Chris Griffith 5.00pm: Google sued over location data

Google faces legal action in the US over the use of users’ location data on Android phones.

ABC News in the US has reported that a lawsuit by the State of Arizona claims that Google is using location data to assist its advertising business even when users’ have opted out of location tracking.

Arizona’s Attorney-General Mark Brnovich claims the company’s action contravenes the Arizona Fraud Act which forbids wilfully deceptive and unfair acts and practices.

Google says the lawsuit mischaracterises its services, according to ABC News.

The Australian last year conducted an experiment with Google phones and found that two Android phones were transmitting a secret fire hose of data including activity and location data.

Read more.

David Swan 4.20pm NBN ‘not compromised’ by cyber attack

An NBN spokesman has told The Australian that while cyber attacks are increasing, Australia’s national broadband network has not been compromised.

“Operating a resilient and secure broadband network is absolutely critical to what we do at NBN Co. We remain vigilant to all security threats, and we have no reason to believe that NBN systems or information have been compromised,” the spokesman said.

“We have a longstanding, trusted partnership with the Australian Cyber Security Centre and regularly work closely with them to identify, manage and respond to threats as they arise.”

4.00pm Wirecard says it cannot rule out 'fraud of considerable proportions'

German fintech company Wirecard said on Friday it may be the victim of “fraud of considerable proportions”, after its auditor refused to sign off its 2019 accounts over a missing $US2.1 billion ($3.06bn).

Wirecard shares dropped by about 60 per cent on Thursday as the company said the delay could cause billions in loans to be called in as soon as Friday.

Auditor EY was unable to confirm the existence of 1.9 billion euros in cash balances on trust accounts, representing about a quarter of Wirecard’s balance sheet, the payments company said on Thursday.

There was evidence of “spurious balance confirmations”, it added.

“At present it cannot be ruled out that Wirecard AG has become the aggrieved party in a case of fraud of considerable proportions,” Wirecard Chief Executive Markus Braun said in a video statement released on Friday.

He said two banks with an investment grade rating from Moodys or S&P had taken over the management of the trust accounts in 2019.

“It is currently unclear why the two banks have stated to the auditor that the confirmations are spurious. The trustee has announced to Wirecard AG that he will clarify the facts of the matter with the two banks managing the trust accounts at short notice,” Braun said.

Thursday’s twist was a stark reversal of fortune for the Munich-based fintech, which was lauded as a homegrown success and entered Germany’s blue-chip DAX index in 2018.

Wirecard has long been a target of short sellers who have questioned its financials.

Reuters

David Swan 1.40pm Telstra on ‘heightened alert’ for cyber attacks

Telstra boss Andy Penn says his telco is on ‘heightened alert’ following the government’s announcement this morning.

“Our own monitoring confirms what the Prime Minister has said today. We have seen a significant increase in cyber-attack activity in recent weeks and we are on heightened alert for ourselves and for our customers and we are actively managing the risk,” Penn said.

“Cyber security is a large and growing area of risk for the security of the nation, and COVID-19 has increased that risk with so many of people working and studying from home, away from traditional security measures.

“The Australian government deserves real credit for the leadership it is showing on cyber security – it is critical for our national security and economic growth. We continue to work closely with the relevant security agencies and our global partners to monitor and understand these threats to better protect our own data and networks, and those of our customers.

“I am also working with the government as the chair of the Industry Advisory Panel on its 2020 Cyber Security Strategy, and we will be releasing our report in the coming weeks.”

David Swan 1.05pm:Trump whacked with ‘manipulated media’ label

Twitter has flagged a tweet by President Donald Trump that featured doctored video as “manipulated media”.

The president posted the minute-long video, which was poorly manipulated to resemble a CNN video, along with the headline “Terrified todler [sic] runs from racist baby.”

The original video had been edited to include ominous background music and a fictional headline.

“You may not deceptively promote synthetic or manipulated media that are likely to cause harm,” Twitter said in the link from its warning label.

“In addition, we may label Tweets containing synthetic and manipulated media to help people understand their authenticity and to provide additional context.”

