Information Technology

The FBI and local police have made tens of arrests across the tri-state area this week as part of a crackdown against multiple criminal gangs who exploited a glitch in the software of Santander ATMs to cash-out more money than was stored on cards.
According to reports in local media, the bulk of the arrests took place in Hamilton (20 suspects), across towns in Morris County (19), and Sayreville (11). Smaller groups of suspects were also detained in Bloomfield, Robbinsville, and Holmdel, while reports of suspicious cash-outs were also recorded in Woodbridge, towns across the Middlesex County, Booton, Randolph, Montville, South Windsor, Hoboken, Newark, and even in New York City itself, in Brooklyn.
Gangs exploited ATM software glitch
Based on information ZDNet received from a Santander spokesperson, sources in the threat intelligence community, and details released by police departments in the affected towns, criminal gangs appear to have found a bug in the software of Santander ATMs.
The bug allowed members of criminal groups to use fake debit cards or valid preloaded debit cards to withdraw more funds from ATMs than the cards were storing.

We have been made aware of an ATM scam in which suspects are using Santander Bank ATM’s to fraudulently withdraw cash using fake debit cards. Since we have a branch in town (1765 Ellington Rd), we are asking any citizen using their ATM to use caution when withdrawing money (1/2)
— South Windsor Police Department PIO (@SWPD_PIO) August 18, 2020

Sources in the threat intel community have told ZDNet today that details about this particular software glitch had been initially kept private and shared or sold among members of ATM and banking fraud groups for days.

Glitch details, however, did not remain secret for long, and, eventually, leaked online this week, being broadly shared in Telegram chat rooms, Instagram, and other social networks.
As a result of details leaking uncontrolled, multiple criminal groups began exploiting the software bug, resulting in a sudden spike of ATM cash-outs at Santander banks, and prompting bank employees to investigate.
The bank eventually figured out what was going on and filed complaints with authorities this week, with the the FBI initiating a multi-jurisdictional investigation across New York, New Jersey, and Connecticut.
Santander shut down all ATMs to prevent attacks
To prevent further losses, Santander shut down all ATMs on Tuesday.

“Santander is pleased to report that following yesterday’s events, branches are open and ATMs are back on-line, though ATMs are open to Santander customers only for the time being,” a Santander spokesperson told ZDNet via email today.
“The bank hopes to have ATMs available to non-customers in the near future and we apologize for any inconvenience this may cause.
“Customers should know that there has been no impact to their accounts, data or funds, and we continue to cooperate with law enforcement as they investigate this situation,” Santander said.
The bank also added that all its employees are safe, referring to one incident where the members of a criminal gang had an argument about how to split the stolen money and got into shoot-out among themselves after cashing out one of Santander ATMs, as CBS New York reported on Tuesday. More

The spread of fake news relating to government initiatives around Covid-19 placed Brazil on a list of countries most affected by phishing attacks, according to new research on spam and phishing published by security firm Kaspersky.
According to the report, about one in eight Internet users in Brazil (12.9%) accessed, between April and June 2020, at least one link that led to websites with malicious content. This is well above the global average, of 8,26% within the same period of time.
The massive increase in disinformation campaigns around supposed government initiatives relating to the pandemic are the main driver behind the increase, the software firm noted. An example of the scams sent to users in recent months mentioned in the report is an email with the false information that the government had suspended payments for energy bills during the pandemic, which included a link inviting users to register for the benefit.

The recent trends place Brazil as the fifth country most affected by phishing on a list compiled by Kaspersky as part of the report. Venezuela tops the list, where 17.56% of users have clicked on a link leading to malicious content, followed by Portugal (13.51%), Tunisia (13.51%) and France (13.08%).
A separate study by Kaspersky, released in July, suggests that Brazilians are more aware of Internet security risks, but still need to evolve their online behavior. The study carried out in May, which considered users with at least two connected devices, has found that 48% have not improved their Internet security habits.
This relaxed attitude to online security has three main reasons, according to the research: some 45% of Brazilians are not prioritizing this due to everyday pressures, despite recognizing that they should pay more attention to their security while using the Internet. Some 36% say they feel more secure while carrying out financial and business transactions online while 33% of Brazilians polled reported they don’t have anything of value to offer to cybercriminals.
When it comes to how Brazilians deal with such threats, almost two thirds (62%) of Brazilians polled by Kaspersky stated they only install trusted apps on their devices, downloaded from sources including the Apple Store and Google Play. More than half (54%) said they run regular security checks on their mobile phones. More

