We need a new global standard to curb intrusive spyware | Election footing as PM lashes Big Tech on regulation | Domestic extremists pushing violence against Congress, school and health officials
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
After more than a decade, democratic governments are finally waking up to the hazards of commercial spyware. Recent media coverage has exposed how authoritarian regimes are using NSO Group’s Pegasus software to spy on journalists and politicians. Financial Times
The Prime Minister has applied a blow-torch to Big Tech at the G20 CEO Summit in Auckland, demanding the tech giants come up with industry codes of practice that meet heightened government expectations across a range of flash-point issues. InnovationAus
Domestic extremists continue to exploit false narratives to promote violence online, calling for attacks on members of Congress and public health and school officials, even as they share information about how to build bombs, according to a new intelligence bulletin by the Department of Homeland Security that paints a picture of persistent danger. NBC News
ASPI ICPC
Tim Cook says Apple has a 'responsibility' to do business everywhere, even in China despite its human rights issues
Business Insider
@KatieCanales1
Apple CEO Tim Cook said Tuesday that the company has a “responsibility” to do business in as many places as it can. That includes China, where human rights advocates have said the Party persecutes thousands in the Uyghur Muslim minority. “World peace through world trade,” Cook said, adding that operating in foreign countries means Apple has to “acknowledge that there are different laws in other markets.” A May report from The Information found that seven Apple suppliers in China had links to forced labor programs, including the use of Uyghur Muslims from the Xinjiang region. And a March 2020 report from the Australian Strategic Policy Institute also found connections between Apple suppliers and forced Uyghur labor.
Read our 2020 report Uyghurs for Sale: ‘Re-education’, forced labour and surveillance beyond Xinjiang
Do cyber spies dream of electric shadows
The Strategist
@AlbertYZhang
Cyberspace is changing spycraft, and national security agencies are being urged to adopt machine learning and open-source data to bolster their analytical capabilities. Human intelligence and networks of informants, however, will remain necessary for acquiring some secrets, assisting cyber operations by placing USB drives in air-gapped computers, for example, and providing insights into the thinking of decision-makers in target countries. To establish trust between officers and their informants, interpersonal and face-to-face meetings may be unavoidable while virtual reality and other digital technologies mature writes Albert Zhang, a researcher at ASPI's International Cyber Policy Centre.
World
We need a new global standard to curb intrusive spyware
Financial Times
@MarietjeSchaake
After more than a decade, democratic governments are finally waking up to the hazards of commercial spyware. Recent media coverage has exposed how authoritarian regimes are using NSO Group’s Pegasus software to spy on journalists and politicians. The EU has now tightened its rules on the export of surveillance technology, and the US Department of Commerce last week determined that Israel-based NSO Group and three other hacking companies were “engaging in activities that are contrary to the national security or foreign policy interests of the United States”. However, these modest steps do not go far enough: what’s needed is a global standard to reign in technologies that violate the rights to privacy, free assembly as well as free expression.
Australia
Election footing as PM lashes Big Tech on regulation
Innovation Aus
@888riley
The Prime Minister has applied a blow-torch to Big Tech at the G20 CEO Summit in Auckland, demanding the tech giants come up with industry codes of practice that meet heightened government expectations across a range of flash-point issues. If the tech giants don’t come up with suitable codes to underpin regulations, the government certainly will, and the industry might not like the result, Scott Morrison warned during his oddly aggressive fireside chat with Microsoft president and vice-chair Brad Smith.
Clive Palmer’s election campaign has already begun, with millions spent on social media ads
The New Daily
@JoshButler
Tom Sear, an online security and disinformation expert at UNSW Cyber at the Australian Defence Force Academy, said this was a strategy often used in cyber warfare. He studied social media manipulation at the 2019 poll, and said it could be repeated next year. “[UAP] bought every resource they could. From a marketing perspective, it does have an influence,” he told TND. “These flooding techniques mean you don’t see Labor or Liberal ads.”
Facial recognition technology put on hold in Adelaide amidst privacy concerns
ABC Radio
@malcolmsutton
About $3 million will be spent on a new Adelaide surveillance network, but a council proposal passed overnight means police cannot access its facial recognition technology (FRT) without laws to protect people's privacy.
Major Queensland water supplier targeted by hackers in cyber breach that went undetected for months
ABC News
@rory_callinan
It has been revealed that hackers left suspicious files on a webserver to redirect visitor traffic to an online video platform last year.
