China violating cyber agreement with U.S., NSA official says
In online ruse, fake journalists tried to hack Saudi critic
Australian facial-matching system prone to errors against people of colour, experts warn
ASPI ICPC
Recent ASPI ICPC reports include: 'Mapping Xinjiang’s ‘re-education’ camps', 'Picking flowers, making honey: The Chinese military’s collaboration with foreign universities', 'Preventing Another Australia Card Fail', 'Huawei and Australia's 5G Network', 'Hacking For Ca$h', 'Sydney Recommendations for the ASEAN Region', 'The African Union headquarters hack', 'Defining offensive cyber capabilities', 'Deterrence in cyberspace', 'Technological Entanglement', 'Social Credit', 'Big Data in China' & 'Weibo Diplomacy & Censorship in China'.
From student to drone swarms: how the Chinese Communist Party trains its cadres in Australia
The Sydney Morning Herald
@alexjoske
Who benefits? In Wang Xiangke’s case, Australia gained a handful of research papers that he wrote when he was at ANU. The Chinese military gained a researcher who is developing technologies that might one day allow it to take out aircraft carriers and fighter jets. The Chinese military benefits far more than we do from activities driven by a recognition that the PLA’s scientific talent and universities are behind our own.Openness and cooperation is fundamental to the progress of science. But as Steve Tsang, head of the SOAS China Institute at the University of London, observes: “Conducting research for the sake of advancing science does not fall within the remit of PLA research scientists.” Chinese army research is focused on one goal: to support the Chinese Communist Party and its interests, and collaboration with the Chinese military poses substantial risks to
security and Australia’s interests, as China’s strategic and security interests often do not align with our own. Collaboration with the PLA on technologies which have valuable military applications also raises moral concerns.
National interest test' to align research with security and strategic priorities
The Sydney Morning Herald
@michaelkoziol
UNSW vice-chancellor Ian Jacobs - who also chairs the Group of Eight research universities - has for the past two weeks refused to be interviewed about the collaborations with PLA-linked academics at his university. In an emailed statement, Professor Jacobs said UNSW "engages in collaborative research with many international partners as part of our work as a globally engaged university", including China.. The ASPI report - titled Picking flowers, making honey - also put the Australian National University in the top 10 for collaborations with PLA-linked academics. It said that on 17 occasions, academics had used "cover" to obscure their military affiliations.
Australia looks on as cyber-stability org bars product tampering
IT News
@Media_Matt
The Commission met in Singapore this week, with Feakin joined by Department of Foreign Affairs and Trade (DFAT) officials Asha Sharma and Sam Taylor in hearings to discuss six new norms. The Australian Strategic Policy Institute (ASPI) was also represented at the talks, as was the United Nations and European Union.
Australia
Australian facial-matching system prone to errors against people of colour, experts warn
The Guardian
@knausc
UK study found facial matching wrongly identified people in 91% of cases.
Pacific Islands
Policy points out key threats to Samoa
Samoa Observer
Cybersecurity, according to the policy, is a high priority, and the arrival of the Tui Samoa submarine cable brings great benefits, but also heightens vulnerabilities. And so the Government will support the timely implementation of the Cyber Security Strategy 2016-2021, including allocation of adequate resources, provide effective safeguards in the National Broadband Highway and in the proposed electronic National ID System to protect private and government information.
China
At China’s Internet Conference, a Darker Side of Tech Emerges
The New York Times
@zhonggg
The World Internet Conference in Wuzhen, China, has long showcased flashy new tech. This year, discussions also dealt with counterterrorism, data breaches and surveillance.
Beijing's secret plot to infiltrate UN used Australian insider
The Sydney Morning Herald
@ageinvestigates @BethanyAllenEbr @zachsdorfman @fergushunter
A $100,000 bribe was funded by Liu Wei, also known as William Liu. He wanted the Antiguan government to award China National Software and Security Co. – a state-owned company with deep link to Beijing's security agencies – a contract ‘‘to build a national internet security system’’.
