New Pegasus hack found targeting Apple devices through iMessage | Facebook says its rules apply to all. Company documents reveal secret elite is exempt | Huawei ‘infiltrates’ Cambridge research centre
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Spyware researchers have captured what they say is a new exploit from NSO Group’s Pegasus surveillance tool targeting iPhones and other Apple devices through iMessage, in yet another sign that chat apps have become a popular way to hack into the devices of political dissidents and human rights activists. The Washington Post
A program known as XCheck has given millions of celebrities, politicians and other high-profile users special treatment, a privilege many abuse. The Wall Street Journal
Huawei has been accused of “infiltrating” a Cambridge University research centre after most of its academics were found to have ties with the Chinese company. Three out of four of the directors at the Cambridge Centre for Chinese Management (CCCM) have ties to the company, and its so-called chief representative is a former senior Huawei vice-president who has been paid by the Chinese government. The Times
ASPI ICPC
Please visit our new website for The Sydney Dialogue here.
World
New Pegasus hack found targeting Apple devices through iMessage, researchers say
The Washington Post
@craigtimberg @drewharwell @ReedAlbergotti
Spyware researchers have captured what they say is a new exploit from NSO Group’s Pegasus surveillance tool targeting iPhones and other Apple devices through iMessage, in yet another sign that chat apps have become a popular way to hack into the devices of political dissidents and human rights activists.
Apple Cyber Flaw Allows Silent iPhone Hack Through iMessage
The Wall Street Journal
@bobmcmillan
Cyber arms dealer exploits new iPhone software vulnerability, affecting most versions, say researchers
Reuters
@josephmenn @Bing_Chris
Apple Issues Emergency Security Updates to Close a Spyware Flaw
The New York Times
@nicoleperlroth
Apple issued emergency software updates for a critical vulnerability in its products on Monday after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch or Mac computer without so much as a click.
Facebook Says Its Rules Apply to All. Company Documents Reveal a Secret Elite That’s Exempt.
The Wall Street Journal
@JeffHorwitz
A program known as XCheck has given millions of celebrities, politicians and other high-profile users special treatment, a privilege many abuse.
Technology giant Olympus hit by BlackMatter ransomware
TechCrunch
@zackwhittaker
Olympus said in a brief statement that it is “currently investigating a potential cybersecurity incident” affecting its European, Middle East and Africa computer network.
Australia
Google, Facebook to bankroll Australian digital publishers alliance
The Sydney Morning Herald
@zoesam93
Some of Australia’s most well-known digital publications are using funding from tech giants Google and Facebook to form their first industry body.
Queensland police to trial AI tool designed to predict and prevent domestic violence incidents
The Guardian
@BenSmee
Queensland police are preparing to begin trials of an artificial intelligence system to identify high-risk domestic violence offenders, and officers intend to use the data to “knock on doors” before serious escalation. The “actuarial tool” uses data from the police Qprime computer system to develop a risk assessment of all potential domestic and family violence offenders.
Alleged right-wing extremist charged over blueprint to 3D-print a gun
The Sydney Morning Herald
@fergushunter
Counter-terrorism police have arrested an alleged right-wing extremist accused of possessing a blueprint to 3D-print a gun and making “significant preparations” to manufacture a firearm.
Innovation or ‘anarchy’? Bitcoin’s gains abroad underscore tensions at home
The Sydney Morning Herald
@chrizap
Australia’s primary financial crimes regulator has warned that the growing size of the cryptocurrency market is creating new risks of fraud, even as global acceptance of bitcoin grows. Austrac says that while criminals “are adept at exploiting new payment channels and technology” and cryptocurrency transactions “may appear on a digital ledger, the actual details of the parties involved in the transactions are often not known”.
Bullying on Twitter has become unhinged. It's time to call out the personal, sexist attacks
ABC
@leighsales
Something has changed recently which is making political bullying far more insidious and increasingly challenging to bear. It is that the bullying and harassment now comes, not in an occasional phone call from a real person, but at a furious pace on social media from politicians' acolytes, lackeys, fans and proxies, mostly — but not always — operating anonymously.
China
Beijing to break up Ant’s Alipay and force creation of separate loans app
Financial Times
Beijing wants to break up Alipay, the 1bn-plus-user superapp owned by Jack Ma’s Ant Group, and create a separate app for the company’s highly profitable loans business, in the most visible restructuring yet of the fintech giant. Chinese regulators have already ordered Ant to separate the back end of its two lending businesses, Huabei, which is similar to a traditional credit card, and Jiebei, which makes small unsecured loans, from the rest of its financial offerings and bring in outside shareholders.
