in Google’s San Francisco-area offices. Court records say he had others badge him into Google buildings, making it appear as if he were coming to work. In fact, prosecutors say, he was marketing himself to Chinese companies as an expert in artificial intelligence — while stealing 500 files containing some of Google’s most important AI secrets.
AI chips for China face additional US restrictions
The Diplomat
Rajeswari Pillai Rajagopalan
China has criticized the latest round of new rules by saying that it will “disrupt the international semiconductor market as well as cooperation among enterprises. In late March, the Biden administration released revised rules that will further tighten China’s access to U.S. artificial intelligence chips and chip-making tools. The U.S. imposed a series of export control measures first in October 2022 with the goal of restricting China’s access to advanced AI chips made with U.S. inputs.
China is targeting U.S. voters and Taiwan with AI-powered disinformation
The Wall Street Journal
Dustin Volz
Online actors linked to the Chinese government are increasingly leveraging artificial intelligence to target voters in the U.S., Taiwan and elsewhere with disinformation, according to new cybersecurity research and U.S. officials. The Chinese-linked campaigns laundered false information through fake accounts on social-media platforms, seeking to identify divisive domestic political issues and potentially influence elections. The tactics identified in a new cyber-threat report published Friday by Microsoft are among the first uncovered that directly tie the use of generative AI tools to a covert state-sponsored online influence operation against foreign voters.
USA
U.S. seeks to 'integrate' Japan into defense industrial base
Nikkei Asia
Ken Moriyasu
U.S. President Joe Biden and Japanese Prime Minister Fumio Kishida are expected to agree to bolster defense industrial cooperation at their summit here on April 10, a U.S. government source told Nikkei Asia. The cooperation will not be limited to repairing U.S. naval ships at Japanese private shipyards but will also envision the co-development and co-production of munitions, planes and ships in the future.
Meta expands AI labeling policies as 2024 presidential race nears
The Washington Post
Naomi Nix
Meta will expand its labeling of artificial intelligence-generated content amid widespread concern that a rise in “deepfake” posts will mislead social media users. The company said Friday that it will apply “Made with AI” labels to a range of video, audio and images. Meta’s previous policies against manipulated media, which were written in 2020 before the tech industry’s AI boom, only applied to video content.
North Asia
S. Korea to chair first UN Security Council meeting with focus on cyber threats
The Korea Herald
Ji Da-gyum
South Korea is poised to chair a UN Security Council meeting on cybersecurity on Thursday to shed light on the repercussions of cyber threats and malicious cyber activities, including North Korea's sanctions-busting maneuvers in cyberspace, on international peace and security. The chairing of South Korea's first Arria-formula meeting — an informal gathering convened by a Security Council member or members — represents a significant milestone for Korea since assuming its position as a non-permanent member of the Security Council in January.
Japan PM Kishida visits TSMC's Kumamoto chip plant
Nikkei Asia
Mayumi Hirosawa
Japanese Prime Minister Fumio Kishida visited Taiwan Semiconductor Manufacturing Co.'s production complex in Kumamoto prefecture on Saturday, touring a site where Japan plans to spend more than 1.2 trillion yen ($7.9 billion) in subsidies. TSMC's first chip plant, the first in the country, went operational in February. The world's top contract chip manufacturer plans to bring a second plant, which will produce advanced 6-nanometer chips, online by the end of 2027.
Japan spaceport, AI disinformation on agenda as U.S. summit nears
Nikkei Asia
Ryuto Imao, Shimpei Kawajam and Kohei Sakai
Cooperation on building a spaceport in Japan to launch American rockets and stronger collaboration to fight disinformation generated by artificial intelligence are among the issues to be discussed in conjunction with Wednesday's bilateral summit in Washington.
Europe
Germany announces military overhaul with eye on cyber threats
Reuters
Germany's defence minister announced a restructuring of the military on Thursday, including a new central command and a dedicated branch for cyber space, furthering a Bundeswehr overhaul launched in response to Russia's invasion of Ukraine. "No one should have the idea of attacking us as a NATO territory. We have to convey this credibly and truthfully," Boris Pistorius told a press conference in Berlin.