CNN said in response to Trump, "We’ll continue working with facts rather than tweeting fake videos that exploit innocent children. We invite you to do the same. Be better. "

Twitter first flagged one of Trump's tweets, featuring a doctored video of Democratic rival Joe Biden, as 'manipulated media' in March.

The move comes on the same day that Facebook took down a Trump-Pence campaign ad, which displayed a symbol used by Nazi Germany.

Chris Griffith 1.00pm: Huawei faces India ban

China telecommunications giant Huawei faces the prospect of a ban on its equipment in one of the world's most populous countries.

Indian media reports that border attacks by Chinese troops on Indian soldiers at Galway Valley is having consequences for China, and one area is telecommunications infrastructure.

It is reported that India’s Department of Telecommunications has asked two major Indian telcos - Bharat Sanchar Nigam Limited and Mahanagar Telephone Nigam Limited - not to use equipment by Huawei and fellow China telco ZTE in upgrades to the country’s 4G networks. That could also impact 5G network upgrades in future.

The ban could spill over into private operator in India such as Vodafone Idea and Bharti Airtel, says a separate report by Aljazeera.

China faces not only a backlash in India over the spread of coronavirus there (it has the fourth biggest infection rate), but also hostility from what is regarded as the worst military clash between China and India since the 1960s.

This looms as a big blow to China given that India hasn’t been regarded as aligned with the US-lead Five Eyes Intelligence community, which has been lobbying countries to ban Huawei.

David Swan 11.45am New cyber strategy “can’t come too soon”

Jacqueline Jayne, security awareness advocate for APAC at KnowBe4, said the government’s updated cybersecurity strategy is due out in coming months and “it can’t come too soon”.

“When our government institutions, government agencies, health and essential industry, education, infrastructure, and the private sector are attacked like this the first question asked is ’how is this possible’. The answer is because the cyber criminals are incredibly sophisticated and no matter how hard we try we are never going to stop them,” she said.

“We all want to know how access was obtained - through phishing, insider threats, ransomware all of which are attributed to human error. Or was access gained through unpatched software.

“The risks we face from state actors will only increase as this is the world we live in now.”

Michael Warnock, cyber security firm SecureAuth’s Head of Growth, is calling on the govenrment to make sure the new cyber policy is shaped correctly at an investment, talent, resourcing level.

“We want it to allow local and international partners to collaborate to build the cyber wall that Australia will now need for protection,” he said.

“The government investment in the new policy needs to reflect the new world we are operating in, as it has shifted dramatically since 2016 when the last policy was released.

“Unfortunately the more Australia elevates its narrative on international stage, not all actors are going to support what we stand for and cyber attacks will continue as retaliation.”

David Swan 10.55am PM’s cyber warning ‘unprecedented’

Susie Jones, co-founder of Cynch Security, said it is unprecedented for the PM to openly warn Australians of an active attack.

“It is terrific to see the government help Australians to understand the importance of being aware of cyber risk. We see day in and day out the growing prevalence of cyber attacks, they have become part of everyday life. As Australia’s economy continues to grow, so does the target on our backs,” Jones said.

“Cyber criminals do not discriminate based on business size - this is an issue for businesses of all sizes.

“The quickest and easiest way to protect yourself today is to install all of the updates waiting on your computers and phones, and enable two factor authentication wherever you can.

“If you feel you have been compromised, don’t wait to be sure, speak to your IT support person, or visit the government’s website cyber.gov.au.”

Liviu Arsene, Senior E-Threat Analyst at Bitdefender, said it’s scary to imagine what a successful breach of the Morrison Government could have yielded.

“Although the Prime Minister did not want to pinpoint the motivations, given the scale of attack and departments targeted it can be assumed the group was likely after sensitive government information or potentially just a warning shot, to demonstrate the disruption they can cause,” Arsene said.

“To Mr Morrison’s point, businesses must use this time to reassess their infrastructure and refocus on what updates need to be made to ensure that corporate data and employees are both safe from bad actors. While it’s a challenge to make changes now, it will shore up business for the future and many more unknown scenarios.”

