White House discusses digital trade agreement in Indo-Pacific | French antitrust watchdog fines Google | Kazakhstan government documents infected with malware
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
White House officials are discussing proposals for a digital trade agreement covering Indo-Pacific economies as the administration seeks ways to check China’s influence in the region, according to people familiar with the plans. Details of the potential agreement are still being drafted, but the pact could potentially include countries such as Canada, Chile, Japan, Malaysia, Australia, New Zealand and Singapore, according to one of the people, who asked not to be identified because the process isn’t public. Bloomberg
France’s antitrust watchdog slapped a 500 million euro ($593 million) fine on Alphabet’s Google on Tuesday for failing to comply fully with temporary orders the regulator had given in a row with the country’s news publishers. The U.S. tech group must come up with proposals within the next two months on how it would compensate news agencies and other publishers for the use of their news. Reuters
The official website of the Kazakhstan government has hosted documents infected with malware for more than five months, since January this year… The Kazakhstan incident marks the second time this year that cybercriminals managed to plant malware on an official government site. The Record by Recorded Future
ASPI ICPC
As Australia’s strategic environment changes, foreign policy funding must change too (part 1)
The Strategist
@DaniellesCave @FergusHanson
Australia’s strategic environment has changed dramatically over the past decade. The Indo-Pacific is an increasingly complex place to call home and we must be able to more rapidly reshuffle our limited foreign policy resources towards new and emerging issues. This will include engaging with issues in which we currently have little domestic expertise—and limited evidence to inform our policymaking..The importance of sovereign capability, particularly in strategic and critical technologies, is being reprioritised as governments recognise how vulnerable they are in a crisis. Many states, including Australia, have failed to invest in their (currently shallow) technology research and development bases, or to identify where they need to invest. States that avoid making post-Covid capital investments in critical technologies will get left behind.
Australia 'soft target' for cyber attacks
The Strategist
The Australian Strategic Policy Institute has released a report warning the problem will only get worse unless a concerted and strategic effort is made to thwart the attacks. Report authors Rachael Falk and Anne-Louise Brown say the Australian government has a key role to play but tackling ransomware is a shared responsibility.
Read our new policy report Exfiltrate, encrypt, extort: the global rise of ransomware and Australia’s policy options
‘An attractive market’: policy vacuum on ransomware attacks leaves Australia vulnerable
The Guardian
@danielhurstbne
Australian organisations are seen as soft and lucrative targets for ransomware attacks, according to cybersecurity experts who warn the problem will get worse unless the Morrison government fills the “current policy vacuum”.ASPI ‘soft target’ warning on ransomware
InnovationAus
@joseph_brookes
Ransomware attacks will only get worse for Australia without strategic domestic efforts to thwart it, according to a new report which warns a “policy vacuum” has made the nation an “attractive market” for cyber attackers.
New cyber security rules for business
The Australian
@bennpackham
Businesses would face new minimum cybersecurity requirements and tougher standards on the handling of personal information under proposed new rules to make the nation more resilient to digital threats… Fergus Hanson, the head of the Australian Strategic Policy Institute’s International Cyber Policy Centre, said most Australian firms “routinely under-invest in cyber security”.
At the Nexus of Military-Civil Fusion and Technological Innovation in China
The Diplomat
@ahfritz
The interdependence of China’s innovation strategy with its military-civil fusion system enables it to leverage the global research and networks of the country’s own companies and universities.
Tech Policy: Oxford Web Series
OxfordUnion
Our panel, including Information Technology & Innovation Foundation President Robert Atkinson, ASPI’s Samantha Hoffman, and American Action Forum’s Jennifer Huddleston, discusses the role of tech policy in the US & China in the geopolitics of the 2020s. Oxford Union is the world's most prestigious debating society, with an unparalleled reputation for bringing international guests & speakers to Oxford University.
Australia
Is Australia a sitting duck for ransomware attacks? Yes, and the danger has been growing for 30 years
The Conversation
@pdowland Andrew Woodward
Australian organisations are a soft target for ransomware attacks, say experts who yesterday issued a fresh warning that the government needs to do more to stop agencies and businesses falling prey to cyber-crime. But in truth, the danger has been growing worldwide for more than three decades.
China
China reveals secret programme of unmanned drone submarines dating back to 1990s
South China Morning Post
Stephen Chen
A research team in China has unveiled an underwater drone that can recognise, follow and attack an enemy submarine without human instruction. The secret project, funded by the military, was partially declassified last week with the publication of a paper that gave a rare glimpse into a field test of the unmanned underwater vehicle (UUV), seemingly in the Taiwan Strait, more than a decade ago.
