'Mercenary' hacker group runs rampant in Middle East I United States Seizes Domain Names Used by Iran’s Islamic Revolutionary Guard Corps I Online violence against women escalating
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Saudi diplomats, Sikh separatists and Indian business executives have been among those targeted by a group of hired hackers, according to research published on Wednesday by software firm BlackBerry Corp BB.BA. Reuters
The United States has seized 92 domain names that were unlawfully used by Iran’s Islamic Revolutionary Guard Corps (IRGC) to engage in a global disinformation campaign, announced the Department of Justice. United States Department of Justice
A landmark survey has revealed shocking accounts of escalating online violence against girls and women across more than 20 countries, with respondents exposed to explicit messages, pornographic photos, cyberstalking and other forms of internet abuse. Attacks are most common on Facebook, followed by Instagram and WhatsApp, according to the Plan International survey. The Guardian
ASPI ICPC
QAnon super-spreader Facebook’s latest crackdown may be doomed to fail, experts warn
New Daily
@isabellelane
But QAnon content on Facebook has ramped up during the pandemic, and the firm’s previous efforts to tackle it have proven lacklustre, Australian Strategic Policy Institute (ASPI) researcher Elise Thomas told The New Daily. “I’ve lost count of the number of times Facebook has said it’s going to either commit to reduce or crackdown on QAnon-related content in various forms around the world,” Ms Thomas said. “So far it hasn’t been enormously successful, and due to the pandemic we have seen a huge explosion in QAnon-related activity on Facebook, as we have seen in a range of conspiracy theories across other platforms.”
World
Online violence against women 'flourishing', and most common on Facebook, survey finds
The Guardian
@MelissaLDavey
A landmark survey has revealed shocking accounts of escalating online violence against girls and women across more than 20 countries, with respondents exposed to explicit messages, pornographic photos, cyberstalking and other forms of internet abuse. Attacks are most common on Facebook, followed by Instagram and WhatsApp, according to the Plan International survey.
From AI to facial recognition: how China is setting the rules in new tech
Financial Times
@JKynge @nicolle_liu
Zhao Houlin is head of the UN’s telecoms agency, an independent international arbiter that sets some of the rules shaping the modern technology industry. But that does not stop him from letting his patriotism burst into the open. A former government official in China, Mr Zhao has repeatedly lionised the Belt and Road Initiative, the pet project of Chinese President Xi Jinping to invest in overseas infrastructure. He has also defended Huawei, the controversial Chinese telecoms champion, against US accusations that its equipment can be used for espionage.
Australia
Facebook's QAnon ban omits high-profile Australians linked to conspiracy theory
The Guardian
@knausc @joshgnosis @mmcgowan
High-profile Australians linked to QAnon will remain untouched by Facebook’s crackdown on the conspiracy theory because the ban does not extend to individual posts, the social media giant has conceded. But experts say Facebook’s announcement overnight that it would significantly escalate attempts to combat misinformation on the site by removing “any Facebook Pages, Groups and Instagram accounts representing QAnon” would still deal a massive blow to proponents of the conspiracy theory.
Budget 2020: Commonwealth Ombudsman scores AU$1.6m to oversee encryption laws
ZDNet
One of the rare notable pieces of funding was the fulfilment of the wish from the Commonwealth Ombudsman for more funding."The government will provide AU$1.6 million in 2020-21 (including $0.9 million in capital funding) to the Office of the Commonwealth Ombudsman to ensure that it can effectively oversee the use of the new Telecommunications and other Legislation Amendment (Assistance and Access) Act 2018 by law enforcement agencies," the Budget papers stated.
Budget 2020 Winners and Losers: Who gains the most from biggest cash splash since WWII
Nine News
@StuMarsh9
They’re losers every day of the week, but cyber hackers are going to find running scams more difficult after the government announced an additional $201.5 million cyber security package aimed at pumping up the resources of the Australian Federal Police. Additionally, the government is spending $128.1 million to shore up its cyber defences after it was revealed that a “significant” attack could impact the country for four weeks, costing $30 billion and 163,000 jobs.
