Cyber wrap
9 Aug 2017|

Don’t say stupid things online

It’s been a big week for advocates of online OPSEC. On Monday, a Google employee suffered a high-profile firing after he circulated a ‘manifesto’ railing against Google’s institutional ‘political bias’ against conservatives and the need to have an ‘honest discussion’. Google’s leaders—current and former—have universally taken issue with how consistently incorrect the manifesto is in its core argument (about how women aren’t biologically suited for tech jobs) and how damaging it has been to the company’s reputation and to the team. The fired employee is reportedly seeking any and all ‘legal remedies’; power to you, guy.

The Google anti-diversity memo is a great example of what the Australian Public Service Commission (APSC) was trying to protect against when it provided more detailed guidelines about what the APS Code of Conduct requires when it comes to making public comments, including on social media. Ironically, the APSC’s own communication about not staying stupid things online has become the latest example of poor online communication, and what was intended as guidance has been interpreted as a heavy-handed (and unconstitutional) gag order. Whether the confusion’s due to miscommunication or misrepresentation from the media isn’t clear, but it’s a reminder that confusion quickly escalates to fever pitch well before even the most eager 9-to-5 public servant has had their first coffee. And if it’s that hard to communicate guidelines on social media use, it might be impossible to raise cyber hygiene awareness (PDF) and practices.

Stop worrying and love AI

Two Tencent chatbots have been taken offline for revision after they provided politically inflammatory responses to queries about the Communist Party, insulting the party as ‘corrupt and useless’. The shutdown comes shortly after an (overblown) wave of concern about Facebook chatbots ‘inventing their own language’. The two stories seem to be being picked up as the ‘patient zero’ case studies for FUD (fear, uncertainty and doubt) about impending AI doom.

New South Wales is pushing ahead with autonomous vehicles anyway, greenlighting a program for a two-year trial program at Sydney Olympic Park. The trial will be going at a snail’s pace, though—the vehicles won’t be allowed to exceed 10 kilometres an hour along a closed-off road. Fingers crossed it all doesn’t go the way Tesla went at this year’s DEF CON.

The US Army has taken a far more cautious (but seriously belated) approach to semi-autonomous vehicles, issuing a memo mandating that all service members cease use of DJI drones, software applications, and other equipment.

Sharing is caring

The Australian Signals Directorate will be sharing threat intelligence with telcos and internet service providers, to help them provide, in turn, cost-effective cyber-security services for small to medium enterprises. This directly addresses the vulnerability to hacking of small and medium enterprises, which have been identified by both the government and the opposition as being sorely in need of protection, but without necessarily having the resources or expertise to protect themselves. Weirdly, however, this initiative ignores anti-virus and security software vendors—the companies that are perhaps best placed to immediately use this data to protect customers.

In similar research, Telstra has launched the Australian Digital Inclusion Index 2017, which has surveyed digital access disparities between socioeconomic classes and found that Australia’s getting better at digital inclusion, which could translate into better cyber-security outcomes for Australia. (For the final word on that, keep your eyes peeled for the latest edition of ASPI’s cyber maturity report later this year.)

The federal government has announced that it’ll be building a single ‘super logon’ to consolidate across the dog’s breakfast of government accounts, which currently saddles users with managing 10 to 30 accounts. It’s not clear from that exclusive interview whether the initiative is the same one as the ‘GovPass’ and ‘Tell Us Once’ initiatives announced in the 2017 budget. It’d be ironic if there were two separate programs under development to consolidate logins and accounts.

Regardless, work on GovPass continues unabated, and Airtasker, Travelex, Credit Union Australia and the Queensland Police Service have signed up for AusPost’s Digital ID service, which is currently serving as a pilot program for later reconciliation with the wider GovPass program. Gavin Slater, the CEO of the Digital Transformation Agency, which is managing the GovPass program, has announced that he’s been working to repair relationships with government agencies, after the then Digital Transformation Office became too ‘disruptive’ for the APS’s tastes.

The Australian Digital Health Agency published Australia’s National Digital Health Strategy (PDF) and outlined an action plan to make sure all Australians have a My Health record by 2018. The aim is to improve the protection of healthcare data and interoperability between healthcare organisations. However, privacy activists are concerned that the consolidated health data will present an increased privacy risk, which is why it’s a good thing that the agency will be establishing a Digital Health Cyber Security Centre to make sure Australia’s health data security is at the cutting edge of international best practice.

Open data dashboards tied up with strings

Open data dashboards have been popping up like daisies this week. The Alliance for Securing Democracy has launched a new online dashboard, Hamilton 68, tracking bot networks and troll accounts linked (after three years of observing) with Russian influence operations on Twitter. The top hashtag used by these accounts was MAGA, or Make America Great Again, the campaign slogan of US President Donald Trump. As with most social media analysis projects, the transparency of the methodology has been criticised.

Black hats, white hats, and cyber diplomats

US ‘cyber-diplomat’ Christopher Painter has signed off, writing a parting note on Medium about the continuing importance of diplomacy in cyberspace. Even after working for 26 years in this (highly depressing) space, he’s reportedly still passionate, calling cyber ‘the new black’.

Famed ‘hero’ and supposedly white-hat hacker @MalwareTechBlog, aka Marcus Hutchins, was arrested at Las Vegas Airport shortly after Black Hat and DEF CON 2017. The FBI has accused Hutchins of creating, distributing and updating ‘Kronos’ (the banking trojan that was designed to infect computers and grab online banking credentials for profit) in 2014 and 2015. Hutchins has ponied up US$30,000 in bail, and is set to face a Nevada court on 14 August.