Robin’s Newsletter #127

22 November 2020. Volume 3, Issue 47
RCEP, cyber cooperation and Asian data sovereignty; UK National Cyber Force; Microsoft's 'Pluton' and US Special Forces buying location tracking data
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

RCEP, cyber security cooperation and data sovereignty

The Regional Comprehensive Economic Partnership (RCEP) is the world’s largest-ever trade deal, covering 30% of global GDP, and it was signed by the ten members of the Association of South-East Asian Nations (ASEAN), plus Australia, China, Japan, New Zealand and South Korea this week.

Electronic commerce is an area of focus for the trade agreement with objectives to promote e-commerce and ‘create an environment of trust.’

Cyber security has a small nod within the legal text of the agreement: promoting the use of existing mechanisms to cooperate on cyber security. Information sharing on cyber incident response is also included. That will be important in a region where recent research has shown the majority of businesses that have experienced ransomware attacks choose to pay ransomware demands (see interesting stats below.)

The agreement goes on to say “No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that Party’s territory.”

That’s quite a big deal from a data sovereignty perspective and allows for computing facilities to be located anywhere within the bloc (though some exemptions exist for financial services and national security).

China in particular has long required businesses to set up shop within the ‘Great Firewall’ to access their domestic market.

That doesn’t mean spies are going to stop spying though, with reports surfacing this week of a state-sponsored campaign with ties to China, dubbed FunnyDream, having infected over 200 systems belonging to other Southeast Asian governments in the last two years.

That was probably in large to understand negotiating positions on this very treaty.,, FunnyDream

Interesting stats

88% of Australian, 78% of Singaporean, 69% of South Korean, 62% of Chinese, and 57% of Japanese businesses that experienced a ransomware attack chose to pay the demands in full or part, according to a survey of 2,690 IT execs across the region conducted by Wakefield Research in September.

Other newsy bits

UK National Cyber Force announced

The United Kingdom’s National Cyber Force was officially launched in a speech by prime minister Boris Johnson this week, bringing offensive cyber operations conducted by staff from GCHQ and the Ministry of Defence under one joint command. The Defence Science and Technology Laboratory (DSTL) will support technical capabilities and the Secret Intelligence Service (MI6) will also contribute to undercover operations, providing “expertise in recruiting and running agents alongside its unique ability to deliver clandestine operational technology.”,,

Microsoft-designed trusted platform module to be built into CPUs

Microsoft’s ‘Pluton’ security chip, originally designed as part of the Xbox One, is to make its way into processors from Intel, AMD and Qualcomm. By providing a ‘hardware root of trust’ within the main processor they hope to help prevent Meltdown, Spectre style speculative execution vulnerabilities. The new chips will also tighten integration between hardware and Windows operating system.

US Special Operations Command is buying location data

When buying what you need on the open market is more cost-effective than covert action: US Military buying access to location tracking data from data brokers Babel Street, X-Mode to augment special operations. A good read and interesting investigation from Jospeh Cox at VICA Motherboard.

In brief

Attacks, incidents & breaches

  • Hadouken! Capcom confirms data breach following ransomware attack, including names, address, phone and date of birth info on 350,000 customers, security logs lost as part of the attack
  • Popular Android message app Go SMS Pro is exposing millions of users’ private photos and videos by using sequential IDs for sharing data with those not on the platform
  • Manchester United working to “minimise the ongoing IT disruption” of cyber-attack
  • Hackney Council struggling to restore services in wake of ‘advanced, criminal attack,’ and some services will be “unavailable or operate differently for months”

Threat intel

  • Lazarus malware targeting South Korean supply chains
  • Cicada (aka APT10 / Stone Panda / Cloud Hopper) campaign uncovered by Symantec targeting companies with ties to Japan

Security engineering

Internet of Things

  • NIST to produce federal security guidelines for Internet of Things as HR 1688 passes Senate vote


Public policy

  • The Global Commission on the Stability of Cyberspace (GCSC) - a group backed by Netherlands, Singapore, France - has published a report setting out proposed ‘norms’ to maintain the stability of cyberspace
  • Donald Trump has fired Chris Krebs, head of the US Cybersecurity and Infrastructure Security Agency (CISA) for disputing his claims of election hacking
  • White House publishes guidance on regulating artificial intelligence applications produced in the US

Law enforcement

  • FIN7 recruiter pleads guilty for role in notorious criminal group

Mergers, acquisitions and investments

  • FireEye acquires Respond Software fro $186M, will fold the companies Analyst product into Mandiant Solutions platform

And finally

Privacy-gaff leaves users recoiling

Content monetisation startup Coil scored an own goal this week when it emailed an update to their privacy policy and included everyone on the ‘to’ line, exposing users’ email addresses. “Please forgive us” the company pleaded in a follow-up admitting the human error.


  Robin's Newsletter - Volume 3

  Regional Comprehensive Economic Partnership (RCEP) Association of South-East Asian Nations (ASEAN) Cyber Norms Data Sovereignty UK National Cyber Force Microsoft Pluton Speculative Execution Spectre Meltdown USSOCCOM Location tracking Data brokers