Archive for China

US Goes After China For Hacking… China Hits Back

Posted in Commentary with tags , , on July 21, 2021 by itnerd

The US has taken the unusual step taking a shot at China over the hacking of Microsoft. This March, Microsoft reported that at least 30,000 customers were affected by a hack that allowed outsiders to access the firm’s email and calendar service through a software loophole previously unknown to the company. Volexity, the cybersecurity firm that first discovered the Exchange breach, and Microsoft concluded the attacks originated from China and appeared to be state-sponsored.

This has now led to the U.S. Justice Department charging four Chinese citizens from China’s secretive ministry of state security who are alleged to have hacked into the computer networks of dozens of companies, universities and government entities. China denies this:

“The U.S. ganged up with its allies and launched an unwarranted accusation against China on cybersecurity,” Chinese Foreign Ministry spokesman Zhao Lijian said Tuesday at a regular press briefing in Beijing. “It is purely a smear and suppression out of political motives. China will never accept this.”

But this is likely the beginning according to Director of Enterprise Security at Darktrace, David Masson:

“We have entered a new era of cyber-threat – attacks are increasing in speed, sophistication, and scale with malicious software like ransomware being able to encrypt an organization’s entire digital infrastructure in seconds. Even more alarmingly, geopolitical tensions are being played out in cyber battles with organizations getting caught in the crossfire.

Although it is difficult to attribute these attacks to any single nation-state, our government should take every opportunity to pressure cyber-criminals and grow international condemnation in the hopes of resetting the current state of unchecked nation and non-nation state cyber-aggression targeting countries globally. This lack of a unified strong and significant international response only further emboldens nation-state driven or sponsored cyber-attacks against the private sector and government institutions.

Canada can lead the way in putting every nation state and cybercriminal group, whether state-sponsored, supported, or simply sheltered, on notice that cyber-attacks will not only be taken extremely seriously, but that there could be a high cost where those responsible are held accountable through all levers of national power.

The priority must be protecting Canadian businesses and institutions from cyber-attacks that pose a threat to both economic and national security.”

Hopefully Canadian businesses, if not all businesses take heed of this warning.

DHS Warns Americans About Dealing With Chinese Firms Or With Firms With Chinese Citizens In “Leadership And Security-Focused Roles”…. Hmmmm

Posted in Commentary with tags , on December 23, 2020 by itnerd

Earlier today I posted a story on DHS warning consumers about TCL TVs running Android which allegedly contains back doors that could steal data. I did some hunting around and found that DHS has a broader  business advisory that was published on Wednesday that says that Chinese products and services could contain backdoors or other data collection systems. It also said that data theft could occur via insider threats and business partnerships. The goal is to harvest data from western companies for use in furthering China’s economic goals.

The advice that DHS has is to take care when sharing data with Chinese firms; using equipment produced or maintained by Chinese companies; and even when working with companies that have Chinese citizens in “key leadership and security-focused roles.” Which is pretty broad and borders on sounding racist to me. I have to wonder how much of this is a legitimate threat, and how much of this is xenophobia. I guess we’ll find out soon enough.

India Bans More Chinese Apps

Posted in Commentary with tags , on November 24, 2020 by itnerd

India is not done banning Chinese apps. The world’s second largest internet market, which has banned over 175 apps with links to the neighboring nation in recent months, said on Tuesday it was banning an additional 43 such apps.

Like with the previous orders, India cited cybersecurity concerns to block these apps. “This action was taken based on the inputs regarding these apps for engaging in activities which are prejudicial to sovereignty and integrity of India, defence of India, security of state and public order,” said India’s IT Ministry in a statement. The ministry said it issued the order to block these apps “based on the comprehensive reports received from Indian Cyber Crime Coordination Center, Ministry of Home Affairs.” The apps that have been banned include popular short video service Snack Video, which had surged to the top of the chart in recent months, as well as e-commerce app AliExpress, delivery app Lalamove, and shopping app Taobao Live. At this point, there doesn’t appear to be any Chinese app left in the top 500 apps used in India.

Oh boy. I think it’s safe to say that you can expect a response from China as this is pretty much an “F-U” to China. And that’s likely to be an instant response.

This should be fun to watch.

India Bans More Chinese Apps….. 118 Of Them….

Posted in Commentary with tags , on September 2, 2020 by itnerd

A few weeks ago I wrote a story about India banning TikTok over security concerns. There’s news now that they’ve banned 118 apps of Chinese origin including PUBG and Tencent. Medianama shared an official statement from the Indian government on the ban extension:

“The Ministry of Electronics and Information Technology has received many complaints from various sources including several reports about misuse of some mobile apps available on Android and iOS platforms for stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India. The compilation of these data, its mining and profiling by elements hostile to national security and defence of India, which ultimately impinges upon the sovereignty and integrity of India, is a matter of very deep and immediate concern which requires emergency measures,” the IT Ministry said in a statement.