NSW moves to fortify check-in app data privacy, prevent police access
iTNews
@justinrhendry
The NSW government has moved to strengthen the privacy protections behind QR code check-in data that prevent law enforcement access by enshrining the safeguards in legislation.
Why quantum ‘utility’ should replace quantum advantage
TechCrunch
Mark Mattingley-Scott & Marcus Doherty
As the quantum computing industry continues to push forward, so do the goal posts. A long-sought objective was to attain quantum “supremacy” — demonstrating that a quantum computer could solve a calculation that no traditional computer on Earth could do — without requiring a practical benefit.
China
Tencent says Beijing likely to support metaverse - as long as it obeys China rules
Reuters
@brendagoh_
In some of its first public comments on the metaverse, Tencent, China's biggest company by market value, welcomed the potential for gaming business opportunities in a post-earnings call on Wednesday, but acknowledged China's version of the metaverse would need to be different to the rest of the world's.
Didi prepares to relaunch apps in China, anticipates data probe will end soon -sources
Reuters
@julie_zhuli @yilei000
Didi Global is preparing to relaunch its ride-hailing and other apps in China by the end of the year in anticipation that Beijing's cybersecurity investigation into the company will be wrapped up by then, three people directly involved in the relaunch said.
Hikvision CSO declares "devices with backdoors can’t be used to spy"
IPVM
@RobtWrenGordon
Hikvision's CSO/DSO Fred Streefland declared "devices with backdoors can’t be used to spy" though Cybersecurity legend Bruce Schneier responded to IPVM on Hikvision's declaration saying that "only someone who doesn't understand cybersecurity at all would say something like that".
China still steals commercial secrets for its own firms’ profit
The Economist
Earlier this year Microsoft found that a group of hackers, which it called Hafnium, had broken into hundreds of thousands of computer servers around the world that were running the firm’s mail and calendar software. The cyber-thieves were stealing emails, documents and other data from small businesses, ngos and local governments in an enormous, seemingly indiscriminate, cyber-attack. In July America, Britain, other members of nato and the European Union all blamed China. America was more specific. It named China’s civilian intelligence agency, the Ministry of State Security (mss).
USA
Domestic extremists pushing violence against Congress, school and health officials, DHS bulletin says
NBC News
@KenDilanianNBC
Domestic extremists continue to exploit false narratives to promote violence online, calling for attacks on members of Congress and public health and school officials, even as they share information about how to build bombs, according to a new intelligence bulletin by the Department of Homeland Security that paints a picture of persistent danger.
Data broker shared billions of phone location records with D.C. government as part of covid-tracking effort
The Washington Post
@drewharwell
A data broker shared billions of “highly sensitive” phone-location records with the D.C. government last year that revealed how people moved about the city, public records show. The sharing of the raw phone location data was pitched as uniquely valuable for tracking the covid pandemic, the records show. But the provision of the records for six months to the D.C. government’s Department of Health also shows the potential for abuse of such data, which is generally collected without consumers’ knowledge and then resold to both public and private buyers.
Cyber agency beefing up disinformation, misinformation team
The Hill
@MagMill95
The Cybersecurity and Infrastructure Security Agency (CISA) is beefing up its disinformation and misinformation team in the wake of a divisive presidential election that saw a proliferation of misleading information online.
Jen Easterly wants hackers to help US cyber defense
WIRED
@GrahamHacia
Retired Army officer, Jen Easterly, her work cut out for her. As only the second director of the US government’s Cybersecurity and Infrastructure Security Agency (CISA), she must contend with a historic onslaught of ransomware attacks and disinformation campaigns. Easterly is a different kind of bureaucrat, however. She exhibited as much at the Black Hat cybersecurity conference in August, where she introduced new policy initiatives to an AC/DC-backed dance while wearing a “Free Britney” shirt and dragon-emblazoned jeans.
The cyber battlefield against China and Russia is constantly shifting. Here’s how the NSA is trying to stay on top.
DefenseNews
@StephenLosey
In the battle over cyberspace, adversaries to the United States are continually switching up their methods to hack U.S. systems, a senior National Security Agency official said Wednesday. That means the U.S. must in turn keep shifting the tools and techniques it uses to counter hackers from nations like China, Russia, Iran and North Korea — and team up with the private sector to do so, David Luber, deputy director for NSA’s cybersecurity directorate, said in a panel during C4ISRNET’s CyberCon.