China Called Finance Apps the Best Thing Since the Compass. No Longer.
The New York Times
@zhonggg
Beijing’s tech crackdown could imperil the innovation that brought modern finance to underserved people — but also led to concerns about reckless lending and borrowing.
Chips are down in China’s ambition for tech independence
Australian Financial Review
A series of deals was supposed to make Tsinghua Unigroup one of the world’s top three chipmakers. Instead, its woes are a big setback for Chinese hopes of chip self-sufficiency.
China Clears Tencent-Sogou Deal
The Wall Street Journal
@Kubota_Yoko
China’s top market watchdog approved Tencent Holdings Ltd. ’s plan to privatize search-engine affiliate Sogou Inc. in a deal valued at around $2 billion that comes as the country’s technology giants face heightened antitrust scrutiny. The unconditional blessing announced Tuesday by the State Administration of Market Regulation is likely a relief for Tencent, after the regulator last week blocked the tech conglomerate’s bid to combine the country’s two biggest game-streaming platforms.
Read more about Tencent on our re-launched project ‘Mapping China’s Tech Giants’
ByteDance Shelved IPO Intentions After Chinese Regulators Warned About Data Security
Wall Street Journal
@xieyuxy @lizalinwsj
Owner of TikTok video app took different approach from ride-hailing company Didi, which pressed ahead with U.S. listing.
China is killing its tech golden goose
The Strategist
Minxin Pei
US politicians from both congressional parties are worried that China is overtaking America as the global leader in science and technology... But lawmakers may be fretting unnecessarily, because the Chinese government seems to be doing everything possible to lose its tech race with America.
USA
Biden Team Weighs Digital Trade Deal to Counter China in Asia
Bloomberg
@PeterMartin_PCM @EMPosts @SalehaMohsin
White House officials are discussing proposals for a digital trade agreement covering Indo-Pacific economies as the administration seeks ways to check China’s influence in the region, according to people familiar with the plans. Details of the potential agreement are still being drafted, but the pact could potentially include countries such as Canada, Chile, Japan, Malaysia, Australia, New Zealand and Singapore, according to one of the people, who asked not to be identified because the process isn’t public.
The Pentagon Tried to Take Down These Hackers. They’re Back.
The Daily Beast
@shanvav
Last fall, on the eve of the elections, the U.S. Department of Defense tried to throttle a transnational cybercrime group. But the hackers have rebuilt much of their operations. It’s become clear in recent months that the gang is very much alive and well. The Russian-speaking hacking group, sometimes referred to by the name of the malware it uses, Trickbot, has gone after millions of victims around the globe, stealing victims’ banking credentials and facilitating ransomware attacks that have left businesses scrambling to pay hefty extortion demands for years.
Issuance of the Updated Xinjiang Supply Chain Business Advisory
US Department of State
The U.S. Department of State, alongside the U.S. Department of the Treasury, the U.S. Department of Commerce, the U.S. Department of Homeland Security, the Office of the U.S. Trade Representative, and the U.S. Department of Labor, issued an updated Xinjiang Supply Chain Business Advisory in response to the government of the People’s Republic of China’s (PRC) ongoing genocide and crimes against humanity in Xinjiang and the growing evidence of its use of forced labor there. The updated Advisory highlights the heightened risks for businesses with supply chain and investment links to Xinjiang given the entities complicit in forced labor and other human rights abuses there and throughout China.
Read our report Uyghurs for sale
Biden taps ex-Pentagon official for key China tech position
Reuters
@karen_freifeld
President Joe Biden on Tuesday nominated Alan Estevez, a former Pentagon official, to be the U.S. Commerce Department's undersecretary for industry and security, a key post in the U.S.-China tech battle.
Biden to warn US companies on risks of operating in Hong Kong
Financial Times
@Dimi @primroseriordan
Joe Biden’s administration is poised to warn US companies of the rising risks of operating in Hong Kong as China asserts more control over the financial hub. According to three people familiar with the plan, the state department will this week flag concerns about a range of threats, including China’s ability to obtain data that foreign companies store in Hong Kong. It will also point to the risk of a new law allowing Beijing to impose sanctions against anyone enabling foreign penalties to be implemented against Chinese groups and officials.
CTRL-ALT-Delete? The internet industry’s D.C. powerhouse vanishes.
Politico
@birnbaum_e
The Internet Association has been shedding staff, losing influence on Capitol Hill and shrinking to near-obscurity in media coverage of tech policy debates in Washington, even as the industry faces controversies ranging from alleged monopolization to privacy to how it treats its legions of workers.