US and EU commit to links aimed at boosting AI safety and risk research
TechCrunch
Natasha Lomas
The European Union and United States put out a joint statement Friday affirming a desire to increase cooperation over artificial intelligence. The agreement covers AI safety and governance, but also, more broadly, an intent to collaborate across a number of other tech issues, such as developing digital identity standards and applying pressure on platforms to defend human rights.
NZ & Pacific Islands
‘An attack on the reputation of Palau’: officials question who was really behind ransomware incident
The Record by Recorded Future
Jonathan Greig
Government employees on the island of Palau came into work on March 14 and booted up their computers like any other day. But when the Windows screens wouldn’t load they called up IT. They quickly discovered two separate ransom notes: one on a sheet of paper in the printer from the LockBit ransomware gang and one in a README text file put alongside Palau’s encrypted documents from the DragonForce ransomware gang.
Middle East
Top Israeli spy chief exposes his true identity in online security lapse
The Guardian
Harry Davies and Bethan McKernan
The identity of the commander of Israel’s Unit 8200 is a closely guarded secret. He occupies one of the most sensitive roles in the military, leading one of the world’s most powerful surveillance agencies, comparable to the US National Security Agency. Yet after spending more than two decades operating in the shadows, the Guardian can reveal how the controversial spy chief – whose name is Yossi Sariel – has left his identity exposed online.
Elon Musk's X pushed a fake headline about Iran attacking Israel. X's AI chatbot Grok made it up.
Mashable
Matt Binder
A shocking story was promoted on the "front page" or main feed of Elon Musk's X on Thursday: "Iran Strikes Tel Aviv with Heavy Missiles," read the headline. But, there was one major problem: Iran did not attack Israel. The headline was fake. Even more concerning, the fake headline was apparently generated by X's own official AI chatbot, Grok, and then promoted by X's trending news product, Explore, on the very first day of an updated version of the feature.
Gender & Women in Tech
Why I’m yet another woman leaving the tech industry
Fortune
Chelsey Glasson
The terminal factor in my decision to retire from tech work was experiencing Google spending what likely added up to millions of dollars fighting my pregnancy discrimination lawsuit. Despite promises to change its broken system of handling reports of sexual harassment and discrimination in recent years, the company, in my view, chose to act like many companies do in spending big money to cover up misconduct. About two years ago, Google reached a settlement in my case. With my lawsuit against the tech giant concluded, my days of drinking the corporate Kool-Aid are over; I can no longer overlook the issues I was once able to easily ignore. The contrast between how many tech companies talk about diversity and inclusion and how they act internally has left me permanently jaded.
Artificial Intelligence
How tech giants cut corners to harvest data for A.I.
The New York Times
Cade Metz, Cecilia Kang, Sheera Frenkel, Stuart A. Thompson and Nico Grant
In late 2021, OpenAI faced a supply problem. The artificial intelligence lab had exhausted every reservoir of reputable English-language text on the internet as it developed its latest A.I. system. It needed more data to train the next version of its technology — lots more. So OpenAI researchers created a speech recognition tool called Whisper. It could transcribe the audio from YouTube videos, yielding new conversational text that would make an A.I. system smarter. Some OpenAI employees discussed how such a move might go against YouTube’s rules, three people with knowledge of the conversations said.
YouTube says OpenAI training Sora with its videos would break rules
Bloomberg
Davey Alba and Emily Chang
The use of YouTube videos to train OpenAI’s text-to-video generator would be an infraction of the platform's terms of service, YouTube Chief Executive Officer Neal Mohan said. In his first public remarks on the topic, Mohan said he had no firsthand knowledge of whether OpenAI had, in fact, used YouTube videos to refine its artificial intelligence-powered video creation tool, called Sora. But if that were the case, it would be a “clear violation” of YouTube’s terms of use, he said.Inside Big Tech's underground race to buy AI training data
Reuters
Katie Paul and Anna Tong
At its peak in the early 2000s, Photobucket was the world's top image-hosting site. The media backbone for once-hot services like Myspace and Friendster, it boasted 70 million users and accounted for nearly half of the U.S. online photo market. Today only 2 million people still use Photobucket, according to analytics tracker Similarweb. But the generative AI revolution may give it a new lease of life. CEO Ted Leonard, who runs the 40-strong company out of Edwards, Colorado, told Reuters he is in talks with multiple tech companies to license Photobucket's 13 billion photos and videos to be used to train generative AI models that can produce new content in response to text prompts.
