Zimbabwe is signing up for China’s surveillance state, but its citizens will pay the price.

china.jpgBy Amy Hawkins

Daily life in China is gated by security technology, from the body scanners and X-ray machines at every urban metro station to the demand for ID numbers on social media platforms so that dangerous speech can be traced and punished. Technologies once seen as potentially empowering the public have become tools for an increasingly dictatorial government—tools that Beijing is now determined to sell to the developing world.

In 2015, the Chinese government launched its Made in China 2025 plan to dominate cutting-edge technological industries. This was followed up last year for plans for the country to be a world leader in the field of artificial intelligence by 2030 and to build a $150 billion industry. The developing world is a big part of these ambitions. But China doesn’t just want to dominate these markets. It wants to use developing countries as a laboratory to improve its own surveillance technologies.

Many parts of Africa are now essentially reliant on Chinese companies for their telecoms and digital services. Transsion Holdings, a Shenzhen-based company, was the No. 1 smartphone company in Africa in 2017. ZTE, a Chinese telecoms giant, provides the infrastructure for the Ethiopian government to monitor its citizens’ communications. Hikvision, the world’s leading surveillance camera manufacturer, has just opened an office in Johannesburg.

The latest is CloudWalk Technology, a Guangzhou-based start-up that has signed a deal with the Zimbabwean government to provide a mass facial recognition program. The agreement is currently on hold until Zimbabwe’s elections on July 30. But if it goes through, it will enable Zimbabwe, a country with a bleak record on human rights, to replicate parts of the surveillance infrastructure that have made freedoms so limited in China. And by gaining access to a population with a racial mix far different from China’s, CloudWalk will be better able to train racial biases out of its facial recognition systems—a problem that has beleaguered facial recognition companies around the world and which could give China a vital edge.

The CloudWalk deal is built on the back of a long-standing relationship between former Zimbabwean President Robert Mugabe’s regime, seen by China as an ideological ally, and Beijing. Current President Emmerson Mnangagwa was sworn into office in November 2017 after a military coup forced Mugabe to resign after 37 years of increasingly repressive rule. But activists fear that Mnangagwa, Mugabe’s former consigliere, will continue the patterns of his predecessor, especially if his regime is backed up with new security technology.

The deal between CloudWalk and the Zimbabwean government will not cover just CCTV cameras. According to a report in the Chinese state newspaper Science and Technology Daily, smart financial systems, airport, railway, and bus station security, and a national facial database will all be part of the project. The deal—along with dozens of other cooperation agreements between Harare and Chinese technology and biotech firms—was signed in April. Like every other foreign deal done by a Chinese firm of late, it has been wrapped into China’s increasingly all-encompassing Belt and Road Initiative.

Like every other foreign deal done by a Chinese firm of late, it has been wrapped into China’s increasingly all-encompassing Belt and Road Initiative.

Like every other foreign deal done by a Chinese firm of late, it has been wrapped into China’s increasingly all-encompassing Belt and Road Initiative.

The CloudWalk deal is the first Chinese AI project in Africa. Google is opening its first Africa AI research center in Ghana this year, but Eric Olander, founder of the China Africa Project—a podcast and online resource that examines the relationship between China and Africa—noted that many Western companies “aren’t willing to make that step that the Chinese are willing to do. … [The Chinese] are willing to make an investment in a market as volatile as Zimbabwe, where companies from other countries are not.”

Indeed, with massive state and private backing for AI projects—according to a CB Insights report, nearly half of global investment in AI went to Chinese start-ups last year, surpassing the United States for the first time—Chinese companies can afford to take risks. CloudWalk itself was the recipient of a $301 million grant from the Guangzhou municipal government.

“We are concerned about the deal, given how CloudWalk provides facial recognition technologies to the Chinese police,” said Maya Wang, a senior China researcher for Human Rights Watch. “We have previously documented [the Chinese] Ministry of Public Security’s use of AI-enabled technologies for mass surveillance that targets particular social groups, such as ethnic minorities and those who pose political threats to the government.”

Some Zimbabweans are concerned about how their data will fare in China. Andy, who asked that only his first name be used, is studying for a Ph.D. at Beijing Normal University. For him, “the question is what the Chinese company will do with our identities. … It sounds like a spy game.” He also says that he “know[s] for a fact” that “the Zimbabwe government will use this tech to try and control people’s freedom.”

In Zimbabwe, freedom of expression has long been curtailed or monitored by various means. In 2015, Mugabe accepted a gift of cyber surveillance software from the Iranian government, including IMSI catchers, which are used to eavesdrop on telephone conversations. In 2016, he cited China as an example of social media regulation that he hoped Zimbabwe could emulate.

Snowden Live Q&A On Trump: “Don’t Fear Trump. Fear The Risk Of Spying”

Source:  fossBytes

After Donald Trump becoming the president many people have been talking about how he would affect different things.

Privacy is one of those things because the security agencies based in the US are known for their surveillance hobbies. The new elected president would definitely have some sort of impact on privacy and how the spying activities would continue in the future.