As election officials around the country race to ramp up mail-in voting ahead of this November’s general elections, they’re taking a number of steps to ensure their systems run efficiently and securely. Yet even in the best-run systems, there are occasional glitches. 
In Denver County in 2010, for instance, a county official became alarmed when she received a notification that she should have received her ballot in the mail — but it never came. She reached out to Steve Olsen, whose software development firm worked with the city of Denver in 2009 to build a ballot-tracking system. 
“We went with her to the USPS bulk mail processing center, and after a very informative tour and discussion, we were told a pallet of ballots had been pushed aside and forgotten for a few days,” Olsen told ZDNet. 
The missing ballot was in that batch, waiting to be processed. The delay occurred well before election deadlines and ultimately didn’t really impact voters, Olsen said. Still, he argues, the incident underscored how their ballot-tracking application, which was in its pilot phase at the time, could give voters and election officials alike more confidence in mail-in voting. 
More on technology and elections: 
“It did reveal the power of our system to provide visibility and accountability to all parties,” Olsen said. 
Since then, Olsen’s firm has tracked ballots for more than 300 elections across the US with “no other incidents or concerns,” he said, nor has it had any security breaches. 
Creating a sense of accountability may be one of the hardest parts of establishing a mail-in voting system this year, as President Trump seeks to undermine the process. 
The state of Michigan, for instance, has been preparing for a deluge of mail-in ballots — mail-in voting for the general election is expected to be twice as high as previous records in the state, according to Michigan Secretary of State Jocelyn Benson.

Steve Olsen: “Security is a big deal.”
“We’re prepared, if not over-prepared,” Benson said during a recent online panel discussion. “I’m confident we’re doing everything humanly possible to ensure secure and safe elections in Michigan.” 
That said, she added, “what we can’t control are narratives and misperceptions and disinformation that people with large bully pulpits… will utilize to sow seeds of doubt in the electorate about the sanctity of the process.”
Even without political interference, setting up election infrastructure of any kind is no small task. 
“No voting system is simple—there are particular processes and procedures specific to any method,” Paul Gronke, professor of political science at Reed College and director of the Early Voting Information Center, said in an email to ZDNet. “For example, under mail-in voting, you need procedures to process the volume of mail you are receiving, and in large jurisdictions, that involves specialized hardware, signature verification systems, etc.”
Ballot tracking, he said, is “a useful tool for security, so citizens know when the ballots are sent and returned.”
After working solely with the city of Denver for a few years, Olsen in 2012 spun out his software application into BallotTrax, a multi-tenant system open to different jurisdictions. The patent-pending BallotTrax is one of two ballot-tracking systems commonly used in the US, along with Ballot Scout, a web application developed by the nonprofit organization Democracy Works.