Chinese crackdown on tech giants threatens its cloud market growth
TechCrunch
@kateparknews
As Chinese tech companies come under regulatory scrutiny at home, concerns and pressures are escalating among investors and domestic tech companies, including China’s four big cloud companies, BATH (Baidu AI, Alibaba Cloud, Tencent Cloud and Huawei Cloud), according to an analyst report.
For Xi Jinping, Chinese online culture is increasingly seen as a threat
The Globe and Mail
@rzhongnotes
China’s newest sweeping regulations can be interpreted as the latest in a long-standing effort by the government and the Party to tailor the conduct and behaviour of citizens to better suit state standards. Making money for China’s sake is a benefit, but it’s becoming more important to build a cultural identity with a bent toward nationalism, political security and social values on Mr. Xi’s terms.
USA
Moody's is spending $250 million to measure the risk of America's biggest companies getting hacked
CNN
@snlyngaas
Moody's is spending hundreds of millions of dollars to better evaluate the cybersecurity risks that face America's largest corporations. The announcement from the company — whose credit ratings can influence global markets — comes as Biden administration officials are urging major firms to be more transparent about the security of their software.
Under G.O.P. pressure, tech giants are empowered by an election agency.
The New York Times
The Republican National Committee filed a formal complaint with the Federal Election Commission accusing Twitter of “using its corporate resources” to benefit the Biden campaign. Now the commission, which oversees election laws, has dismissed those allegations, according to a document obtained by The New York Times, ruling in Twitter’s favor in a decision that is likely to set a precedent for future cases involving social media sites and federal campaigns.
Stanford professors urge U.S. to end program looking for Chinese spies in academia
Reuters
@leejane71
A group of Stanford University professors has asked the Justice Department to stop looking for Chinese spies at U.S. universities, joining an effort by human rights groups to end a Trump administration program they said caused racial profiling and was terrorizing some scientists.
False Election Claims in California Reveal a New Normal for G.O.P.
The New York Times
@NYTnickc
The results of the California recall election won’t be known until Tuesday night. But some Republicans are already predicting victory for the Democrat, Gov. Gavin Newsom, for a reason that should sound familiar. Voter fraud.
Scoop: Biden to tap privacy hawk for FTC post
Axios
@margarethmcgill
President Biden will nominate Georgetown University law professor Alvaro Bedoya to be a Democratic commissioner at the Federal Trade Commission, people familiar with the matter told Axios.
Biden Administration Takes Aim at China’s Industrial Subsidies
The Wall Street Journal
@bobdavis187 @Lingling_Wei
The Biden administration is targeting Beijing’s widespread use of industrial subsidies that give its companies an edge over foreign rivals, an effort that could lead to new sanctions on Chinese imports and further strain U.S.-China relations.
Statement by Press Secretary Jen Psaki on the Quad Leaders Summit
The White House
President Joseph R. Biden, Jr. will host the first-ever Quad Leaders Summit at the White House on September 24. President Biden is looking forward to welcoming to the White House Prime Minister Scott Morrison of Australia, Prime Minister Narendra Modi of India, and Prime Minister Yoshihide Suga of Japan.
Why We Must Monitor the Sale of Surveillance Tech
The American Prospect
@_jack_poulson
There was too much data, and it all told a complex story about the realities of defense and surveillance technologies in the U.S. and the West. I noticed that tens of thousands of contracts or modifications to contract overviews became public each morning, as well as lobbying filings, public-corporate partnerships, and venture capital investments. Then there were documents from the other members of the so-called Five Eyes intelligence-sharing partnership (which includes the U.S., United Kingdom, and three of its former colonies: Canada, Australia, and New Zealand). As a former data scientist, I wondered what to do with all of this information.
North Asia
North Korea’s Kumsong 121 recently employed social media to launch a cyber attack
Daily NK
The North Korean hacker group Kumsong 121 recently launched a cyber attack using social media. Computer and mobile phone users should be wary as North Korean hacking attacks grow more sophisticated.
South & Central Asia
Chip shortage pushes Reliance, Google to delay India smartphone launch
Reuters
Indian conglomerate Reliance Industries delayed the launch of a low-cost smartphone it is developing with Google to November, citing an industry-wide semiconductor shortage. The "ultra-affordable" smartphone, developed jointly by Reliance's telecom arm and Google, was set to be rolled out from Sept. 10.