3 ways Congress could hold Facebook accountable for its actions
The Conversation
@asusarla Bhaskar Chakravorti @rcalo
Facebook may have changed its corporate name to Meta Platforms, but that won’t end its troubles - nor efforts to rein in the social media company’s business practices. Lawmakers are pondering new ways to regulate Facebook, whose CEO, Mark Zuckerberg, wrote in 2019 that he welcomed new “rules governing the internet.” With that in mind, we asked three experts on social media, technology policy and global business to offer one specific action the government could take about Meta’s Facebook service.
Facial recognition marches forward, no matter what Facebook says
Bloomberg
@dinabass @mhbergen
Facebook parent Meta Platforms Inc. said on Nov. 2 it was shuttering the facial recognition system it used to automatically identify people in images posted to its social network. The company is working to repair a public image crisis—there’s a reason it’s not called Facebook anymore—and facial recognition has become an increasingly toxic concept in many circles.
The metaverse: colonial fantasies of the wild West
Mail & Guardian
@Michael_Kwet
Although it is not firmly defined, the metaverse refers to use of virtual reality (VR), augmented reality (AR) and traditional computer tech (such as smartphones) to mix the physical world with the digital world. Each of these technologies offer different dynamics. Even if the metaverse does become reality, it is also beset by the problem of digital colonialism. American firms control its development, yet the media is not drawing any attention to this fact. US tech “critics” dominate the conversation but don’t acknowledge, let alone oppose, the American empire.
China Is evading U.S. spies — and the White House is worried
Bloomberg
@PeterMartin_PCM @JenniferJJacobs @nwadhams
A lack of top-tier intelligence on Chinese President Xi Jinping’s inner circle is frustrating senior Biden administration officials struggling to get ahead of Beijing’s next steps, according to current and former officials who have reviewed the most sensitive U.S. intelligence reports.
Elon Musk: Tesla boss sells $5bn of shares after Twitter poll
BBC
Tesla chief executive Elon Musk has sold around $5bn (£3.7bn) of shares in the electric carmaker. It comes days after he asked his 63 million Twitter followers whether he should sell 10% of his stake in Tesla.
North-East Asia
North Korean hackers target the South's think tanks through blog posts
ZDNet
@SecurityCharlie
A North Korean hacking group has been attacking think tanks in the South through malware-laden blog posts. In a new campaign, tracked since June 2021, the state-sponsored advanced persistent threat (APT) group has been attempting to plant surveillance and theft-based malware on victim machines.
UK
Supreme Court blocks mass iPhone claim against Google
BBC
@janewakefield
The UK's Supreme Court has rejected a claim that sought billions of pounds in damages from Google over alleged illegal tracking of millions of iPhones. The judge said the claimant had failed to prove damage had been caused to individuals by the data collection. But he did not rule out the possibility of future mass-action lawsuits if damages could be calculated.
No 10 accused of failing to act against states accused of NSO spyware abuses
The Guardian
@skirchy
Boris Johnson’s government has been accused by MPs of prioritising trade agreements over national security in its handling of surveillance abuses on British soil by governments using spyware made by the Israeli company NSO Group.
Hack leaves fertility clinic medical data at risk
BBC
@radioproducer
Data from a private fertility clinic was put at risk after a ransomware attack hit a document management firm. The Lister Fertility Clinic said the firm, which it used for scanning medical records, had been "hacked" by a"cyber-gang", in a letter sent to about 1,700 patients. Stor-a-file Limited said in total 13 organisations had been affected, of which six are healthcare-related.
Middle East
CEO-designate of spyware firm NSO quits after US blacklisting
The Guardian
The executive due to take over as chief executive of Israeli spyware company NSO Group has quit after the business was blacklisted by the US Department of Commerce, the company has said. The designation, which places NSO in the company of hackers from China and Russia, comes three months after a consortium of journalists working with the French non-profit group Forbidden Stories revealed multiple cases of journalists and activists who were hacked by foreign governments using the spyware, including American citizens.
Palestinian diplomats targeted by Israeli spyware, official says
The New York Times
@PatrickKingsley Rawan Sheikh Ahmad
The accusation, which has not been independently verified, raises new questions over whether Israel is using software made by NSO Group to spy on Palestinians.