A few years ago, Olsen moved BallotTrax to Amazon Web Services for a number of reasons, he said, including security and scalability. 
Since the COVID-19 pandemic struck, Olsen said he’s been busy fielding calls from hundreds of counties across the US, as well as from state officials. BallotTrax currently has statewide contracts with Colorado and California, and it has pending contracts in a handful of other states. BallotTrax is also used at the county level in 10 other states across the US, and the firm is working with the National Vote at Home Institute to deploy ballot tracking services in new jurisdictions. 
While BallotTrax’s customers are election administrators, voters are the initial end users of the system. To opt into ballot tracking, voters provide an app or web interface with their name and date of birth, and they pick their preferred method of communication — email, text or voice messaging. The system supports notifications in 14 different languages. 
Election officials can customize the messages that are delivered via BallotTrax, but there are typically about seven different types of notifications that go out. The notifications begin when a ballot is printed and mailed, they can track the ballot through the postal stream, and they alert voters when their ballot is rejected or accepted by election officials. 
BallotTrax relies on three different data streams. First, it consumes voter record data coming from the state, such as eligibility files and voter registration information. Next, the system uses data from the US Postal Service’s Intelligent Mail barcodes, which anyone can subscribe to in order to track pieces of mail. Lastly, BallotTrax uses data it receives from the printing vendor when a ballot is created. 
See also: Voting during 2020 election: What you need to know about vote by mail, online ballots, polling places CNET
The first category of data, collected from the state, is updated three or four times a day, Olsen said. BallotTrax uses fully encrypted FTP sites to transfer the data — it’s encrypted in transit and at rest and protected by redundant firewalls. Olsen said the application’s code is tested every hour, and the company actively monitors for threats using a variety of industry-standard tools.
The software is in compliance with NIST 800-171 standards for government contractors, and BallotTrax is a member of the Elections Infrastructure Information Sharing and Analysis Center. 
“Security is a big deal,” Olsen said. “We’re only processing voter registration data which is kind of available in lots of places, but we recognize that voting and elections are of paramount importance to voters. We don’t sell their data, we don’t store their data afterwards — it’s consumed, messages are sent out, and then it’s deleted.”
A number of the alleged concerns about fraud and tampering with mailed-in ballots can be mitigated with tracking, Olsen contends. For instance, the Trump administration and the GOP have raised objections in court to the practice of “ballot harvesting” — letting a third party pick up and submit your ballot for you. Along the same lines, Trump has railed against mail-in voting, claiming that “mail boxes will be robbed.”
However, Olsen said, if a voter “mailed their ballot back but they never get a notification it’s been accepted, then they know something’s wrong, and they can alert the election office.” Or if a voter’s signature doesn’t match their signature on record, a quick BallotTrax notification “gives you some time to cure it.”
“I don’t see how most of those arguments are valid if a state takes the time and effort to go through adding ballot tracking and transparency,” he said. 
The system has additional benefits for election administrators. While voters must opt in to receive notifications, administrators can use a BallotTrax dashboard to track all mailed ballots within their jurisdiction. As the incident in Denver in 2010 illustrated, officials can use that visibility “to find out if there are issues in the postal stream that may become impactful later,” Olsen said. 
Election officials can also use the BallotTrax dashboard to gain insight into voter turnout and demographic trends. 
Meanwhile, both voters and election officials benefit simply from a greater sense of confidence in the process, Olsen said. Back in Denver, before ballot tracking was deployed, election officials were receiving calls from around one out of every four voters inquiring about their mailed-in ballots, Olsen said. After tracking was implemented, only around one out of every 20 voters called in. 
“We were answering voters’ concerns before they even asked,” Olsen said. 

Coronavirus More

Image: QiAnXin

A major ransomware outbreak hit Chinese internet users earlier this year in April. For about a week, a ransomware strain known as WannaRen made tens of thousands of victims among both home consumers and local Chinese and Taiwanese companies.
Looking back, in retrospect, four months later, WannaRen’s virality can be explained due to the fact that its code was loosely modeled after WannaCry, the ransomware strain at the heart of the May 2017 global outbreak.
Just like their inspiration, the authors of the WannaRen ransomware incorporated the EternalBlue exploit into their infection chain, allowing WannaRen to spread without restrictions inside corporate networks before encrypting and ransom files.
And just like WannaCry, WannaRen spread like wildfire, far beyond what the ransomware’s authors had intended, creating more havoc than they anticipated, and the reason why, in the end, the malware’s authors gave up the master decryption key for free, so all victims could eventually recover their files.
The Hidden Shadow malware group
More than three years after it happened, we can now say for sure that WannaCry was created by North Korean government hackers as a way to infect a few victims, ransom their files, and use the ransom payments to raise funds for the Pyongyang regime. WannaCry authors never had big ambitions, and causing a global outbreak was never their intent, as this only brought more attention to their illicit sanctions-evading and criminal activities.
However, something similar can also be said for the authors of the WannaRen ransomware, a group that Chinese antivirus maker Qihoo 360 said it’s been tracking under the name of Hidden Shadow.
Described as a small-time threat actor, this group has been active for years, being involved in the distribution of an assortment of malware strains, usually via pirated software download sites.
Past operations involved the distribution of password-stealers, keyloggers, remote access trojans, and cryptocurrency-mining malware.
WannaRen was added to the group’s arsenal and incorporated into their distribution routine on April 4, this year.
According to multiple sources, WannaRen’s initial point of distribution was a modified installer for the Notepad++ text editor that was shared via the Xixi Software Center.