Sundar Pichai of Google: ‘Technology Doesn’t Solve Humanity’s Problems’
NYT
@dgelles
How do you approach this in China, where Google is considering returning to the market with a search engine? One of the things that’s not well understood, I think, is that we operate in many countries where there is censorship. When we follow “right to be forgotten” laws, we are censoring search results because we’re complying with the law. I’m committed to serving users in China. Whatever form it takes, I actually don’t know the answer. It’s not even clear to me that search in China is the product we need to do today..Do you worry that Silicon Valley is suffering from groupthink and losing its edge? There is nothing inherent that says Silicon Valley will always be the most innovative place in the world. There is no God-given right to be that way. But I feel confident that right now, as we speak, there are quietly people in the Valley working on
some stuff which we will later look back on in 10 years and feel was very profound. We feel we’re on the cusp of technologies, just like the internet before.
China pours money into private sector military technology
FT
Relaxed regulation has spurred start-ups to enter defence sector.
China’s state-run press agency has created an ‘AI anchor’ to read the news
The Verge
@jjvincent
But the agency’s new host isn’t any more sophisticated than a CGI puppet.
North Asia
Cyberattack response site to be launched by Japan and ASEAN
Nikkei Asian Review
Clearinghouse will aid officials in confronting transnational threats.
South Asia
India witnesses over 4.3 lakh cyber attacks from countries including China, Russia
First Post
India has been the target of over 4.3 lakh cyber attacks from five countries including China, Russia and the US while more than 73,000 attacks were initiated from India between January and June this year, says a Finnish cybersecurity company.
USA
China Violating Cyber Agreement With U.S., NSA Official Says
Bloomberg
@asebenius @nicoagrant
China is violating a 2015 cybersecurity agreement that prohibits the electronic theft of intellectual property, and the U.S. might issue sanctions in response, a top official at the National Security Agency said.
Top US Intelligence Official Sue Gordon Wants Silicon Valley on Her Side
WIRED
@EmilyDreyfuss
Now, Gordon says, the time is ripe for a new partnership with the intelligence agencies and Silicon Valley. Artificial intelligence, she says, presents a huge opportunity for the government and the private sector, but the risks of its being abused, biased, or deployed by foreign adversaries is so real that the government and tech companies should be collaborate to secure it.. Some in tech openly agree with that notion—Bezos told the audience at WIRED 25 last month that “if big tech companies are going to turn their back on US Department of Defense, this country is going to be in a lot of trouble”—much of the rank and file are uneasy or flat-out hostile to the idea of working with the government on matters of war.
The risks of the new U.S. cyber strategy
Axios
Soon we'll start to learn whether it makes the U.S. more secure, the world more chaotic, or both.
US banks prepare for Iranian cyberattacks as retaliation for sanctions
CNN
@Jose_Pagliery
As the United States reinstated economic sanctions on Iran on Monday, American banks were gearing up for retaliatory Iranian cyberattacks. Bank executives believe Iranian hackers could attempt to disrupt financial services, perhaps as they did between 2011 and 2013 -- with denial-of-service attacks that interrupted bank websites and other internet financial services.
Amazon Execs Addressed Concerns About Amazon Rekognition And ICE At An All-Hands Meeting
BuzzFeed
@daveyalb ?
Amazon executives defended the company’s controversial facial recognition technology at an all-hands staff meeting Thursday after employees raised civil rights concerns about the tech’s potential misuse, according to a transcript of the internal meeting obtained by BuzzFeed News. An employee who spoke to BuzzFeed News said they and their colleagues were disappointed in the response.
If Jeff Bezos Makes Washington the Second Headquarters of Amazon
New Yorker
@OsitaNwanevu
More quietly, Amazon is investing heavily in the area. Fairfax County, Virginia, is now home to the East Coast campus for Amazon’s cloud-computing arm, Amazon Web Services, which is widely expected to win a contract with the Department of Defense worth ten billion dollars over ten years. About five miles away, in Loudoun County, Amazon is building a six-hundred-thousand-square-foot data center to anchor the company’s nearly thirty centers in the area.
UK
Top banks in cyber-attack 'war game'
BBC News
The Bank of England is testing the UK's ability to withstand a major cyber-attack on financial institutions. Some 40 firms, including leading banks, are taking part in a one-day "war-gaming" exercise designed to assess their resilience.
Alarm over talks to implant UK employees with microchips
The Guardian
@JuliaKollewe
Trades Union Congress concerned over tech being used to control and micromanage.
