White House announces ransomware task force | UK lawmakers fret over China investment in university spinoffs | Israel’s Candiru sold states spyware to hack journalists and dissidents
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The Biden administration is preparing to announce a cross-government task force to combat ransomware attacks, following a series of high-profile hacks that underscored how cybersecurity weaknesses can wreak havoc on American society. POLITICO
Chinese investors are increasingly backing the businesses emerging from U.K. universities even as lawmakers urge government to rethink its open-door approach to foreign takeovers. “Acquisitions by foreign entities can serve as the first step toward moving strategically vital companies, assets and intellectual property abroad,” a report from the committee published Wednesday concluded. It recommended that officials should monitor technological developments at universities as well as businesses. Bloomberg
An Israeli cyber warfare group weaponised vulnerabilities in Microsoft and Google products, allowing governments to hack more than 100 journalists, activists and political dissidents globally, new research has found. Financial Times
ASPI ICPC
From the Asian Century to Fortress Australia in just over a decade
Financial Review
@AlexKOliver
Foreign policy is (still) a man’s world. But the fact that I was able to hold a senior role in a highly regarded think tank illustrates that world is changing. Two years ago, I and four female colleagues published a lengthy study on women in international relations. Despite Australia appointing its first female foreign minister (and then its second), its first female secretaries of Foreign Affairs and Trade and then Defence departments (on the heels of its first female PM and Governor-General), the evidence showed that behind these trailblazers, the pipeline of women coming into the sector was extremely limited, and few were in senior positions.
Danielle Cave was a lead author in this 3-year study by the Lowy Institute ‘Foreign territory: Women in international relations’ that revealed severe gender imbalances in Australia’s international relations sector - including Australia’s diplomatic, national security & intelligence community, despite the existence of some prominent trailblazers. Explore the project here.
After Didi Fiasco, China Imposes Cybersecurity Reviews on Foreign IPOs
Lawfare
@LemertAbby, Eleanor Runde
Danielle Cave and Jacob Wallis write for the Australian Strategic Policy Institute on disinformation in democratic societies.
World
Social networks’ anti-racism policies belied by users’ experience
The Guardian
@alexhern
Analysis: Twitter, Facebook and others condemn hateful speech, so why is it so easy to find on their sites?
Australia
Australian organisations are quietly paying hackers millions in a 'tsunami of cyber crime'
ABC
@JamesPurtill
One-third of Australian organisations hit by ransomware attacks paid the ransom. These payments, which encourage further attacks, are typically kept secret. Experts are calling for mandatory reporting of ransom payments.
Boards set to face the music on cyber security lapses
Brisbane Times
@TimBiggs
Company directors will need to get used to facing the music when it comes to mitigating cyber risk, security experts have said, as the frequency and scale of ransomware attacks globally continues to escalate.The federal government is currently discussing new standards with industry, as figures show cyber crime is costing the Australian economy around $3.5 billion a year.
Telstra boss says company directors should be liable for ‘egregious’ cyber-security negligence
The Sydney Morning Herald
@LisaVisentin
Telstra boss Andy Penn has warned Australian governments and businesses are constantly being targeted by sophisticated cyber criminals and state actors, with many workplaces under-prepared for a serious attack.
Telstra fends off vaccine cyber threats
Canberra Times
@Mazzaphrenia
Telstra is monitoring COVID-19 supply chains for cyber threats to help out the federal government. "We're very, very attuned to it, because it's a critical supply chain to protect," Telstra chief executive Andy Penn told the National Press Club on Thursday. "There's malicious activity around all of those organisations all of the time," he said.
Chip shortage dumbs down cars
The Australian
@chris_griffith
Some car makers are starting to leave out features on new cars due to the shortage of computer chips. Stop-start, a SatNav system and entertainment system are being pulled from some models as manufacturers try to reduce the number of semiconductor chips they install in a car.
China
Alibaba and Tencent Consider Opening Up Their ‘Walled Gardens’
The Wall Street Journal
@jingyanghk @QiZHAI
Alibaba Group Holding Ltd. and Tencent Holdings Ltd. are considering moves to gradually open up their services to one another, as Beijing’s tech crackdown makes it harder for China’s two online giants to maintain the virtual barriers they have built in recent years. That would mark a big shift for China’s consumer internet, which has largely split into two camps built around the arch rivals. The restrictions mean, for example, that customers can’t use Tencent’s payment system to buy goods on an Alibaba platform.
Alibaba, Tencent, ByteDance and 30 other Big Tech firms sign voluntary antitrust ‘self-discipline’ pledge at event
South China Morning Post
@mashaborak
Alibaba Group Holding, Tencent Holdings and ByteDance are among 33 Chinese tech companies that have collectively signed an agreement on antitrust self-discipline amid Beijing’s growing regulatory pressure on Big Tech. The group of tech companies, which also includes Huawei Technologies Co, Baidu, JD.com and artificial intelligence company iFlyTek, gathered at the China Internet Conference in Beijing on Tuesday and signed the convention on fair competition, consumer protection and strengthening innovation, according to a statement on the Internet Society of China, the conference organiser.