China
The great uncoupling: one supply chain for China, one for everywhere else
Financial Times
@kathrinhille
At a time when tensions between Washington and Beijing are increasingly beginning to resemble a new cold war, products ranging from computer servers to the Apple iPhone could end up having two separate supply chains — one for the Chinese market and one for much of the rest of the world.
Chinese hackers suspected in cyber-espionage operation against Russia, India
Cyberscoop
@shanvav @snlyngaas
Chinese government-linked hackers are suspected to be behind an ongoing global cyber-espionage campaign that U.S. officials are actively tracking, CyberScoop has learned.
USA
Facebook Widens Ban on Political Ads as Alarm Rises Over Election
The New York Times
@MikeIsaac
On Wednesday, Facebook said it would take more preventive measures to keep political candidates from using it to manipulate the election’s outcome and its aftermath. The company now plans to prohibit all political and issue-based advertising after the polls close on Nov. 3 for an undetermined length of time. And it said it would place notifications at the top of the News Feed notifying people that no winner had been decided until a victor was declared by news outlets.
The Right Way to Cover Hacks and Leaks Before the Election
WIRED
@vermontgmg
With four years of hindsight, that the American news media owes John Podesta an apology. The political media did almost everything wrong in covering the theft-and-leak of his private emails amid the heat of the 2016 presidential campaign, four years ago today—and yet it’s not at all clear that if confronted by an operation similar to what Russian intelligence executed in targeting the Democratic National Committee via Hillary Clinton’s campaign chair, that we’d get it any more right now.
Facial Recognition at the Border Is Fueling Other Forms of Surveillance, Report Says
VICE News
@_nmunn
Facial recognition systems at border crossings around the world can enable more invasive forms of surveillance by feeding biometric data about travellers to other government agencies and private companies without individuals' knowledge, a new report warns. Facial Recognition at a Crossroads: Transformation at Our Borders and Beyond, produced by the Canadian Internet Policy and Public Interest Clinic (CIPPIC), provides a stark analysis of how facial recognition technology is deployed at border crossings around the globe and explores what authorities are doing with the massive amounts of biometric information they collect.
The IRS Is Being Investigated for Using Location Data Without a Warrant
VICE News
@josephfcox
The body tasked with oversight of the IRS announced in a letter that it will investigate the agency's use of location data harvested from ordinary apps installed on peoples' phones, according to a copy of the letter obtained by Motherboard. The move comes after Senators Ron Wyden and Elizabeth Warren demanded a formal investigation into how the IRS used the location data to track Americans without a warrant.
SEC settles with trader accused of illegal trades using hacked data
Cyberscoop
The U.S. Securities and Exchange Commission agreed to settle charges with one of the traders who relied on hacked data from an SEC company filing system to collectively make millions of dollars, the agency said in a federal court filing on Wednesday. The SEC settlement includes both Sungjin Cho, the trader, and Kyungja Cho, his mother. Sungjin Cho made 66 illegal trades under his own name relying on the hacked information, and placed or directed four more under accounts in his mother’s name, according to the original complaint.
Trust algorithms? The army doesn't even trust its own developers
War on the Rocks
@jim_perkins1
Any organization’s adoption of AI and machine learning requires three technical tools: usable digital data that machine learning algorithms learn from, computational capabilities to power the learning process, and the development environment that engineers use to code. However, the military’s precious few uniformed data scientists, machine learning engineers, and data engineers who create AI-enabled applications are currently hamstrung by a lack of access to these tools. Simply put, uniformed personnel cannot get the data, computational tools, or computing capabilities to create AI solutions for the military. The problem is not that the systems or software are inherently unsafe, but that users cannot get approvals to access or install them.
North Asia
Inside the US campaign to cut China out of the tech supply chain
Nikkei Asia
@Lauly_Th_Li @ChengTingFang
The American officials also met with several top Taiwanese chipmakers -- companies whose products are used by Huawei Technologies, the Chinese telecoms equipment supplier that Washington accuses of spying for Beijing. The meetings, likewise, appeared to be an effort to draw those companies over to the U.S. side in the escalating Washington-Beijing tech war, multiple sources with knowledge told Nikkei Asia.