You can fully expect this to inflame tensions between India an China. And those two countries have lots of tensions at the moment. Plus it will likely encourage the US to ban more Chinese apps. Especially seeing as the date to ban TikTok in the US is approaching.

US To Purge “Untrusted” Chinese Apps And Stop US Apps From Being Installed On Huawei Phones

Posted in Commentary with tags , , on August 6, 2020 by itnerd

This situation between the US and China is escalating further with news that the US is going to purge what it calls “untrusted” apps which all happen to be from China:

U.S. Secretary of State Mike Pompeo said expanded U.S. efforts on a program it calls “Clean Network” would focus on five areas and include steps to prevent various Chinese apps, as well as Chinese telecoms companies, from accessing sensitive information on American citizens and businesses. 

Pompeo’s announcement comes after U.S. President Donald Trump threatened to ban TikTok. The hugely popular video-sharing app has come under fire from U.S. lawmakers and the administration over national security concerns, amid intensified tensions between Washington and Beijing. 

“With parent companies based in China, apps like TikTok, WeChat and others are significant threats to personal data of American citizens, not to mention tools for CCP (Chinese Communist Party) content censorship,” Pompeo said.

To the shock of absolutely nobody, China is not at all happy:

In an interview with state news agency Xinhua on Wednesday, Chinese foreign minister Wang Yi said the United States “has no right” to set up the “Clean Network” and calls the actions by Washington as “a textbook case of bullying”.

“Anyone can see through clearly that the intention of the U.S. is to protect it’s monopoly position in technology and to rob other countries of their proper right to development,” said Wang.

But the US action doesn’t stop there. The US doesn’t want US apps on Huawei phones:

Pompeo said the United States was working to prevent Chinese telecoms firm Huawei Technologies Co Ltd from pre-installing or making available for download the most popular U.S. apps on its phones. 

“We don’t want companies to be complicit in Huawei’s human rights abuses, or the CCP’s surveillance apparatus,” Pompeo said, without mentioning any specific U.S. companies.

No matter how you look at it, this war between China and the US is going to be very bad and you can expect to see more shots traded between these two. Especially in the lead up to the US election in November.

BREAKING: US Department Of Justice Indicts 4 Chinese Nationals In Equifax Hack

Posted in Commentary with tags , on February 10, 2020 by itnerd

In the last few minutes, news is coming out that four Chinese Nationals are being charged by the US Department Of Justice in relation to the Equifax hack. The Washington Post has the details:

In a nine-count indictment filed in federal court in Atlanta, federal prosecutors alleged that four members of the People’s Liberation Army hacked into Equifax’s systems, stealing the personal data as well as company trade secrets. In a statement announcing the case, Attorney General William P. Barr called their efforts “a deliberate and sweeping instrusion into the private information of the American people.”

The fact that these four individuals are members of the Chinese military underscores the threat that nation states can pose to IT infrastructure. Also, it is highly unlikely that they will ever face trial in the US as I see no scenario where China hands them over to face US justice as I have to assume that they are still in China. Thus I can see a scenario where the US goes after the Chinese in cyberspace in retaliation for this hack, and perhaps others as China has been linked with other high profile hacks that have happened in teh last few years.

UPDATE: You can read the indictment here.

WhatsApp May Be Blocked In China

Posted in Commentary with tags , on July 19, 2017 by itnerd

The New York Times is reporting that popular messaging service WhatsApp appears t be blocked in China:

The blocks against WhatsApp originated with the government, according to a person familiar with the situation who declined to be named because they were not authorized to speak on the record about the disruption. Security experts also verified that the partial disruption in WhatsApp started with China’s internet filters.

“According to the analysis that we ran today on WhatsApp’s infrastructure, it seems that the Great Firewall is imposing censorship that selectively targets WhatsApp functionalities,” said Nadim Kobeissi, an applied cryptographer at Symbolic Software, a cryptography research start-up.

This isn’t trivial as WhatsApp has something in the area of 1.2 billion users worldwide. Thus this is going to get a lot of attention. The question is, will the Chinese government care about the blowback from this? We’ll have to watch and see.

Report Says China Not Cracking Down On VPNs…. Maybe

Posted in Commentary with tags on July 14, 2017 by itnerd

So, remember that story from earlier this week where I told you that China was going to crack down on VPN usage in the country. Well… There’s this report courtesy of The Paper  which thee folks over at Engadget spotted claims that China isn’t planning a blanket ban. In a statement, China’s Ministry of Industry and Information said that “authorized” VPNs such as domestic and international companies, won’t be affected. Whatever authorized means exactly.

So, all this report has done is made something that looked pretty black and white and turned it into grey. Lovely. If I were a betting man, I would bet on a VPN ban going into effect. Thus if you happen to be travelling to the country in 2018 and you need to use a VPN while you’re there, don’t plan on it working.