Edward Snowden, the man who made the world serious about their personal information available on the internet, will host a live stream event on StartPage–a Dutch search engine–on November 10 (4:30pm Eastern Time). Obviously, Snowden is the right person to talk about privacy considered his past experience.

In this event, he will talk about Donald Trump and privacy issues. Notably, Edward Snowden is expecting a presidential pardon.


In the interview, Snowden talked about various topics ranging from the new president-elect to his condition and what needs to be done in future. He said that technology, instead of running after legislation, should be used to achieve privacy. When we think the law is not efficient enough to protect our rights, we should start supporting the corporations, groups, and individuals–the ones who are trying to enforce your rights through science, math, and technology so that the governments start respecting your rights. “No amount of violence, no amount of military force will ever solve a math problem,” he said.

When asked about Trump

Snowden did not follow the event to talk specifically about the new president. He kept a safe distance from the name Donald Trump. But, he was prepared for such questions. When the PGP protocol creator Phil Zimmermann asked him about Trump, Snowden said he would be getting a powerful surveillance infrastructure. But, we should not set our focus on a single leader or government.

“We should be cautious about putting too much faith or fear in elected officials,” said Snowden.

“We’re never farther than an election away from a change in leader, from a change in policy, a change in the way the powers we have constructed into a system are used. So what we need to think about now is not how do we defend against a president Donald Trump, but how do we protect the rights of everyone, everywhere, without regard to jurisdictions, without regard to borders?”

Snowden did not directly talk about the impact of Trump’s presidency but he expressed his belief in one of the answers:

“Despite the challenges we have in the United States, despite the changes in government, despite some of the very concerning statements made by our new President-elect, this is a nation that will strive to get better.”

“This is a dark moment in our nation’s history – but it is not the end of history. and if we work together, we can build something better.”

That Girly Touch: Why Many Attempts To Attract Women To Cybersecurity Might Actually Achieve The Opposite — Security Solutions Magazine

The problem is familiar. Cybersecurity is still a male-dominated field. Women make up only 10 percent of the global cybersecurity workforce. The field is missing out on a lot of capable people and women are missing out on an interesting, well-paid career path. There have been numerous initiatives trying to change the situation, but fighting…

via That Girly Touch: Why Many Attempts To Attract Women To Cybersecurity Might Actually Achieve The Opposite — Security Solutions Magazine

Yahoo Has Been Hacked: What You Need to Know — Fortune

It’s a cyber catastrophe. Yahoo on Thursday confirmed a massive security breach that saw hackers steal personal information for over 500 million accounts. Yahoo YHOO says a foreign government is to blame. The incident is a big deal, since so many have a Yahoo account of some type or other — for email or finance…

via Yahoo Has Been Hacked: What You Need to Know — Fortune

Dropbox is resetting passwords for accounts that haven’t changed them since mid-2012 — TechCrunch

Dropbox is requiring users that have not changed their passwords since mid-2012 to reset their passwords this afternoon. The action appears to be related to continue fallout over the massive hack on LinkedIn in 2012 where credentials for 117 million accounts were posted online. In recent months, treasure troves of user credentials and passwords — in…

via Dropbox is resetting passwords for accounts that haven’t changed them since mid-2012 — TechCrunch

How data science fights modern insider threats — TechCrunch

Insider threats are the biggest cybersecurity threats to firms, organizations and government agencies. This is something you hear a lot at security conference keynotes and read about in data breach reports, whitepapers and surveys — and these insider threats are becoming increasingly more difficult to detect and prevent, as well as more frequent. Read More

via How data science fights modern insider threats — TechCrunch

Asian companies have world’s worst cybersecurity says study

Source: BBC News

Many Asian organisations are badly defended against cyber-attacks, a year-long investigation by US security company Mandiant indicates.

The median time between a breach and its discovery was 520 days, it says. That is three times the global average.

Asia was also 80% more likely to be targeted by hackers than other parts of the world, the report said.

It said an average of 3.7GB in data had been stolen in each attack, which could be tens of thousands of documents.

However, the bulk of the incidents were not made public because the region lacks breach disclosure laws.

Grady Summers, the chief technology officer of Mandiant’s parent company, FireEye, said the findings were “very concerning”.

“We knew responses to cyber-incidents here in Asia often lag those elsewhere, but we didn’t know it was by this much,” he told the BBC.

As part of the study, Mandiant hacked into one organisation’s network with its permission to see how vulnerable it was.

“Within three days we had the keys to the kingdom,” Mr Summers said. “If an expert group of hackers can do the same in three days, imagine what can they do in 520 days.”

National threat

Mandiant has published a global security report for the past six years, but this is the first time it has focused on Asia.

The report is based on the company’s investigations last year, each of which analyzed an average of 22,000 machines.

Leaving breaches undiscovered or unreported for too long can ultimately compromise a country’s economic competitiveness or national security, Mandiant warns.