UK
Huawei ‘infiltrates’ Cambridge University research centre
The Times
@benellery @samdunningo @oliver_wright
Huawei has been accused of “infiltrating” a Cambridge University research centre after most of its academics were found to have ties with the Chinese company. Three out of four of the directors at the Cambridge Centre for Chinese Management (CCCM) have ties to the company, and its so-called chief representative is a former senior Huawei vice-president who has been paid by the Chinese government.
Cressida Dick: Tech giants make it impossible to stop terrorists
BBC
@concertina226
The tech giants' focus on end-to-end encryption was making it "impossible in some cases" for the police to do their jobs, Dame Cressida Dick wrote in the Telegraph on Saturday.
Europe
Green digital diplomacy: Time for the EU to lead
EU Institute for Security Studies
@patrykpawlak @FBarberoF
The environmental impact of digital consumption and new technologies calls for globally sustainable data practices. This Brief argues that embracing ‘green digital diplomacy’ represents a strategic opportunity for the EU’s foreign and security policy to exercise influence in an era of geopolitical rivalry and trade tensions.
Africa
Kenyan influencers paid to take 'guerrilla warfare’ online
BBC
@thisisonyango
Confronting harassment by Kenyan Twitter influencers - recently revealed to have been paid to promote misinformation - is akin to dealing with guerrilla warfare, admits an activist involved in a legal battle to stop a change to the constitution.
Gender and Women in Cyber
A horrifying new AI app swaps women into porn videos with a click
MIT Technology Review
@_KarenHao
The website is eye-catching for its simplicity. Against a white backdrop, a giant blue button invites visitors to upload a picture of a face. Below the button, four AI-generated faces allow you to test the service. Above it, the tag line boldly proclaims the purpose: turn anyone into a porn star by using deepfake technology to swap the person’s face into an adult video. All it requires is the picture and the push of a button.
Read our report ‘Weaponised deep fakes’ here.
Misc
Twitch sues two alleged ‘hate raiders’
The Verge
Ash Parrish
The suit comes after months of targeted harassment at marginalized streamers.
WATCH: Our mobile phones are covered in bacteria and viruses… and we never wash them
The Conversation
Chynthia Wijaya @therevmountain
COVID-19 has seen the world embrace sanitisers and formal hand washing procedures in our private lives like never before. But even as we’ve thought more and more about surfaces and the hands that touch them as vectors for disease, mobile phones have largely escaped scrutiny.
Research
FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild
Citizen Lab
In March 2021, we examined the phone of a Saudi activist who has chosen to remain anonymous, and determined that they had been hacked with NSO Group’s Pegasus spyware. During the course of the analysis we obtained an iTunes backup of the device. Recent re-analysis of the backup yielded several files with the “.gif” extension in Library/SMS/Attachments that we determined were sent to the phone immediately before it was hacked with NSO Group’s Pegasus spyware.
Events & Podcasts
The Facebook Files, Part 1: The Whitelist
The Wall Street Journal
The Facebook Files, an investigative series from The Wall Street Journal, dives into an extensive array of internal Facebook documents, giving an unparalleled look inside the social media giant. In our first episode, WSJ's Jeff Horwitz explains how high-profile users from celebrities to politicians are shielded from the site's rules and protected from enforcement measures. The company does this in secret, even as CEO Mark Zuckerberg says publicly that all users are treated equally.
Jobs
New ICPC Program on Critical Technologies - 3 positions
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for three exceptional and experienced senior analysts and analysts to join its large team from October 2021. These new roles will focus on original research, analysis and stakeholder engagement centred around international critical technology development, including analysis of which countries are leading on what technologies.
ICPC Pacific Islands Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has an outstanding opportunity for a talented and proactive Pacific Islands analyst who will work with the Centre’s information operations and disinformation program. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by actors in the Pacific Islands region. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies. Candidates must have a demonstrated background in, and strong knowledge of, the Pacific Islands region, including the region’s digital, media and social media landscape.
ICPC Analyst & Project Manager - Coercive diplomacy
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an Analyst and Project Manager to manage, and help lead, a project on coercive diplomacy in the Indo-Pacific region. This new role will focus on analysis, workshops and stakeholder engagement centred around coercive diplomacy, including how countries in the Indo-Pacific can work together to tackle this complicated policy challenge. Candidates must have excellent coordination, project management and stakeholder engagement skills.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.