North Asia
Politics, health collided in Taiwan's tortured BioNTech vaccine talks
Reuters
@YimouLee Ben Blanchard
As talks for Taiwan to access BioNTech’s COVID-19 vaccine via two major Taiwanese companies reached a head last week, the German firm's Chinese sales agent put forward a template contract seeking access to Taiwanese medical records. The clause sparked alarm, as such a requirement would be anathema for Taiwan's government, long wary of Beijing's attempts at influence over the democratic island, a source with direct knowledge of the matter told Reuters.
Southeast Asia
Singapore is launching a $50 million program to advance research on AI and cybersecurity
CNBC
@sahelirc
Singapore plans to invest $50 million in a program to support research on AI and cybersecurity for future communications structures, Deputy Prime Minister Heng Swee Keat announced on Tuesday.
South & Central Asia
Malware-infected documents found on the Kazakhstan government’s portal
The Record by Recored Future
@campuscodi
The official website of the Kazakhstan government has hosted documents infected with malware for more than five months, since January this year… The Kazakhstan incident marks the second time this year that cybercriminals managed to plant malware on an official government site.
UK
Met police seize nearly £180m of bitcoin in money laundering investigation
The Guardian
Metropolitan police detectives investigating international money laundering have seized nearly £180m of bitcoin. The seizure by the Metropolitan police’s economic crime command follows a confiscation of £114m of the cryptocurrency in June. The two confiscations were made after intelligence received about the transfer of criminal assets.
A third of Britons fear TikTok would share data with Chinese state
The Guardian
@alexhern
Almost a third of Britons are concerned that TikTok might share their personal data with the Chinese government, according to a book on the social network, despite the app’s popularity across the nation.
Dechert may face UK lawsuit over Indian hacking claim
Reuters
@razhael
Aviation tycoon Farhad Azima alleges that a former partner at the Philadelphia-based law firm helped direct Indian hackers to steal his emails as his relationship with RAKIA soured over a pair of botched business deals.
Europe
France fines Google 500 mln euros over copyright row
Reuters
Christian Lowe
France’s antitrust watchdog slapped a 500 million euro ($593 million) fine on Alphabet’s Google on Tuesday for failing to comply fully with temporary orders the regulator had given in a row with the country’s news publishers. The U.S. tech group must come up with proposals within the next two months on how it would compensate news agencies and other publishers for the use of their news.
European Union’s top antitrust enforcer calls for greater global alignment on tech regulation
The Washington Post
@Cat_Zakrzewski
The tech industry’s top European adversary called Monday for greater cooperation among democracies as regulators race to check the power of Silicon Valley titans. “We do not have a global competition enforcer, but we have global companies,” Margrethe Vestager, Europe’s top digital enforcer, said at a Washington Post Live interview. “The more we are aligned, the better chance we have.”
Controversial WhatsApp policy change hit with consumer law complaint in Europe
TechCrunch
@riptari
Facebook has been accused of multiple breaches of European Union consumer protection law as a result of its attempts to force WhatsApp users to accept controversial changes to the messaging platforms’ terms of use — such as threatening users that the app would stop working if they did not accept the updated policies by May 15.
EU regulators may revise rules defining companies' market power
Reuters
@FooYunChee
European Union antitrust regulators may revamp decades-old rules covering the market power of companies to take into account cases such as when tech giants offer products for free while harvesting users' data, or the impact of deals on innovation.
The U.S.-China Tech Conflict Front Line Goes Through Belgium
Bloomberg
@ACBerlin
The Interuniversity Microelectronics Centre, or imec, may be Belgium’s best-kept secret, but it’s in global demand for its work on the future of computer chips, with applications in areas from genome sequencing to autonomous driving. It’s also increasingly in the sights of governments as chips become political weapons in the U.S.-China tech conflict.
Russia
Russia’s most aggressive ransomware group disappeared. It’s unclear who made that happen.
The New York Times
@SangerNYT
Just days after President Biden called President Vladimir V. Putin of Russia and demanded that he act to shut down ransomware groups that are attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday morning, terminating negotiations over ransom payments and even bringing down the page where it boasted about its most successful extortion schemes.
Americas
Social media restricted in Cuba amid widening anti-government protests
Netblocks
Network data from NetBlocks confirm partial disruption to social media and messaging platforms in Cuba from 12 July 2021. The targeted restrictions are likely to limit the flow of information from Cuba following widespread protests on Sunday as thousands rallied against the socialist government’s policies and rising prices.