 

China Cracks Down On VPNs

Posted in Commentary with tags on July 11, 2017 by itnerd

It seems that the Chinese government is not cool with VPNs as it gives Chinese citizens access to services that may not be approved by the government such as Google, Twitter and Facebook or news websites like The New York Times. I say that because according to The Verge that VPNs are pretty much verboten, or at least will be:

Citing sources familiar with the matter, Bloomberg reports that the Chinese government ordered state-run telecoms to begin blocking VPNs by February 1st. Earlier this year, China’s Ministry of Industry and Information Technology announced that all VPN services would need to obtain government approval, as part of a “cleanup” of unauthorized internet connections.

Many Chinese internet users use VPNs to privately access websites that are blocked under China’s so-called “Great Firewall,” including restricted news sites and social media services like Facebook and Twitter. It is unclear whether the VPN block would affect foreign corporations, many of which use VPNs to secure data and circumvent web filters.

So how does this affect VPN providers? How does this affect tourists and visiting business users that may need VPN access to their companies? I reached out for comment from NordVPN and got this from NordVPN’s CMO, Marty P. Kamden:

“NordVPN stands for freedom of speech and free access to Internet around the world. When it comes to China, nothing is ever certain, and that’s the approach we took from the get-go. It’s not yet clear how the Chinese government is going to implement the ban from the technical point of view. However, we at NordVPN will do everything within our power to enable our users to continue enjoying the Internet freedom.”

We’ll have to see how this plays out, but if you’re going to China, plan accordingly.

Threats Tied To China Have Far Reaching Effects For Android Smartphone Users

Posted in Commentary with tags on November 23, 2016 by itnerd

If you use an Android smartphone, you should read this story as it’s pretty scary. The Hacker News is reporting that there’s a backdoor that is potentially pre-installed on 700 million Android phones that sends your data to China:

Security researchers from Kryptowire discovered the alleged backdoor hidden in the firmware of many budget Android smartphones sold in the United States, which covertly gathers data on phone owners and sends it to a Chinese server without users knowing.

First reported on by the New York Times on Tuesday, the backdoored firmware software is developed by China-based company Shanghai AdUps Technology, which claims that its software runs updates for more than 700 Million devices worldwide.

That’s pretty bad. Here’s what it does:

Besides sniffing SMS message content, contact lists, call logs, location data and other personal user information and automatically sending them to AdUps every 72 hours, AdUps’ software also has the capability to remotely install and update applications on a smartphone.

The secret backdoor is said to be there intentionally and not accidently or due to a security flaw, although, according to the US authorities, at the moment it is unclear whether the data is being collected for advertising purposes or government surveillance.

Apparently the software has been supplied to BLU Products, ZTE and Huawei among others. BLU for one is removing the software and ZTE says that the software doesn’t exist on US smartphones. But this doesn’t exactly inspire confidence. For it’s part, AdUps has said that its software featured on the smartphone tested by the security firm was not intended to be included on smartphones in the United States market and was just designed to help Chinese phone manufacturers to monitor user behavior.

Sure.

Now if you want to ensure that you’re not one of the potential 700 million Android users affected by this, there is a detection tool that has been created to sniff this backdoor out which you can get from here. But if you find it, you can’t disable or remove it. You’ll need whomever manufactured your phone to do that for you like BLU has. So if you find it, you’ll need to bug them for a fix.

However, I’m not done yet. There’s a second threat from China that affects Android users. In short, third-party firmware included with over 2.8 million Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target’s phone with root privileges. Anubis Networks found the issue and ThreatPost has the details:

The problem stems from what researchers call an insecure implementation of an OTA mechanism used for updates associated with software made by Ragentek Group, a Chinese firm based in Pudong, Shanghai. According to researchers with Anubis Networks, who disclosed the issue last week, communications over the channel from the responsible binary are unencrypted, which opens the door for a man-in-the-middle attack.

“All transactions from the binary to the third-party endpoint occur over an unencrypted channel, which not only exposes user-specific information during these communications, but would allow an adversary to issue commands supported by the protocol. One of these commands allows for the execution of system commands,” said Dan Dahlberg and Tiago Pereira, researchers with Anubis Networks who on Thursday disclosed the vulnerability.

Researchers with the firm claim that 2.8 million devices – spread across 55 different device models – checked into a sinkhole tied to the binary.

CERT put out a warning on this and tied this issue to devices made by BLU, Infinix, DOOGEE, and LEAGOO among others. BLU says that a future firmware update will cure this, but no other company affected by this has commented on this. That does not inspire confidence.

Perhaps the way to avoid either of these threats is to not buy budget
Android smartphones? Or dare I say it, switch to iOS? Honestly, I am not 100% sure how one can avoid this otherwise.