Geoff Chambers 10.50am Companies, governments must ‘urgently enhance cyber resilience’

The Australian Cyber Security Centre has warned companies, institutions and governments to be alert and urgently enhance “the resilience of their networks” after confirming the “sustained targeting” of Australian organisations by a “sophisticated state-based actor”.

The ACSC said the “copy-paste compromises” were linked to the state-based actor’s heavy use of proof-of-concept exploit code, web shells and other tools “copied almost identically from open source”.

The cyber security agency said the actor had been “identified leveraging a number of initial access vectors, with the most prevalent being the exploitation of public-facing infrastructure — primarily through the use of remote code execution vulnerability in unpatched versions of Telerik UI”.

“Other vulnerabilities in public-facing infrastructure leveraged by the actor include exploitation of a deserialisation vulnerability in Microsoft Internet Information Services (IIS), a 2019 SharePoint vulnerability and the 2019 Citrix vulnerability,” the updated cyber security advice said.

“The actor has shown the capability to quickly leverage public exploit proof-of-concepts to target networks of interest and regularly conducts reconnaissance of target networks looking for vulnerable services, potentially maintaining a list of public-facing services to quickly target following future vulnerability releases.

“The actor has also shown an aptitude for identifying development, test and orphaned services that are not well known or maintained by victim organisations.”

The ACSC said they had identified the cyber attacks after “the exploitation of public-facing infrastructure did not succeed”.

“When the exploitation of public-facing infrastructure did not succeed, the ACSC has identified the actor utilising various spearphishing techniques.”

Read more.

David Swan 10.15am Cyber attacks ‘can cripple government’

This morning’s address by the Prime Minister and the Defence Minister is a reminder that cyber-security affects every aspect of Australian life and that the industry is struggling with a skills shortage, according to cyber security industry veteran Nick Savvides, an executive at security firm Forcepoint.

“State-based threat actors have significant capabilities and do not rest in their efforts to gain footholds into our systems, applications and data. It is important that governments, businesses and individuals take cyber-security remain vigilant and continue to improve their cyber-security practices,” he told The Australian.

“We have entered a new era of business and government, where cyber-attacks pose an existential threat to business and can cripple the machinery of government.

“This morning’s address acts also a signal to the threat actors responsible that the government and some in the private sector are aware of the attacks. Interestingly two specific controls, patching internet facing systems (protecting the edge of networks), enforcing multifactor authentication for users (protecting the users), were specifically called out by the Defence Minister.

“This indicates that attackers may have operated sophisticated targeted phishing campaigns to capture usernames and passwords from victims, and were possibly in possession of zero-day vulnerabilities against systems or used older vulnerabilities on systems that are difficult to patch.

“While Australia across has significant capabilities in cyber-security and an active cyber-security community, unfortunately not all organisations are at the same level. We are struggling with a skills shortage, with unfilled cyber-security roles in every sector.”

Chris Griffith 9.00am: CSIRO backs wastewater testing for virus

Testing of Australian sewage systems for coronavirus is closer with CSIRO published new research after testing different methods of analysing.

Scientists say testing sewage in Australian suburbs would be a cheap and easy way for health authorities to pin down localised outbreaks of coronavirus.

CSIRO has been trialling various methods of analysing wastewater to find the most cost-effective, rapid and accurate system. It says scientific techniques have been refined so that the presence of COVID-19 carriers in the community can be identified regardless of whether they show symptoms.

The new research builds on the world’s first peer-reviewed proof-of-concept trial run in Brisbane by CSIRO and The University of Queensland which tested untreated sewage and found fragments of the virus that causes COVID-19.

Wastewater monitoring could save billions world-wide, being significantly cheaper and faster than clinical screening for COVID-19, but would be used as an added diagnostic measure.

CSIRO Chief Executive Dr Larry Marshall said that as COVID-19 restrictions begin to ease, science has found a way to help individual communities avoid a second wave of the pandemic.

