WhatsApp pushing back on NSO Group hacking | EU tells Facebook, Google and Twitter to take more action on fake news | Russia will test its ability to disconnect from the internet
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
In May, WhatsApp announced that we had detected and blocked a new kind of cyberattack involving a vulnerability in our video-calling feature. Now, after months of investigation, we can say who was behind this attack. Today, we have filed a complaint in federal court that explains what happened and attributes the intrusion to an international technology company called NSO Group. The Washington Post
EU tells Facebook, Google and Twitter to take more action on fake news. In a joint statement published Tuesday alongside progress reports from the companies, the EU said the impact of the “self-regulatory measures” remains unclear. CNBC
Russia will test its internal RuNet network to see whether the country can function without the global internet, the Russian government announced Monday. The tests will begin after Nov. 1, recur at least annually, and possibly more frequently. It’s the latest move in a series of technical and policy steps intended to allow the Russian government to cut its citizens off from the rest of the world. Defense One
ASPI ICPC
NEW ASPI ICPC report examines deepening Sino-Russian technology ties as US tensions mount
China and Russia have not only expanded military cooperation but are also undertaking more extensive technological cooperation, including in 5G, new media, artificial intelligence (AI), robotics, biotechnology & the digital economy.
The latest policy report by ASPI’s International Cyber Policy Centre - A new Sino-Russian high-tech partnership: Authoritarian innovation in an era of great-power rivalry authored by Russian specialist Samuel Bendett and China specialist Elsa Kania - maps out the unique ecosystem underpinning expanding technology cooperation between Moscow and Beijing.
The distinct deepening of this relationship is also a response to increased pressures imposed by the US. Over the past couple of years, US policy has sought to limit Chinese and Russian engagements with the global technological ecosystem, including through sanctions and export controls. Under these geopolitical circumstances, the determination of Chinese and Russian leaders to develop indigenous replacements for foreign, particularly American technologies, from chips to operating systems, has provided further motivation for cooperation.
The authors say “These advances in authoritarian innovation should provoke concerns for democracies for reasons of security, human rights, and overall competitiveness. Notably, the Chinese and Russian governments are also cooperating on techniques for improved censorship and surveillance and increasingly coordinating on approaches to governance that justify and promote their preferred approach of cyber sovereignty and internet management, to other countries and through international standards and other institutions”.
World
Why WhatsApp is pushing back on NSO Group hacking
The Washington Post
@wcathcart
In May, WhatsApp announced that we had detected and blocked a new kind of cyberattack involving a vulnerability in our video-calling feature. Now, after months of investigation, we can say who was behind this attack. Today, we have filed a complaint in federal court that explains what happened and attributes the intrusion to an international technology company called NSO Group.
BlackBerry Cylance: More and more APT groups are relying on mobile malware to track dissidents
Cyberscoop
@shanvav
State-backed hackers from China and Iran have long been spying on their country’s political dissidents using mobile malware, but new research from BlackBerry’s Cylance shows these same nation-state hackers — including groups that have previously been unknown — also are using the malware to monitor targets abroad.
It’s not easy to spot disinformation on Twitter. Here’s what we learned from 8 political ‘astroturfing’ campaigns.
The Washington Post
@schochastics @SebStier @junghwanyang
We found that these disinformation campaigns don’t solely rely on automated “bots” or bot accounts — contrary to popular media stories. Only a small fraction of the 20,000 accounts we reviewed (between 0 and 18 percent, depending on the campaign) are “bot accounts” that posted more than 50 tweets per day on a regular basis — a threshold some researchers use to distinguish automated accounts from bona fide individual users.
Australia
Cyber Security Strategy 2020: Civil society experts slam 'national security' agenda
ZDNet
@stilgherrian
The goal of an 'open and free internet' has been dropped from Australia's proposed national cybersecurity strategy. Job done, apparently.
You can now use your smartphone as ID in NSW. Here's how
The Sydney Morning Herald
@bengrubb
Almost five years after it was first proposed by the state government, NSW citizens are now finally able to display their driver's licence on their phones and use it as a form of ID at pubs and clubs. But if you have a cracked screen, it may not get accepted because a clear screen is required for it to be used as valid ID; your phone must also be kept charged so that you can show your licence.