Image via ITnews
Because access to the official Notepad++ download site is often blocked in China due to the software maker’s anti-Chinese stance, and because Xixi is one of China’s largest software download sites, infections with WannaRen spike right away.
Thousands of Chinese internet users began asking for help decrypting their files on Chinese forums, social networks, and online chats, starting with the first day when WannaRen infections started getting detected, according to local press.
Hidden Shadow malware spread laterally across networks
While many users were home consumers, many asking for help were IT admins managing corporate networks, where WannaRen was particularly aggressive.
This was likely due to WannaRen’s infection routine.
On computers where users installed this booby-trapped version of Notepad++, the installer dropped a backdoor trojan, deployed the EternalBlue exploit to spread laterally across a network (via SMBv1), and used a PowerShell script to download and install the WannaRen ransomware or a Monero-mining module.

Image: Qihoo 360
Once it locked users’ computers, the ransomware would show a ransom note portraying North Korean dictator Kim Jong-un, and ask users to pay a decryption fee of 0.05 bitcoin (~$550) to decrypt their files.
All computers hit by this ransomware were pretty easy to spot, as all encrypted files had their names appended with the “.wannaren” extension.

Image via Weibo
WannaRen authors give out their own decryption key
From the pretty niche distribution method and the low ransom demand, it was pretty clear from the get-go that the Hidden Shadow group had not intended for their ransomware to spread so widely and so fast.
Likely fearing or anticipating a crackdown from Chinese authorities, less than a week after they started distributing WannaRen, the Hidden Shadow group reached out to a local Chinese cybersecurity firm named Huorong Security (火绒, or Tinder Security).
In a series of emails the company shared online, the WannaRen authors shared the ransomware’s private encryption key (also known as a master decryption key) with Huorong’s staff, asking the company to create and share a free decryption utility with infected victims.

Image: Huorong Security
On the same day, on April 9, Huorong released its WannaRen decryption utility, followed a few hours later by a similar decryption utility created by RedDrip, a cyber-security division inside QiAnXin Technology, which has also been tracking the ransomware’s rapid spread across China.
However, while the vast majority of WannaRen users were in China, the ransomware’s extreme virality also allowed it to spread via internal networks from Chinese subsidiaries to some foreign companies as well.
Since not all these companies might be aware that there is a free decryption tool available, or they might not trust the tools created by the two Chinese security vendors, today, Romanian antivirus maker Bitdefender also released its own WannaRen decryption utility.
At the time of writing, WannaRen infections appear to have died out, but victims who may have copies of files encrypted by this threat back in April can now decrypt them for free. More

In the beginning, there were BlackBerrys, email appliances that opened the world’s eyes to mobile data. Then came the second-generation BlackBerrys built on a new, short-lived operating system, BlackBerry 10. When the company exited the smartphone business and licensed the Blackberry name to TCL, we saw the third-generation BlackBerrys built on Android. And, next year, we will see what may be the fourth generation of the pioneering mobile phone brand courtesy a startup called OnwardMobility that has replaced TCL as the Blackberry brand licensee.