Middle East
Iranian hackers posed as British-based academic
BBC News
@gordoncorera
An Iranian group which pretended to be a British-based academic in order to target individuals in a cyber-espionage campaign has been discovered.
Gender and Women in Cyber
A Facebook engineer abused access to user data to track down a woman who had left their hotel room after they fought on vacation, new book says
Business Insider
@SarahM_Jackson
A Facebook engineer reportedly abused employee access to user data to track down a woman who had left him after they fought, a new book says.
How Facebook's engineers spied on women
The Telegraph
@sheeraf @ceciliakang
In an exclusive extract, Sheera Frenkel and Cecilia Kang reveal how an ethos of openness meant private information could be misused.
Online Gender-Based Violence is a Nightmare Without Borders
Human Rights Watch
@heatherbarr1
Although she lives in South Korea, the misuse of tech for gender-based violence is a problem without borders, and is of increasing concern in every country in the world. It ranges from surveillance by spycams and other recording technologies to abuse on social media and platforms that facilitate sharing and profiting from non-consensual sexual images. The abusers range from former intimate partners to strangers who capture the images without the victim’s knowledge.
Misc
Concern trolls and power grabs: Inside Big Tech’s angry, geeky, often petty war for your privacy
Protocol
@issielapowsky
Inside the World Wide Web Consortium, where the world's top engineers battle over the future of your data.
Research
Digital safe havens: sheltering civilians from military cyber operations
The University of Queensland
Isabelle Peart
It is generally accepted that principles of international humanitarian law apply to military cyber operations during armed conflict. However, international humanitarian law as it stands may place civilians at greater risk of harm in the context of military cyber operations. This is due to the doctrine of dual-use objects and its application during cyber conflict.
An Australian DARPA to turbocharge universities’ national security research: securely managed Defence-funded research partnerships in Five-Eyes universities
ASPI
Robert Clark Peter Jennings
More than at any time since World War II, science and technology (S&T) breakthroughs are dramatically redesigning the global security outlook. Australia’s university sector now has a vital role to play in strengthening Australia’s defence. In this paper, we propose establishing a formal partnership between the Defence Department, defence industry and Australian universities. There’s a significant opportunity to boost international defence S&T research cooperation with our Five-Eyes partners: the US, UK, Canada and New Zealand. We outline how this can be done.
Measuring the Effects of Influence Operations: Key Findings and Gaps From Empirical Research
Carnegie Endowment for International Peace
@JonKBateman Elonnai Hickok @lacourchesne Isra Thange Jacob N. Shapiro
More than at any time since World War II, science and technology (S&T) breakthroughs are dramatically redesigning the global security outlook. Australia’s university sector now has a vital role to play in strengthening Australia’s defence. In this paper, we propose establishing a formal partnership between the Defence Department, defence industry and Australian universities. There’s a significant opportunity to boost international defence S&T research cooperation with our Five-Eyes partners: the US, UK, Canada and New Zealand. We outline how this can be done.
Events
Indigenous Cyber and Digital Skills Conference
ASPI’s IndigiCyber, Defence and Space Program
This half-day conference will canvas a range of curriculum and engagement initiatives in cyber-security and STEM as well as government and industry responses to both support those already in work, and to attract diverse candidates. What can defence, and defence-related sectors, do to support the next generation of technology champions? 23 Jun 2021 9:00 am - 1:00 pm
ASPI Webinar: In-Conversation with Marietje Schaake
ASPI ICPC
SPI's International Cyber Policy Centre is delighted to invite you to an in-conversation with Marietje Schaake, President of the Cyber Peace Institute, the International Policy Director at Stanford's Cyber Policy Center and International Policy Fellow at Stanford’s Institute for Human-Centered Artificial Intelligence. Join Fergus Hanson for an online ‘fireside chat’ with Marietje focusing on technology, democracy and the question of accountability. They will discuss how democracies can cooperate amidst rising authoritarianism and the privatised governance of technologies. They will also consider the rule of law and how it relates to the oversight of existing and emerging technologies. 27 July 2021 5:00 pm - 6:00 pm
Jobs
ICPC Senior Analyst or Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre has an outstanding opportunity for a talented and proactive senior analyst or analyst to join its centre. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by state and non-state actors. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies.
ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. This role will focus on policy relevant cybersecurity analysis, informed public commentary and either original data-heavy research and/or technical analysis. Analysts usually have around 7-15 years work experience. Senior analysts usually have a minimum of 15 years relevant work experience and tend to be involved in staff and project management, fundraising and stakeholder engagement.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.