Cambridge data shows Bitcoin mining on the move
BBC
New data shows Bitcoin mining in China was already in sharp decline before the latest crackdown by the government. The research by the Cambridge Centre for Alternative Finance found China's share of mining fell from 75.5% in September 2019 to 46% in April 2021.
USA
White House announces ransomware task force — and hacking back is one option
POLITICO
@ericgeller
The Biden administration is preparing to announce a cross-government task force to combat ransomware attacks, following a series of high-profile hacks that underscored how cybersecurity weaknesses can wreak havoc on American society.
Ransomware and International Politics
CSIS
James Andrew Lewis
The only audience that counts for ransomware providers is the Kremlin. Moscow’s approval, tacit or otherwise, is the key to their continued operations. These are criminal groups; they do not seek public approval, nor does public condemnation faze them. Despite any opprobrium attached to the perpetrators, as long as ransomware providers remain in Moscow’s good graces and avoid trips outside of Russia, they are untouchable.
US government launches plans to cut cybercriminals off from cryptocurrency
Cyberscoop
@TonyaJoRiley
The White House on Thursday announced a flurry of actions launched by a new interagency task force to combat ransomware.
Read ASPI ICPC’s new report: ‘Exfiltrate, encrypt, extort’
U.S. Government Offers $10 Million for Info on Hackers Targeting Critical Infrastructure
VICE
@josephfcox
The State Department is offering a reward of up to $10 million for information that leads to the identification or location of hackers acting under the control of a foreign government who target U.S. critical infrastructure, according to the announcement published Thursday.
Facebook Seeks FTC Chair Lina Khan’s Recusal in Antitrust Case
The Wall Street Journal
@brkend
Facebook sought the recusal of Federal Trade Commission Chair Lina Khan from the agency’s deliberations on whether to file a new antitrust case against the company, arguing she couldn’t be impartial because of her long history of criticizing it and other big-tech firms.
Artificial Intelligence in the Intelligence Community: Money is Not Enough
Just Security
Corin R Stone
AI systems have the potential to transform how the IC makes sense of the world, rapidly and at scale... But, as we have seen before, money is necessary but not sufficient. Among other things, the IC had to tackle foundational issues involving cultural resistance and inconsistent, complex authorities. The IC has come a long way on information sharing 20 years after 9/11, but it still has more work to do.
North-East Asia
TSMC confirms it is in talks to build Japan chip plant
Nikkei Asia
@Lauly_Th_Li
Taiwan Semiconductor Manufacturing Co. on Thursday confirmed that it is eyeing its first chip production site in Japan and that it will continue to build up its overseas manufacturing footprint to maintain its long-term competitiveness.
UK
U.K. Lawmakers Fret Over China Investment in University Spinoffs
Bloomberg
@TW_Seal @kitty_donaldson
Chinese investors are increasingly backing the businesses emerging from U.K. universities even as lawmakers urge government to rethink its open-door approach to foreign takeovers. In the past decade, 79 of 1,547 U.K. university spinoffs have been sold to overseas companies, according to data firm Beauhurst, which tracks the transactions. It said three had their central assets acquired by China-headquartered firms, while 55 have Chinese citizens as directors and 15 as shareholders..“Acquisitions by foreign entities can serve as the first step toward moving strategically vital companies, assets and intellectual property abroad,” a report from the committee published Wednesday concluded. It recommended that officials should monitor technological developments at universities as well as businesses because “this transfer of assets threatens to make us reliant on others.”
British MPs urge government to block Chinese chips takeover bid
POLITICO
@StuartKLau
The British government on Thursday declined to intervene in a Chinese company’s takeover of a Welsh semiconductor firm, prompting a wave of criticism from lawmakers.
Cancer patient to sue Cork's Mercy Hospital over cyber hack
Irish Examiner
Sean O'Riordan, @shaunabowerss
One of the first legal cases over the release of sensitive medical information on the dark web as part of the HSE cyber hack has been lodged at Cork Circuit Court.
Online Safety’s bigger billing
Financial Times
@ChrisNuttall
Racist abuse of footballers has become the latest addition to the lengthening list of harmful activity that the UK government’s Online Safety Bill is expected to tackle. Big Tech has already criticised the proposed legislation as being disproportionately broad, undermining privacy and producing “a chilling effect on freedom of speech”.
English Soccer Player Urges Facebook and Twitter to Crack Down on Abuse
The New York Times
@erinkwoo
After facing a torrent of racist abuse online, Bukayo Saka said he didn’t want anyone to deal with such “hateful and hurtful messages.”