CSIRO researcher Dr Warish Ahmed, who led the findings, says the agency will keep refining concentration and detection methods to provide more sensitive results.

8.30am: Britain to switch to Apple-Google virus tracing app

Britain has scrapped plans to launch its own coronavirus contact tracing smartphone app and will now work on building one using technology supplied by Apple and Google.

The app had been undergoing trials on the Isle of Wight, off the southern coast of England, with plans to roll it out to the rest of the country later, but the program went quiet in recent weeks.

Officials overseeing the UK app’s development said they couldn’t overcome technical challenges found during field tests.

Even though it worked well on Google’s Android devices, Health Secretary Matt Hancock said the government was abandoning the prototype app and instead putting its efforts into developing one using a special interface jointly developed by Apple and Google, which itself had problems.

“Apple software prevents iPhones from being used effectively for contact tracing unless you’re using Apple’s own technology,” Health Secretary Matt Hancock said at the government’s daily briefing.

“Our app won’t work because Apple won’t change their system,” Hancock said. He wasn’t able to say when a new app would be ready.

Britain initially opted to develop its own “centralised” tracing app that would send data about contacts to government servers for analysis, alarming privacy experts. However UK authorities started developing a second app in parallel that uses the Google-Apple interface, Hancock said.

It was highly accurate at detecting other users, but poor at judging how far away they were, a feature Hancock said was “mission critical to any contact tracing app.”

Other European nations such as Switzerland, Germany and Italy and some U.S. states have adopted the Google-Apple system, which uses experts say is better for privacy because it keeps data on phones.

AP

Chris Griffith 8.15am: New test for COVID-19

Researchers at Monash University and two Chinese institutes have developed a test for COVID-19 that they say can offer instant verification.

It involves conducting a lung CT scan and has to be done in-house. But they say the results can be delivered in less than a minute and the test will particularly suit people who fall ill and go straight to hospital.

The researchers say they have trained artificial intelligence to interpret a lung CT scan to find evidence of the virus’s impact. They say a key step in controlling the infection is to quickly identify positive cases and treat patients appropriately.

The work is a collaboration between Monash, Sun Yat-sen University and the First Affiliated Hospital of Harbin Medical University in China.

Dr Xiaojun Chang from Monash’s Faculty of Information Technology says that for undiagnosed severe patients, if they can do routine examinations such as CT immediately after they are sent to the hospital, the results can assist in determining whether or not it is COVID-19 in a very short time.

Read more.

8.00am: Facebook removes Trump campaign ads

Facebook has removed campaign ads by President Donald Trump and Vice President Mike Pence that featured an upside-down red triangle, a symbol once used by Nazis to designate political prisoners, communists and others in concentration camps.

Nathaniel Gleicher, the company’s head of security policy, confirmed to a US House Intelligence Committee hearing that the ads had been removed, saying Facebook does not permit symbols of hateful ideology “unless they’re put up with context or condemnation”.

“In a situation where we don’t see either of those, we don’t allow it on the platform and we remove it. That’s what we saw in this case with this ad, and anywhere that that symbol is used, we would take the same action,” Gleicher said.

In a statement, Trump campaign communications director Tim Murtaugh said the inverted red triangle was a symbol used by Antifa so it was included in an ad about Antifa. He said the symbol is not in the Anti-Defamation League’s database of symbols of hate.

“But it is ironic that it took a Trump ad to force the media to implicitly concede that Antifa is a hate group,” he added.

Antifa is an umbrella term for leftist militants bound more by belief than organisational structure. Trump has blamed Antifa for the violence that erupted during some of the recent protests, but federal law enforcement officials have offered little evidence of this.

AP

More related stories

Technology

Regulators ‘overlap’ in scam prevention draft

The draft Scam Prevention Framework could penalise telcos for abiding by one code while breaking another, the Communications Alliance has warned.

Read more

Technology

TPG aims rapid fire broadside at NBN

TPG Telecom is targeting apartment owners with its cheap and fast broadband offering – some 10 times faster than the NBN – that is achieved by ‘hot-rodding up’ old copper wire.

Read more