How much of a break the new BlackBerrys make from the previous Android versions, particularly if TCL had been allowed to move forward, is yet unknown. OnwardMobility says that its first new BlackBerry set to debut in the first half of 2021 will support 5G. Beyond that, it will have a physical keyboard, run on Android, and focus on security and privacy as products — all traits of products that TCL produced. Both traditional physical keyboards and newfangled folding screens, though, offer many ways to differentiate. (TCL seems keen on the latter, having shown off several, mostly non-functional, prototypes of devices with folding and even rolling displays last year.)
The keyboard is the thornier issue. On TCL’s final Blackberry, the Key2, the company boasted that its keys had been enlarged over its predecessor. While its keyboard is usable, even efficient with practice, it faces tough competition from large smartphones that offer adequate spacing for screen-based keyboards. The Surface Duo and the LG Velvet (when equipped with its second-screen accessory) can even dedicate a whole screen to the keyboard. As smartphone screens grew to better accommodate a thumb-typing experience, I once thought that, while the efficiency may be comparable between physical keys and glass typing, the former felt better with its tactile response. But by the time Android-based BlackbBrrys arrived, the reverse felt true.
Even if the next BlackBerry creates best-in-class smartphone keyboard efficacy (which today belongs to the Planet Computers products), it still must allocate room for the keyboard. That requires either reducing the screen size (as in the Key2) or making a two-decked device (as in the F(x)Tec 1 or the Planet Computers’ Astro Slide, which is also due with 5G in the first half of next year). Some BlackBerry fans online have said they would welcome an updating of the Priv, a vertical slider with curved edge glass. Here’s where folding or rolling screens could come in handy, potentially creating minimal extra thickness while allowing access to a keyboard and larger display when extended.
When the news of BlackBerry (the company) and TCL parting ways broke earlier this year, I speculated on many of the reasons why BlackBerry might have terminated the agreement. OnwardMobility says one of the things that appealed to the licensor was the new company’s ties to a well-regarded manufacturer. TCL may not have done enough to move the needle on BlackBerry volumes, but that’s been a long-running challenge that OnwardMobility will have to face as well. Retro smartphone brands have had a mixed record. Nokia-licensee HMD has effectively attacked the value segment, Lenovo’s Motorola brand is moving on from its modular Z-series experiment and initial RAZR revival, and startup Palm has stayed quiet since its initial mini-smartphone/companion landed with the thud of a basketball dribbled by backer Steph Curry.
It’s now been almost four years since what was once Research in Motion left the smartphone market after its own long sales decline. 5G phones will be entering the market at a rapid clip next year. To make headway, OnwardMobility will have to extend the brand’s reach and signature input method to smartphone users who have known only typing on glass.
PREVIOUS AND RELATED COVERAGE
With no brand license, Blackberry Mobile fades to black Blackberry’s termination of its brand license to TCL raises questions about what led to the split and whether this is truly the end of a once-dominant phone brand.
BlackBerry phones dead again? TCL to stop making the handsets Sales of devices will end in August.
In a market without keyboards, BlackBerry presses on Early smartphone users cursed the awkwardness of software keyboards. But for BlackBerry to come back, it will need to crack a market that has embraced typing on glass. More

Facebook is being sued for displaying fact-check messages on anti-vaccination posts, with one group claiming that the practice is “censorship.”

Children’s Health Defense (CHD), led by Robert F. Kennedy, Jr., filed the lawsuit on Monday in San Francisco Federal Court. 
In April, faced with an influx of misleading and fake COVID-19 content, the social media giant started notifying users when interacted with misinformation relating to the pandemic, including likes, reactions, or comments. 
See also: Facebook pulls video from Trump’s page labelling it as COVID-19 misinformation
These posts included “cure-all” measures, fake methods to prevent contagion, and conspiracy theories, such as the connection between vaccinations, COVID-19, and 5G. 
In recent months, conspiracy content spread by anti-vaccination groups including claimed connections between 5G and the spread of COVID-19, population microchipping schemes, and the creation of the novel coronavirus as a bioweapon. 
Warnings included alerts and fact-check notices for misleading content and disproven claims, together with links to the Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) pages.
Facebook, CEO Mark Zuckerberg, and three fact-checking companies hired by the firm to perform checks on hot topics — such as the novel coronavirus, 5G, and vaccines — are accused of “fraudulently misrepresenting and defaming CHD.”
Alongside displaying alerts on CHD content, Facebook also removed the group’s donate button and rejected advertising bids.
CNET: How Intel will keep Moore’s Law cranking for years to come
CHD says in its complaint (.PDF) that Facebook and the US government have teamed up to censor speech, and the company should not be protected as an alleged violator of the First Amendment — which usually does not apply to private companies — as the pair have “privatized” the law. 
“The CDC and, under its aegis, the WHO then collaborated at length with Facebook to suppress vaccine safety speech with a “warning label” and other notices that appear to flag disinformation, but in reality censor valid and truthful speech,” the complaint reads.
TechRepublic: Why Mozilla’s layoffs and Google deal made me rethink my browser of choice
Furthermore, the group claims that Facebook has “insidious conflicts” with pharmaceutical companies, health regulators, and also has a vested interest in the telecom and 5G space. 
CHD is seeking damages beyond $5 million.
ZDNet has reached out to Facebook for comment and will update when we hear back. 