Don’t play it by ear: Audio deepfakes in a year of global elections
The Interpreter
Dymples Leong
Artificial intelligence company OpenAI recently introduced Voice Engine, a natural-sounding speech generator that uses text and a 15-second audio sample to create an “emotive and realistic” imitation of the original speaker. OpenAI has not yet released Voice Engine to the public, citing concerns over the potential abuse of its generative artificial intelligence – specifically to produce audio deepfakes – which could contribute to misinformation, especially during elections.
AI may develop a huge carbon footprint, but it could also be a critical ally in the fight against climate change
The Conversation
Kirk Chang and Alina Vaduva
Recently, artificial intelligence has been cast as a problem in the urgent, international effort to tackle climate change. As AI plays a greater role in our lives, it will need enormous amounts of computing power and data storage. As such, the carbon footprint of AI is projected to expand due to its high energy consumption and the carbon emissions associated with the production of its hardware. However, the truth is more nuanced, since artificial intelligence could also be a problem solver, making a significant contribution to tackling climate change.
Misc
Critical security flaw exposes 1 Million WordPress sites to SQL injection
Dark Reading
Elizabeth Montalbano
Attackers can exploit a critical SQL injection vulnerability found in a widely used WordPress plug-in to compromise more than 1 million sites and extract sensitive data such as password hashes from associated databases. A security researcher called AmrAwad (aka 1337_Wannabe) discovered the bug in the LayerSlider, a plug-in for creating animated Web content. The security flaw, tracked as CVE-2024-2879, has a rating of 9.8 out of 10 on the CVSS 3.0 vulnerability-severity scale, and is associated with the "ls_get_popup_markup" action in versions 7.9.11 and 7.10.0 of LayerSlider. The vulnerability is due to "insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query," according to Wordfence.
Events & Podcasts
The Sydney Dialogue
ASPI
The Sydney Dialogue was created to help bring together governments, businesses and civil society to discuss and progress policy options. We will forecast the technologies of the next decade that will change our societies, economies and national security, prioritising speakers and delegates who are willing to push the envelope. We will promote diverse views that stimulate real conversations about the best ways to seize opportunities and minimise risks.
Jobs
Data Scientist
ASPI
ASPI is looking for an inquisitive and problem-solving open-source data scientist who will be responsible for developing and implementing automated techniques for a variety of open-source data collection requirements. We are open to experienced data scientists and those beginning their career. Role equivalency would be between levels 3 – 7 of Data Science category of SFIA 8. The closing date for applications is 15 April 2024– an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
Director of Cyber, Technology & Security (CTS)
ASPI
ASPI is looking for an exceptional and experienced leader to lead our largest team focused on emerging security challenges, particularly in cyberspace and the information domain. Director CTS leads ASPI’s largest team to develop and deliver a range of applied research projects on existing and emerging security challenges. CTS’ projects range across cyber and critical infrastructure security, critical and emerging technologies, national resilience and social cohesion, and hybrid threats. The closing date for applications is 22 April 2024 – an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
China Analyst or Senior Analyst
ASPI
ASPI has an exciting opportunity for an analyst or senior analyst to explore China's evolving foreign and security policy, political economy and impact on the Indo-Pacific and the world. ASPI’s China analysts conduct rigorous data-driven research, publish impactful reports that shape the public policy discourse and contribute to the wide catalogue of influential China work published by ASPI. The difference between the analyst and senior analyst levels will depend on experience level and demonstration of past work. The closing date for applications is 10 May 2024– an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.