Government bans abusive users from dating apps | Kenyan protesters are using AI in their anti-government fight | RockYou2024 Leak Exposes 10 Billion Passwords
Good morning. It's Monday 8th July.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Follow us on Twitter and on LinkedIn.
The Australian government has introduced a new industry code for online dating apps to ban abusive users and improve safety, criticizing past inaction on regulation. This code, overseen by an independent committee, aims to enhance user protection by working with law enforcement and will take effect in three months. The Australian
Kenyan youth are using AI tools to expose corruption and explain contentious laws amid ongoing protests against the government's Finance Bill 2024. These efforts, driven by young activists using platforms like TikTok and local apps, highlight growing concerns over AI's role in political mobilization and government response. Semafor
Researchers discovered the "RockYou2024" leak, containing nearly 10 billion plaintext passwords from breaches spanning two decades. This massive cache poses significant risks for credential stuffing and brute-force attacks, potentially leading to widespread data breaches and identity theft. TechRadar
ASPI
Protecting Japan’s national security from information operations
The Strategist
Yuta Kimura
Japan in the past believed it was relatively safe from malign information operations, thanks to the linguistic barrier and a generally high level of public trust in traditional media. But in the wake of some high-profile Chinese disinformation and misinformation operations targeting Japan, the government in Tokyo has rightfully moved beyond these assumptions and is now increasingly aware of the power of information operations to undermine social cohesion and trust in political institutions.
Chinese electric vehicles are transforming Australia's car market. Are we getting a good deal?
The Canberra Times
Sanjoy Paul and Priyabrata Chowdhury
In 2023, the Australian Strategic Policy Institute urged customers to be aware of the potential security risks of buying a Chinese-made EV. More generally, EVs rely on connection to the internet for a range of tasks, and collect swathes of personal data including locations, routes driven and calls made by drivers. ASPI warned that this personal privacy issue may become a national security risk if a person drives to a secure facility.
Australia
Abusive users to be banned from Tinder, Grindr and other dating apps under government crackdown
The Australian
Jared Lynch
The federal government has launched a crackdown on online dating apps after years of lobbying from the eSafety Commissioner for tech companies to “prioritise safety over clicks. Popular apps including Tinder, Grindr and RSVP have adopted a new industry code. The dating apps have also agreed to a new compliance rating system that will be published on their services to provide users “clear guidance on how each dating service is meeting its commitments”. The dating code includes terminating accounts from abusive users as well as “proactive escalation” by complaints with law enforcement agencies where there is an “imminent threat to the safety of a complainant” and to stamp out violence.
Seven West Media caught in major hack as online criminals target network in crypto scam
The Australian
Jared Lynch
Seven West Media’s YouTube accounts have been hijacked, in what appears to be an attempt by online criminals to fleece Australians of their savings using Elon Musk’s likeness to spruik bogus cryptocurrency investments. A Seven spokesman said the network was investigating the hack, which hit the company’s accounts on the Google-owned platform on Thursday morning. “Seven is aware that some of its branded YouTube channels are not appearing as they should. Seven is investigating and working with YouTube to resolve the situation as soon as possible,” the spokesman said.
New data cloud to protect nation’s secrets
The Australian
Ben Packham
Australia’s spy agencies and military commanders will accelerate their use of artificial intelligence to analyse vast datasets under a $2bn contract with a US tech giant to create a top secret cloud computing network. Three secure data centres and two control centres will be built at undisclosed locations under the deal with Amazon Web Services – the world’s biggest cloud computing provider. They will be air-gapped from the internet, accessible only by those with appropriate security clearances, and be operational by mid-2027. The system will give the Australian Defence Force and Australia’s 10 intelligence agencies access to AWS’s evolving suite of AI tools, which are used by an array of US partners including the Pentagon and intelligence agencies.
‘Get tough with social media for kids’ sake’, says Law Council
The Australian
Ellie Dudley
Labor should introduce greater penalties for social media companies that break online safety laws, Australia’s peak legal body says, arguing the federal government needs to take a “tough” approach to prevent harm to children and teenagers. The Law Council of Australia, in reviewing the Online Safety Act, also says “too much responsibility” is placed on young people to monitor their own safety online, and that onus should be put on Big Tech and social media companies. “The introduction of greater penalties could be a useful measure to demonstrate to social media companies that Australia has a tough stance on behaviour that violates the act,” its submission reads.