Europe
Marietje Schaake; Lawmaker turned tech punditry superstar
POLITICO
Members of the European Parliament, rejoice: There’s life after Brussels. Marietje Schaake has turned her previous job as Liberal MEP into a launch pad for a thriving career of (virtual) globe-trotting, punditry and influence on how to shape the internet and technology. The 42-year-old Dutch native has become a leading voice of European philosophy on how to regulate technology, especially in the U.S., where she’s been teaching at Stanford University’s Cyber Policy Center since leaving European politics.
Alternatives to China’s tech authoritarianism a priority for transatlantic action
MERICS
@RebeccaArcesati
A world where Chinese technology is used for digitalization creates acute risks for safety, privacy, and freedom of expression, says Rebecca Arcesati. She argues that transatlantic alignment is needed to provide alternatives that protect rights and strengthen democratic governance.
French tech bet pays off with rise in ‘unicorns’
Financial Times
Peggy Hollinger
French tech start-ups are on a roll. Of the main European tech hubs, France is breeding at the fastest rate. Over the past three years, the number of start-ups valued at more than €1bn has trebled in France, against a rise of just 69 per cent in the UK and 44 per cent in Germany. Sweden comes closest with a 165 per cent jump over the same period... Europe, it seems, is the fastest-growing region for venture capital investment — faster even than the US or China, according to a study by Sifted, an FT sister publication, and Dealroom.
Russia
iOS zero-day let SolarWinds hackers compromise fully updated iPhones
Ars Technica
@dangoodin001
The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft.
Kremlin papers appear to show Putin’s plot to put Trump in White House
The Guardian
@lukeharding1968 @julianborger @dansabbagh
Vladimir Putin personally authorised a secret spy agency operation to support a “mentally unstable” Donald Trump in the 2016 US presidential election during a closed session of Russia’s national security council, according to what are assessed to be leaked Kremlin documents.
Middle East
Israel’s Candiru sold states spyware to hack journalists and dissidents
Financial Times
@MsHannahMurphy @MehulAtLarge
An Israeli cyber warfare group weaponised vulnerabilities in Microsoft and Google products, allowing governments to hack more than 100 journalists, activists and political dissidents globally, new research has found.
Gender and Women in Cyber
EU launches Women TechEU pilot to put women at the forefront of deep tech
EUreporter
The European Commission has launched Women TechEU, a new EU scheme supporting deep-tech start-ups led by women and helping them grow into tomorrow's deep tech champions.
Misc
Facebook, Twitter and other social media companies need to be treated like Big Tobacco
NBC News
@BostonJoan
The surgeon general's new advisory shows their product is in need of serious consumer protection regulations.
Research
Geo-tech politics: Why technology shapes European power
European Council on Foreign Relations
@RikeFranke @jitorreblanca
New technologies are a major redistributor of power among states and a significant force shaping international relations. The European Union has for too long seen technology primarily through an economic lens, disregarding its implications for its partnerships and for its own geopolitical influence. If the EU wants to be more than a mediator between the two real technological powers, the United States and China, it will need to change its mindset.
Hooking Candiru: Another Mercenary Spyware Vendor Comes into Focus
CitizenLab
@billmarczak, @jsrailton, @kjberdan, Bahr Abdul Razzak, @RonDeibert
Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts. Using Internet scanning we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.
Events
Indigenous Cyber and Digital Skills Conference
ASPI’s IndigiCyber, Defence and Space Program
This half-day conference will canvas a range of curriculum and engagement initiatives in cyber-security and STEM as well as government and industry responses to both support those already in work, and to attract diverse candidates. What can defence, and defence-related sectors, do to support the next generation of technology champions? 23 Jun 2021 9:00 am - 1:00 pm
ASPI Webinar: In-Conversation with Marietje Schaake
ASPI ICPC
SPI's International Cyber Policy Centre is delighted to invite you to an in-conversation with Marietje Schaake, President of the Cyber Peace Institute, the International Policy Director at Stanford's Cyber Policy Center and International Policy Fellow at Stanford’s Institute for Human-Centered Artificial Intelligence. Join Fergus Hanson for an online ‘fireside chat’ with Marietje focusing on technology, democracy and the question of accountability. They will discuss how democracies can cooperate amidst rising authoritarianism and the privatised governance of technologies. They will also consider the rule of law and how it relates to the oversight of existing and emerging technologies. 27 July 2021 5:00 pm - 6:00 pm
Jobs
ICPC Senior Analyst or Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre has an outstanding opportunity for a talented and proactive senior analyst or analyst to join its centre. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by state and non-state actors. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies.
ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. This role will focus on policy relevant cybersecurity analysis, informed public commentary and either original data-heavy research and/or technical analysis. Analysts usually have around 7-15 years work experience. Senior analysts usually have a minimum of 15 years relevant work experience and tend to be involved in staff and project management, fundraising and stakeholder engagement.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.