Hackers could take over key infrastructure such as power stations, which happened in the Ukraine, and potentially even transport systems in so-called smart cities.

On a consumer level, personal information can be used for fraudulent purposes. More than 500 million digital identities were stolen or exposed last year, an earlierreport by security company Symantec suggests.

“Threats to corporate data are now a critical business concern for nearly every company,” said Richard Fenning, chief executive of Control Risks, another security company.

“Hackers, whether malevolent teenagers or malicious states, are the leading disrupters of our age. [There’s] no simple, single fix.

“Technology can help, but we must also shift how we think about digital security and have nimble leadership when the near-inevitable breach occurs.”


State-sponsored attacks

Mandiant suggests that the bulk of cyber-attacks in Asia are state-sponsored and target areas with heightened geopolitical tensions, such as the South China Sea.

Governments, financial institutions, energy, education research, healthcare, aerospace and defence had “long been a favourite target” of hackers who look to either destroy or use the stolen material for extortion, it said.

There had been a decrease in the number of attacks in the US and western Europe by Chinese hackers, Mr Summers added, because China seemed to be refocusing its efforts to other parts of Asia.


‘Not doing enough’

Asian organisations were ill-equipped to defend their networks from attackers because “they frequently lack basic response processes and plans, threat intelligence, technology and expertise”, Mr Summers said.

“They’re not doing enough,” he said.

“But they’re starting to wake up to the reality of the threats.

“In the US, we were going through this realisation 10 years ago, so we have a head start.”

When a Hack is More Than a Hack

hero_Hack-is-More-Than-a-Hack.jpgSource: Broader Perspectives

A Cybersecurity and Privacy Hub

Spies are constantly trying to steal things from foreign governments, and the development of hacking tools has allowed them to swipe sensitive records from thousands of miles away.

But when are hacks more than traditional spying?

Is there a line? And if so, when does one cross it?

The theft of sensitive and embarrassing records from the Democratic Party by hackers—or a hacker—is forcing U.S. officials to confront new questions about when cyber espionage poses a national security threat.

The hackers stole emails. They stole personal cellphone numbers and email addresses of lawmakers, some of whom have security clearances that give them access to top secret information.

The records weren’t just stolen. It also has been leaked to the public in a way that has proven damaging to political careers and even the security of officials. And more stolen information is expected to be released in the coming weeks and months.

It is the release of this information that is roiling—and embarrassing—U.S. officials. They are trying to understand the intent of the leaks of information about members of the Democratic Party.

Is it to shine a spotlight on the messy U.S. political process? Or is it an attempt to influence the election by damaging Democrats with voters?

“It appears to be the latest example of geopolitical ‘hacktivist’ harassment,” said Steve Grobman, chief of technology for Intel Security, a computer security company.

In 2013, Edward Snowden, a former National Security Agency contractor, stole information and then leaked it, saying he did it because the American public had the right to know the extent that the government was collecting information about ordinary Americans.

In recent weeks, a person or entity self-named Guccifer 2.0 has released stolen records from the Democratic National Party and the Democratic Congressional Campaign Committee, claiming to have done this to expose corruption in the Democratic Party.

The hacker, who many Democrats and some cybersecurity companies accuse of having ties to the Russian government, has obtained sensitive information, records that foreign spies could use to intercept communications from lawmakers.

Russia has denied involvement in the hackings.

If Guccifer 2.0 really is a spy network for a foreign country, wouldn’t the information be more valuable if it was held in secret and not shared with anyone with internet access? Wouldn’t that make it easier to eavesdrop on phone calls or monitor email accounts?

Democratic lawmakers are now changing their phone numbers, passwords, and maybe ditching their Gmail accounts.

Much could change if and when Guccifer 2.0’s real identity and motives are revealed. Is it a true-believer hacking group or a foreign government trying to embarrass the Democratic Party? Perhaps Guccifer 2.0 is someone else.

The Federal Bureau of Investigation is taking the lead in the probe of the stolen records, though the National Security Agency also is likely playing some role if a foreign country is involved. Many people have a theory as to who Guccifer 2.0 actually is, but the FBI and intelligence community are so far providing few details and the investigation remains at a sensitive stage.

It is unclear exactly how sensitive of a stage this is. Guccifer 2.0’s Twitter account, used to communicate about the hack, was suspended on Saturday. Then it was “unsuspended” several hours later.

This article was licensed through Dow Jones Direct. This article was previously published in the Wall Street Journal on August 14, 2016.

Google and Facebook push the president’s cybersecurity commission for transparency — TechCrunch

Poisoned trust. Yearnings for transparency. The cyber Pearl Harbor. Executives from Google, Facebook, Dropbox, and other major tech companies met with the president’s Commission on Enhancing National Cybersecurity at UC Berkeley yesterday. The discussion was laced with moments of high drama as industry representatives asked the Commission to recommend reforms and technological advances… Read More

via Google and Facebook push the president’s cybersecurity commission for transparency — TechCrunch