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

A P2P botnet newly-discovered by researchers has struck at least 500 government and enterprise SSH servers over 2020. 

On Wednesday, cybersecurity firm Guardicore published research into FritzFrog, a peer-to-peer (P2P) botnet that has been detected by the company’s sensors since January this year. 
According to researcher Ophir Harpaz, FritzFrog has attempted to brute-force SSH servers belonging to government, education, financial, medical, and telecom players worldwide over the last eight months. 
The malware was discovered while Harpaz worked on the Botnet Encyclopedia, a free security threat tracker, as reported by sister site TechRepublic. 
See also: For 8 years, a hacker operated a massive IoT botnet just to download Anime videos
A minimum of 500 servers have been breached, including those connected to prominent US and European universities, as well as an unnamed railway company. 
FritzFrog is a decentralized botnet that uses P2P protocols to distribute control over all of its nodes, thereby avoiding having one controller or point-of-failure. 
After brute-forcing an SSH server, the malware deployed on infected systems is fileless and both assembles and executes only in memory — likely in an effort to avoid detection and leave little trace of its presence. According to the team, each infected machine then becomes a bot capable of receiving and executing commands. 
CNET: Secret Service reportedly paid to access phone location data
The FritzFrog malware is written in Golang and over 20 variants have been detected in the wild. Once executed, FritzFrog unpacks malware under the names ifconfig and nginx and sets up shop to listen for commands sent across port 1234. 
However, these commands are usually easy to spot, and so attackers connect to the victim over SSH and run a netcat client instead. 
The first command joins the victim machine to the existing database of network peers and slave nodes. Other commands, all of which are AES encrypted, includes adding a public SSH-RSA key to the authorized_keys file to establish a backdoor, running shell commands to monitor a victim PC’s resources and CPU usage, and network monitoring. 
The malware portion of FritzFrog is also able to propagate over the SSH protocol. 
FritzFrog’s primary goal is to mine for cryptocurrency. XMRig, a Monero miner, is deployed and connected to the public pool web.xmrpool.eu over port 5555.
TechRepublic: Top 5 password hygiene security protocols companies should follow
If processes on the server are hogging CPU resources, the malware may kill them to give the miner as much power as possible. 
FritzFrog will also exchange and share files by splitting content into binary data blobs, keeping them in memory, and storing this data with a map linking each blob’s hash value. 
The P2P protocol used for communication by the botnet is “proprietary,” Guardicore notes, and is “not based on any existing implementation,” such as μTP.
This may suggest that “the attackers are highly professional software developers,” the team says. While there are no concrete clues for attribution, some similarities have been found between FritzFrog and Rakos, a botnet discovered in 2016.