The university vowed not to spy on students. Now it’s using tracking data to punish them
The Age
Alex Crowe
The University of Melbourne tracked students who staged a pro-Palestinian sit-in at a campus building, capturing CCTV footage and Wi-Fi location data that it will use as evidence in misconduct trials due to start this week. Human rights experts and students have expressed concerns the surveillance contravenes the university’s own polices against using tracking technology to identify students.
China
China unveils world’s 1st virtual military commander; participates in computer wargames to prepare for future
The EurAsian Times
Ritu Sharma
Even as the world is still debating the pitfalls and ethics of handing over the decision of war to Artificial Intelligence (AI), Chinese scientists have already claimed to create an AI commander, the first and highest-level role given to AI in military research. For now, the “virtual commander” is already participating in war games at the country’s Joint Operations College of the National Defense University.
Tesla is now an official Chinese government car
CNN
Laura He
For the first time ever, Tesla cars have been placed on a Chinese government purchase list, according to state-owned media outlet Paper.cn.Tesla is the only foreign-owned EV car brand on the purchase catalog published by the government of Jiangsu province in eastern China. The other brands mentioned include Volvo, owned by China’s Geely, and state-owned SAIC.
Ukraine - Russia
“Morality and ethics should play no part”: Leaks reveal how Russia's foreign intelligence agency runs disinformation campaigns in the West
The Insider
Michael Weiss, Roman Dobrokhotov and Christo Grozev
The Insider has obtained hacked correspondence from officers of Russia's foreign intelligence agency (SVR) responsible for “information warfare” with the West. The leaked documents, intended for various government agencies, reveal the Kremlin's strategy: spreading disinformation on sensitive Western topics, posting falsehoods while posing as radical Ukrainian and European political forces (both real and specially created), appealing to emotions — primarily fear — over rationality, and utilizing new internet platforms instead of outdated ones like RT and Sputnik. The documents also detail localized campaigns against Russian émigrés, including efforts to discredit a fundraiser for Alexei Navalny's Anti-Corruption Foundation who had moved to the United States.
Russia says Apple blocks 25 VPN apps in Russia, IFX reports
Reuters
U.S. tech giant Apple (AAPL.O), removed the mobile apps of 25 VPN services from its App Store, following a request by Russia's state communications watchdog Roskomnadzor, Interfax reported on Thursday. Demand for VPN services soared in Russia after President Vladimir Putin ordered troops into Ukraine in 2022 and the authorities restricted access to some Western social media. Russian communications watchdog Roskomnadzor has already blocked access to some large VPNs, but others remained available.
Middle East
How Saudi Arabia’s MBC came to dominate Middle East streaming
Financial Times
Chloe Cornish and Ahmed Al Omran
Media group MBC is competing hard with Netflix to become the Middle East’s biggest streaming service, pushing a wide range of Arabic TV shows and films and its offer of free programmes supported by advertising. The Riyadh-listed entertainment company, which is majority owned by the Saudi government and is the region’s largest broadcaster, now commands 22 per cent of the Middle East and north Africa $1bn streaming market through its Shahid division. This puts it 4 per cent ahead of regional rival Starz Play Arabia and 5 per cent ahead of Netflix, according to industry analyst Omdia.
A new esports tournament in Saudi Arabia promises to be a game-changer – but it’s also caused division in the industry
CNN
Ben Church
In the heart of Saudi Arabia’s capital, a seismic moment for esports is underway; one which has triggered both excitement and concern across the industry. The Esports World Cup (EWC) – which began on July 3 – has brought together professional gamers, publishers and fans from across the world for an eight-week competitive gaming bonanza. Its record-breaking prize pool of more than $60 million has raised eyebrows and Ralf Reichert, CEO of the Esports World Cup Foundation which is organizing the event, told CNN Sport that the spectacle will help unite the industry.
Africa
Kenyan protesters are using AI in their anti-government fight
Semafor
Martin K. N. Siele
Kenya’s government has raised concerns about risks associated with use of artificial intelligence (AI) as youth-led, anti-government protests continue across the nation. Protesters have deployed creative uses of AI and digital tools to take on the political establishment over the past few weeks as part of the nationwide demonstrations, which were triggered by the now-scrapped Finance Bill 2024 containing a raft of unpopular tax hikes.