Southeast Asia
China’s Disinformation Campaign in the Philippines
The Diplomat
@Gregory Winger
On September 22, Facebook announced that it had dismantled a Chinese disinformation campaign that used false accounts and profiles to dupe unwitting individuals into consuming Chinese disinformation. The network particularly targeted the Philippines, where it actively interfered in Philippine politics and generated millions of digital interactions by promoting politicians favorable to China, including President Rodrigo Duterte.
UK
Post-Brexit Digital Economy at Risk After EU Court Ruling
Infosecurity
@philmuncaster
Legal experts have warned that a European court ruling could spell trouble for the UK’s digital economy unless the government modifies its mass surveillance regime. The Court of Justice of the European Union (CJEU) ruled yesterday that bulk collection or retention regimes in the UK, France and Belgium must be brought within EU law, even in cases of national security.
Europe
EU lawmakers ask Jeff Bezos whether Amazon spies on politicians
The Guardian
@jjpjolly
A cross-party group of MEPs has written to Amazon’s chief executive, Jeff Bezos, demanding information on the online retailer’s monitoring of trade union activists and politicians in response to deleted job postings that described unions as “threats”. The letter, from 37 members of the European parliament, said they were concerned Amazon deliberately targeted workers seeking to organise, and also questioned whether the company had “spied” on politicians.
Russia
How Russia Today Skirts High-Tech Blockade to Reach U.S. Readers
The Washington Post
@keachhagey @EmilyGlazer @rob_barry
The U.S. intelligence community’s assessment of the Russian efforts created a backlash against social-media companies, which were accused of providing platforms for a misinformation campaign aimed at influencing voters. Facebook Inc., Twitter Inc. and others have since implemented changes to limit the reach of state-run media. Yet RT continues to draw a large American audience, helped unwittingly by some of America’s most prominent conservative websites. The reason: Those news outlets agreed to join a distribution network that allows other members’ content to be displayed on their home pages.
Middle East
United States Seizes Domain Names Used by Iran’s Islamic Revolutionary Guard Corps
The United States Department of Justice
The United States has seized 92 domain names that were unlawfully used by Iran’s Islamic Revolutionary Guard Corps (IRGC) to engage in a global disinformation campaign, announced the Department of Justice. According to the seizure documents, four of the domains purported to be genuine news outlets but were actually controlled by the IRGC and targeted the United States for the spread of Iranian propaganda to influence United States domestic and foreign policy in violation of the Foreign Agents Registration Act (FARA), and the remainder spread Iranian propaganda to other parts of the world.
Mercenary' hacker group runs rampant in Middle East, cybersecurity research shows
Reuters
@razhael @Bing_Chris
Saudi diplomats, Sikh separatists and Indian business executives have been among those targeted by a group of hired hackers, according to research published on Wednesday by software firm BlackBerry Corp BB.BA.
Africa
NSA inaugurates committee on cyber policy review
Punch
The National Security Adviser, Maj. Gen. Babagana Monguno (retd.), has inaugurated a committee to review the National Cybersecurity Policy and Strategy 2014, to check internet threats and enhance national security. The policy has a provision that it should be reviewed every five years according to global standards, and it is due for its first review after it was implemented in 2014.
Misc
Amazon imagines a world where you pay with your hand. Privacy experts aren’t so sure.
The Washington Post
@heatherkelly
Amazon announced a new palm-recognition system last week that lets people shop in two of its Amazon Go stores by scanning their palm at the entrance. The store automatically tracks what products they pick up and then charges the credit card associated with their hand. Some privacy experts worry the new biometric scanning device, which sends images of peoples’ palms into the cloud, could be a security risk.
Etsy will remove all QAnon-related merchandise from the platform as tech companies fight the conspiracy theory's growth
Insider
@ach_greenspan
Etsy is removing all merchandise linked to the QAnon conspiracy theory, a spokesperson told Insider on Wednesday. QAnon, a baseless far-right conspiracy theory that claims President Donald Trump is secretly fighting a "deep state" cabal of human traffickers, has held a huge presence on the online marketplace, where independent users can sell apparel.