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Former Prime Minister Malcolm Turnbull
Screenshot: Asha Barbaschow/ZDNet
Former Prime Minister Malcolm Turnbull has said there’s an opportunity to boost Australian talent, if government and large businesses alike moved away from the big end of tech town when procuring services.
“There’s clearly a big opportunity for innovation and we have outstanding cybersecurity professionals in Australia … we should be developing a world-leading cybersecurity industry,” Turnbull said on Wednesday. “The stronger your cybersecurity industry is in Australia, the better your cybersecurity will be.”
He said one of Australia’s biggest weaknesses is a lack of confidence in its own technological skills and a failure on the part of government “despite encouragement from politicians like myself to invest in and with Australian companies”.
“This is where governments I think often slip up — governments and big companies feel comfortable dealing with other big companies, often big systems integrators, foreign-owned. You’ve got to develop a culture where you are prepared to engage with, testbed, try out, do proof of concepts with smaller, younger, Australian companies,” he said.
The country’s 29th Prime Minister spoke alongside Alastair MacGibbon, who prior to heading up his own Australian cybersecurity megamix, CyberCX, was Turnbull’s special advisor on cyber.
Both Turnbull and MacGibbon in 2016 were faced with the failure of tech kit procured from IBM by the Australian Bureau of Statistics (ABS). On Census night, ABS experienced a series of small denial-of-service (DDoS) attacks, suffered a hardware router failure, and baulked at a false positive report of data being exfiltrated, which resulted in the Census website being shut down and citizens unable to complete their online submissions.
“That was a complete failure by IBM … whose face did all the egg end up on? It ended up on mine as the prime minister,” Turnbull said. “That was a classic case of an Australian agency … thinking that if they go with IBM, everything will be all right. You know, no one got fired for buying IBM and insert name of any other one of these big companies.”
See also: Australian government is currently juggling 62 high-cost IT projects
He said it speaks to not having enough technical skills inside government, and also “just being complacent about the big foreign companies”.
“We need to have more confidence in our own capabilities,” he added.
Acknowledging the need for more female representation in the cyber field, he also said anecdotally if the men in cybersecurity were more “congenial”, more women would get involved.
“There is a theory, I honestly — I’m not warranting this — but there is a theory that if the men were more sort of congenial there’d be more women doing cyber subjects. I don’t know. I think it’s a commentary rather than the solution,” he said.
Must read: Revisiting the conversation about tech diversity and inclusion in Australia
Touching on the federal government’s newly released 2020 Cyber Security Strategy, and the level to which government should be involved with the cybersecurity of businesses, Turnbull said he was hesitant to get behind any legislative direction to govern board responsibilities.
“One thing that could be useful is to require companies to formally address it in their annual report,” he said, accepting that such an approach is more of a “box ticking” exercise than a valid metric.
“That is the problem, because with self-regulation, the only way to look at this is that you can’t — the government’s not in a position to do a security audit on every company in Australia. So the only thing you can do is keep talking about it and keep raising awareness of it.”
“What would make a difference was if somebody got sued for not doing a good enough job on their cybersecurity …. and companies need to be very careful about that because if you’re not paying attention to it and your customers incur, also your company incurs, a loss, you might find yourself at the wrong end of a shareholder action.”
End-to-end encryption, Australia vs the US

While the former PM covered 5G and the banning of Huawei, Chelsea Manning and Edward Snowden, and Australia’s relationship with the overseas-based monarchy, he also touched on the subtle differences between Australia and the United States where end-to-end encryption is concerned.
“The arguments about end-to-end encryption are very cogent ones, because if you give, or if you say to WhatsApp or Signal or whatever, ‘you must have a backdoor key to allow lawful interception’, then the fact that that backdoor key exists, means that somebody else sees a vulnerability,” he said.
“Therein lies the risk.”
But further, Turnbull said the “cultural scene” where end-to-end encryption is concerned, differs in Australia to the likes of the US.
“My sense is Australians generally think the government is trying to do the right thing … they sort of feel the government, by and large, has tried to do the right thing. You know, run by stumblebums and incompetence at any given time,” he said.
“But in America, there is both on the right and the left, a really extreme libertarian tendency which sees the government as the enemy.”
He said this culminates in Silicon Valley as a determination to maintain end-to-end encryption.
“It’s quite ideological and baked into it today. It’s baked into their DNA and it’s connected with things like the second amendment and the right to bear arms,” Turnbull said. “It’s a very different mindset.”
RELATED COVERAGE More