Africa
Kenya has had to deal with nearly 33-million cyber attacks in the first half of 2021
IT News Africa
@LIMonzon101
The increase in cyberthreats recorded by internet security group Kaspersky in the first half of this year in Kenya amounted to 32.8 million. Compared to similarly prominently targeted countries in the African region the recorded number was on par with South Africa accounting for 31.5 million, and near double the number recorded in Nigeria at 16.7 million.
Misc
A cyber mercenary is hacking the Google and Telegram accounts of presidential candidates, journalists And doctors
Forbes
@iblametom
An unprecedented peek inside an underground hacker-for-hire operation reveals 3,500 targets, including Belarusian presidential candidates, Uzbek human rights activists and a cryptocurrency exchange. Their primary targets? Gmail, Protonmail and Telegram accounts belonging to anyone on whom their paymasters want to spy.
Top Google result for NFT marketplace OpenSea was a phishing site
VICE
@josephfcox
Earlier this week, if you Googled “OpenSea” looking for the eponymous NFT marketplace, you might have found what looks like the site right at the top of Google. It turns out that result, which was a paid Google Ad placement, was actually a phishing site seemingly designed to steal victims’ digital wallets, Motherboard has found.
How cyber thieves are ramping up their phishing attacks against companies and organizations
Forbes
@EdwardSegal
Cyber thieves are using new strategies, tactics and techniques to help increase the chances of success of their phishing attacks against companies and organizations. Making matters worse for business leaders, ransomware attacks are on the rise as is the amount of money that is being demanded.
Contract lawyers face a growing invasion of surveillance programs that monitor their work
The Washington Post
@drewharwell
Facial recognition systems have become an increasingly common element of the rapid rise in work-from-home surveillance during the coronavirus pandemic. Employers argue that they offer a simple and secure way to monitor a scattered workforce. But for Anidi and other lawyers, they serve as a dehumanizing reminder that every second of their workday is rigorously probed and analyzed: After verifying their identity, the software judges their level of attention or distraction and kicks them out of their work networks if the system thinks they’re not focused enough.
Events
The Sydney Dialogue - Social Reset: A New Compact Between Technology and Government
ASPI
@ASPI_ICPC
The information environment everywhere has come under strain and is being exacerbated by geopolitical tensions. State and non-state actors are actively distorting and manipulating the public square in a way that is both inauthentic and degrading to democratic systems. This disruption has created a rift between social media companies and governments. What is now at stake is the integrity of our information environment and ultimately the stability of societies. But the evolving dynamic of antagonism between governments and social media platforms is inhibiting the type of collaboration needed to overcome this challenge. There is an opportunity for technology platforms and legislators to reset their relationships and build online ecosystems that support free societies. This session on 18 Nov at 12:30-13:30 AEDT will propose new ideas for governments and technology companies to ‘reset’ their relationship and work more collaboratively to restore truth in the public sphere.
The Sydney Dialogue - Contested Space: Collaborating in the New Golden Age of Space
ASPI
@ASPI_ICPC
This session will convene on 19 Nov at 12:00-13:00 AEDT with space leaders from the US, Japan, India, and Australia. It will consider challenges and opportunities in a contested, congested, and competitive space domain. It will explore how the Quad states can work together towards achieving the next giant leap in space exploration - specifically the return of humans to the lunar surface to achieve the ability to undertake crewed missions to Mars. Finally, the panel will consider how a high visibility collaborative project between Quad members in space can deliver a key advance in space globally.
The Sydney Dialogue - Democracies and Global Technology Governance
ASPI
@ASPI_ICPC
There is rising awareness that how technologies are designed, where they come from, and how they are deployed, matters. To preserve human rights and free societies, democracies are coming to realise they need to play a more active role, as a group, shaping global tech governance. Be it standard setting, design principles, ethical frameworks or law enforcement access to digital content, there is a pressing need to ensure the interests of citizens are kept central. This panel on 19 Nov at 13:00-14:00 AEDT will look at how states can best advance global technology governance to preserve freedoms and the important role for the Indo-Pacific.
Research
Jobs
ICPC Analyst & Project Manager - Coercive diplomacy
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an Analyst and Project Manager to manage, and help lead, a project on coercive diplomacy in the Indo-Pacific region... This new role will focus on analysis, workshops and stakeholder engagement centred around coercive diplomacy, including how countries in the Indo-Pacific can work together to tackle this complicated policy challenge.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.
.