Events
Key Takeaways of the Prague 5G Security Conference with Daniel Bagge
Center for a New American Security (CNAS)
An off-the-record discussion on the Prague 5G Security Conference with Daniel Bagge, Cyber Attaché from the Embassy of the Czech Republic.
Date: 7 October 2020
Time: 10:00 AM Eastern Time (US and Canada).
ASPI Webinar Launch: The Flipside of China’s Central Bank Digital Currency
ASPI
In this webinar, report authors Dr Samantha Hoffman, Senior ASPI Analyst, John Garnaut and Dr Matthew Johnson from Garnaut Global, and ASPI research intern Alexandra Pascoe will discuss some of the key findings from the report and offer insights into the potential of China’s central bank digital currency.
Date: 14 Oct 2020
Time: 11:00 am - 12:00 pm AEST.
Research
Global Attitudes Towards AI, Machine Learning & Automated Decision Making
Oxford Commission on AI & Good Governance
In a new study by researchers at the Oxford Internet Institute, ‘Global Attitudes towards Artificial Intelligence (AI) & Automated Decision Making, analysis shows that public perceptions on the use of AI in public life is divided, with populations in the West, generally more worried about AI than those in the East.
Russian AI Research 2010-2018
Center for Security and Emerging Technology
Over the last decade, Moscow has boosted funding of universities and implemented reforms in order to make Russia a global leader in AI. As part of that effort, Russian researchers have expanded their English-language publication output, a key—if imperfect—measure of the country’s innovation and impact. Between 2010 and 2018, the number of English-language publications by Russian scientists in AI-related fields increased six-fold. Nearly half of the papers published during that period were concentrated in the subfields of: computer vision, pattern recognition, linguistics, natural language processing, algorithms, and robotics.
China's Vision for a New World Order
The National Bureau of Asian Research
@RollandNadege
Although China’s vision for a new world order is a work in progress, it would be a mistake to wait until this vision is fully formed to start thinking about potential U.S. and Western responses. Strategic foresight is a vital component of preparedness for a protracted U.S.-China competition. If the first signs of China’s ambitions in information and communications technology had been subject to serious strategic foresight exercises, the United States and its allies might have been able to anticipate the security implications of the rollout of Chinese-built 5G networks and could have come up with actionable policy options.
Chinese Discourse Power
Atlantic Council
This study examined the Chinese Communist Party’s (CCP) use of both Mandarin-language and Western social media platforms as tools for discourse power projection. The DFRLab found China to be effective on Mandarin-language sites that target both Chinese citizens and the Chinese diaspora, employing the use of strict censorship and favorable CCP messaging prioritization. On the other hand, while attempting to engage foreign actors through Western social media platforms, the information operations found to date have resulted in ineffective influence, relied on outsourcing the operation to third parties, and utilized “astroturfing” and “sock puppets.”
The Problem Is in the Internet’s Bones
The New York Times
@margaretomara
As Ball chronicles, the relentless commercial tracking of life online created an opening for more alarming intrusions. The American government spied on its citizens and allowed the internet’s insecurities to be exploited by hackers. China, busily building up its tech infrastructure as our own system frays, is willing to take surveillance and industrial espionage even further. “This is the world that advertising capitalism has built,” Ball concludes ruefully, “a world in which our expectations of any kind of private life are disappearing, and leaving us feeling disempowered against both our major corporations and our governments.”
Jobs
Senior Researcher / Project Lead
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has an outstanding opportunity for a senior researcher to lead a one-year project looking at leadership networks across Asia. Interviews will start immediately.
Research Fellow in Deep Learning for Cyber Security
University of Melbourne
Melbourne School of Engineering is seeking an emerging academic with a strong record of research in Deep Learning to contribute to an exciting ARC project focussed on cyber security. Applicants with a demonstrated research track record in deep learning will be highly-regarded. The role joins a collaborative team including investigators from RMIT and Deakin University and will conduct independent and co-operative research. There may also be opportunities to undertake teaching and contribute to other departmental activities.