Europe
Spain and Russia agree to set up joint cybersecurity group
Washington Post
The foreign ministers of Russia and Spain say they agreed to establish a joint cybersecurity group to keep the malicious spreading of misinformation from damaging relations between their countries. Spanish Foreign Minister Josep Borrell said he welcomed Russian Foreign Minister Sergei Lavrov’s proposal for a collaborative effort “to gauge the extent of the problem and analyze it to prevent it from becoming a source of friction.”.. Spanish officials have alleged that a misinformation campaign mainly initiated in Russia was partially to blame for instability in Spain’s Catalonia region.
Meeting Kosovo's clickbait merchants
BBC News
It is difficult to tell exactly how large this illicit economy had become in the past. But Facebook's reforms, I heard again and again, have had some effect. Page after page had been shut down. Income had fallen from 600 euros a day to about 100. Spreading false news, then, has become less profitable - and possibly also less political. It has apparently morphed into celebrity hype, false stories of footballers breaking legs or lurid sexual gore. The content creators were sharing trivia, not Trump.
“Funeral Teams for NATO Soldiers” – a Week of Disinformation Scare-Mongering, Exaggeration and Mockery
EU vs DISINFORMATION
When NATO’s large Trident Juncture 2018 exercise concluded this week, pro-Kremlin disinformation was unsurprisingly swift to react. Two weeks ago we highlighted three different ways in which pro-Kremlin disinformation seeks to undermine public trust in the EU and NATO. This week we look at how Russia’s disinformation reacted to this exercise... Only one third consisted of uncritical retweets of disinformation. What’s more, debunk messages scored a total of 1.6 million Twitter impressions, whereas the disinformation message arrived at 630,000. The defeat of the disinformation was largely thanks to NATO spokeswoman Oana Lungescu, who pushed back by serving plain facts on Twitter, but also driven by many individual users, who put the Russian Embassy on the spot.
Middle East
In online ruse, fake journalists tried to hack Saudi critic
AP News
@razhael
Hackers impersonating journalists tried to intercept the communications of a prominent Saudi opposition figure in Washington, The Associated Press has found. One attempt involved the fabrication of a fake BBC secretary and an elaborate television interview request; the other involved the impersonation of slain Washington Post columnist Jamal Khashoggi to deliver a malicious link.
Twitter ‘gave Saudi Arabia information about journalist who ended up dead’
Metro UK
Twitter has come under fire after another dissident journalist was reportedly tortured and killed in Saudi Arabia. Turki Bin Abdul Aziz Al-Jasser was arrested on March 15 for allegedly running a Twitter account called Kashkool, which exposed human rights violations by Saudi authorities and royals. He then died while being tortured in detention, The New Khaleej states – prompting fresh outrage over an alleged leak of information that lead to his capture.
- Vijaya Gadde (@vijaya) Legal, Policy and Trust & Safety Lead at Twitter tweets:
'These accusations are false. We understand the incredible risk faced by many who use Twitter. Access to private info is rigorously limited to a small group of well trained people (all located outside the Middle East). No one in our Dubai office has access to this type of info'
Why are Chinese investments in Israeli hi-tech making Washington nervous?
The Jerusalem Post
@ilanberman
China’s stake in Israeli hi-tech has become so significant that it now runs the risk of impacting the longstanding special relationship between Jerusalem and Washington.
Misc
Adobe ColdFusion servers under attack from APT group
ZD Net
@campuscodi
A cyber-espionage group appears to have reverse engineered an Adobe security patch and is currently going after unpatched ColdFusion servers.
Research
Principles for Growing and Sustaining the Nation's Cybersecurity Workforce
The Aspen Institute
The U.S. currently has a cyber workforce shortage of 300,000 individuals and the trend line predicts an increasing gap. This is largely because demand is significantly outpacing supply, large candidate pools are left untapped, employer requirements aren’t well sync’d to the skills needed, and awareness of cyber career paths remains low. After months studying the challenge, the Aspen Cybersecurity Group offers a mix of principles, partnerships, and specific steps employers can take to close the skills gap.
Thank you for reading the Daily Cyber Digest. If you have any feedback, please let us know via email at icpc@aspi.org.au