'Please try again': NSW digital driver's licence app crashes under load | The Sydney Morning Herald
The New South Wales digital driver’s license. Source: The Sydney Morning Herald
Google sued by the ACCC over alleged misuse of personal data
The Australian Broadcasting Corporation
@Stephen_Letts
Tech giant Google has been hauled into the Federal Court by regulators over allegations it has been misleading consumers about the personal location data it collects, keeps and uses.
Australia Proposes Face Scans for Watching Online Pornography
The New York Times
@jamietarabay
As a government agency seeks approval of a facial recognition system, it says one use for it could be verifying the age of people who want to view pornography online.
Victorian man arrested over multiple DDoS attacks
itnews
@justinrhendry
In a brief statement, Victoria Police said the alleged attacks were conducted "against a telecommunications business and a large shopping complex between June and October this year".
China
Patent king Huawei lags Intel and Qualcomm in quality, study finds
Nikkei
Only 21% of patents filed by Huawei, which is under strong pressure from the U.S. government, could be classed as highly innovative, according to researchers.
Special Report: AI Policy and China – Realities of State-Led Development
New America
Today, the Stanford-New America DigiChina Project publishes its first special report, on AI Policy and China, featuring new work and insights from 14 specialists across a wide variety of fields.
USA
School apps track students from the classroom to bathroom, and parents are struggling to keep up
The Washington Post
@heatherkelly
Heritage High School in Loudoun County, Va., introduced the software, called e-Hallpass, in September as a way to track trips to the bathroom, the nurse’s office, the principal or other places on campus. It collects the data for each student’s comings and goings so approved administrators can see pass histories or look for patterns.
What a lobbyist's remarks behind closed doors tell you about Chinese money in Washington
The Washington Post
In the northwestern region of Xinjiang, the Chinese Communist Party has imprisoned more than 1 million Muslim ethnic minorities in mass internment camps and built up an all-encompassing surveillance state. Few of the country’s private companies are more deeply enmeshed in the continuing crackdown than Hikvision, one of the main suppliers of video surveillance equipment to the Chinese security services.
South Asia
Was Kudankulam Nuclear Power Plant hacked by North Koreans? Read about the allegations and the denial by officials
OpIndia
Kudankulam Nuclear Power Plant has denied rumours that the facility had come under cyber-attack. A statement issued by the Training Superintendent and Information Officer R Ramdoss said that some false information is being propagated on social media platforms, electronic media and print media.
Europe
EU tells Facebook, Google and Twitter to take more action on fake news
CNBC
EU tells Facebook, Google and Twitter to take more action on fake news. In a joint statement published Tuesday alongside progress reports from the companies, the EU said the impact of the “self-regulatory measures” remains unclear.
Russia
Migrating Russian eagles run up huge data roaming charges
BBC
Russian scientists tracking migrating eagles ran out of money after some of the birds flew to Iran and Pakistan and their SMS transmitters drew huge data roaming charges.
Russia will test its ability to disconnect from the internet
Defense One
@DefTechPat
Russia will test its internal RuNet network to see whether the country can function without the global internet, the Russian government announced Monday. The tests will begin after Nov. 1, recur at least annually, and possibly more frequently. It’s the latest move in a series of technical and policy steps intended to allow the Russian government to cut its citizens off from the rest of the world.
Misc
How Facebook helps an abusive ex-partner find out your new identity, even after you’ve blocked them
Graham Cluley
Common sense dictates that as you have blocked someone and *then* changed your name they wouldn’t be able to know that your profile has been updated to use a new name. And yet, as one security researcher discovered, an unpatched flaw in the way Facebook handles account privacy allows precisely this to happen.
As the internet turns 50, we must protect it as a force for good
World Wide Web Foundation
On October 29, 1969, the internet era began as UCLA Computer Science Professor Len Kleinrock sent the first message on ARPANET, a network of computers that would evolve to become the internet. Five decades later, and 30 years since the World Wide Web brought the internet into the mainstream, global digital connectivity has fundamentally changed our world.
These watchdogs track secret online censorship across the globe
CNET
@lhautala
Data from OONI data provides a record of internet accessibility in places around the world where authorities are unlikely to acknowledge they've blocked access, says Karanja, whose studies focus on the intersection of politics and the internet. "You are sure to have a clear snapshot of the internet at a specific point in time in a specific place," he said.
Jobs
Thank you for reading the Daily Cyber Digest. If you have any feedback, please let us know via email at icpc@aspi.org.au Know someone who may enjoy getting this? They can sign up here.