Artificial Intelligence
ChatGPT just (accidentally) shared all of its secret rules – here's what we learned
TechRadar
Eric Hal Schwartz
ChatGPT has inadvertently revealed a set of internal instructions embedded by OpenAI to a user who shared what they discovered on Reddit. OpenAI has since shut down the unlikely access to its chatbot's orders, but the revelation has sparked more discussion about the intricacies and safety measures embedded in the AI's design. Reddit user F0XMaster explained that they had greeted ChatGPT with a casual "Hi," and, in response, the chatbot divulged a complete set of system instructions to guide the chatbot and keep it within predefined safety and ethical boundaries under many use cases.
A Hacker stole OpenAI secrets, raising fears that China could, too
The New York Times
Cade Metz
Early last year, a hacker gained access to the internal messaging systems of OpenAI, the maker of ChatGPT, and stole details about the design of the company’s A.I. technologies. The hacker lifted details from discussions in an online forum where employees talked about OpenAI’s latest technologies, according to two people familiar with the incident, but did not get into the systems where the company houses and builds its artificial intelligence.
Wimbledon employs AI to protect players from online abuse
The Guardian
Emine Sinmaz
The All England Lawn Tennis Club is using artificial intelligence for the first time to protect players at Wimbledon from online abuse. An AI-driven service monitors players’ public-facing social media profiles and automatically flags death threats, racism and sexist comments in 35 different languages. High-profile players who have been targeted online such as the former US Open champion Emma Raducanu and the four-time grand slam winner Naomi Osaka have previously spoken out about having to delete Instagram and Twitter, now called X, from their phones. Harriet Dart, the British No 2, has said she only uses social media from time to time because of online “hate”.
Real criminals, fake victims: how chatbots are being deployed in the global fight against phone scammers
The Guardian
Tory Shepherd
A scammer calls, and asks for a passcode. Malcolm, an elderly man with an English accent, is confused. “What’s this business you’re talking about?” Malcolm asks. Another day, another scam phone call. This time, Ibrahim, a cooperative and polite man with an Egyptian accent, picks up. “Frankly, I am not too sure I can recall buying anything recently,” he tells the hopeful con artist. “Maybe one of the kids did,” Ibrahim goes on, “but that’s not your fault, is it?” The scammers are real, but Malcolm and Ibrahim are not. They’re just two of the conversational artificial intelligence bots created by Prof Dali Kaafar and his team. Through his research at Macquarie University, Kaafar founded Apate – named for the Greek goddess of deception.
Risks loom even as artificial intelligence holds promise of productivity for ASX companies
The Australian
Joyce Moullakis
Artificial intelligence holds out the promise of transformation and productivity gains across the ASX, but coupled with that are real risks.It’s a topic that is top of mind across a range of sectors, particularly as the technology evolves and generative AI – which can create content such as text, images and videos – gains traction. Caution is required, though, given that the technology has flaws and there is a real risk of misinformation being conveyed.
Google search ranks AI spam above original reporting in news results
WIRED
Reece Rogers
Recently, I was using Google and stumbled upon an article that felt eerily familiar. While searching for the latest information on Adobe’s artificial intelligence policies, I typed “adobe train ai content” into Google and switched over to the News tab. I had already seen WIRED’s coverage that appeared on the results page in the second position: “Adobe Says It Won’t Train AI Using Artists’ Work. Creatives Aren’t Convinced.” And although I didn’t recognize the name of the publication whose story sat at the very top of the results, Syrus #Blog, the headline on the article hit me with a wave of déjà vu: “When Adobe promised not to train AI on artists’ content, the creative community reacted with skepticism.”
Misc
Is this the biggest password leak ever uncovered? Researchers claim nearly 10 billion credentials under threat — here's what we know so far
TechRadar
Benedict Collins
Researchers claim to have uncovered what appears to be the biggest password cache ever uncovered, with 9,948,575,739 unique plaintext passwords inside.The file, titled ‘rockyou2024.txt’ contains passwords stolen in a mix of old and new attacks, making the file a brute force attackers’ dream. “In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” Cybernews researchers say.
The FIA has been hacked after workers fell for a phishing attack
TechRadar
Sead Fadilpasic
The Fédération Internationale de l'Automobile (FIA), the governing body for Formula 1 and other top motorsports around the world, has revealed it recently suffered a cyberattack which saw threat actors gain access to several email accounts. In a short press release, the FIA confirmed recent phishing attacks resulted in “unauthorized access to personal data contained in two email accounts belonging to the FIA.”
After a 10-year wait, Mt. Gox bitcoin is finally being returned
WIRED
Joel Khalili
In late February 2014, Daniel was at his computer trading bitcoin on Tokyo-based crypto exchange Mt. Gox. Suddenly, the website flashed white and became unresponsive. In a panic, Daniel turned for answers to internet forum Bitcoin Talk, where speculation had already begun: Mt. Gox was in trouble. Daniel, who lives in Europe, was a university student at the time. After making a bit of money trading bitcoin on Mt. Gox, he had posted almost all of his wealth to the exchange. When Mt. Gox fell offline, Daniel says, he went into “full crisis mode.” He needed that money to fund the remainder of his time in school.
Ex-directors allege fraud at Tether-backed crypto group Northern Data
Financial Times
Bryce Elder
Two former executives of Northern Data, a German-listed crypto and AI infrastructure company backed by Tether, say they were sacked after raising concerns about alleged fraud they claim was being perpetrated by its chief executive and chief operating officer. In a complaint filed last month at the California Central District court, Joshua Porter and Gulsen Kama allege that Northern Data was “falsely misrepresenting the strength of its financial condition to investors, regulators and business partners”, and “was knowingly committing tax evasion to the tune of potentially tens of millions of dollars.”
Events & Podcasts
The Sydney Dialogue
ASPI
The Sydney Dialogue was created to help bring together governments, businesses and civil society to discuss and progress policy options. We will forecast the technologies of the next decade that will change our societies, economies and national security, prioritising speakers and delegates who are willing to push the envelope. We will promote diverse views that stimulate real conversations about the best ways to seize opportunities and minimise risks.
Defending against economic cyber-espionage: saving a norm that never was?
ASPI
As side-event to the UN Open-Ended Working Group on security of and in the use of ICTs, the Australian Strategic Policy Institute - in collaboration with the US State Department’s Bureau for Cyberspace and Digital Policy – is pleased to invite you to a panel discussion on ICT-enabled theft of intellectual property on 8 July.
Stop the World: AUKUS, industry and public support with Sophia Gaston and Eric Chewning
ASPI
In this episode of Stop the World, we bring you the final interview from our special series recorded from the sidelines of the ASPI Defence Conference ‘JoiningFORCES’. And today it’s all about AUKUS. ASPI's Director of The Sydney Dialogue, Dr. Alex Caples, is joined by Sophia Gaston, Head of Foreign Policy at Policy Exchange, and Eric Chewning, Executive Vice President of Strategy and Development at HII. Alex, Sophia and Eric reflect on the progress that has been made on AUKUS, the role of industry in ensuring AUKUS succeeds, and the ongoing challenges such as workforce. The conversation also focuses on political and public support for AUKUS, which has been made even more timely by this week's UK election, and the looming presidential and congressional elections in the United States.
Jobs
Director of Cyber, Technology & Security (CTS)
ASPI
ASPI is looking for an exceptional and experienced senior leader to lead our largest team focused on emerging security challenges in the Indo-Pacific. This is an exceptional opportunity for a talented senior leader to contribute to the work of one of the Indo-Pacific’s top think-tanks with a focus on emerging security issues, and our region. The role provides a unique opportunity for a strategic and creative leader to drive the team’s evolution and to continue influencing public policy making in Australia and across the globe. The role is responsible for the oversight and delivery of a wide range of data-driven research projects. The closing date for applications is 28 July 2024 – an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
Program Manager - Cyber, Technology & Security (CTS)
ASPI
The team has an exciting role for a talented and proactive individual to work with the CTS Director and Deputy Director on program and research coordination, strategic engagement and grants. This is a key role within the CTS team working with the Director, Deputy Director and Program Coordinator on project delivery, fundraising and coordination of team activities. The focus of the role is to help manage and support the individual researchers to collectively deliver projects, accurately, on time and in the most effective way to impact policy. The closing date for applications is 25 July 2024 – an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.