Archive for China

NSA, CISA and FBI Expose Chinese Backed Exploitation Of Network Providers And Devices

Posted in Commentary with tags , , on June 8, 2022 by itnerd

The NSA, CISA and FBI have released a Cybersecurity Advisory called “People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices“. This advisory centers around the fact that hackers aligned with China are using a variety of techniques to exploit publicly-known vulnerabilities in equipment, allowing them to establish a broad network of compromised infrastructure. The advisory also lists a number of mitigation strategies that organizations need to take to protect themselves.

Jason Middaugh who is the Chief Information Security Officer, MRK Technologies had this to say:

The latest Cybersecurity Advisory from the NSA, CISA, and FBI drives home the importance of good cybersecurity fundamentals such as keeping assets updated/patched, changing default credentials to strong passphrases, and requiring multi-factor authentication wherever possible.

Many companies make the mistake of focusing on implementing the latest and greatest high-tech hardware/software and overlook the basics like system hardening and asset lifecycle management.

It does not matter whether it is the PRC attempting to exploit the device or an international cybercrime syndicate, if you don’t do the basics well it is only a matter of time before an internet facing asset is compromised.

Clearly this advisory is required reading for all enterprises. Because at the end of the day all enterprises are at risk. And it doesn’t matter if it’s China, or a ransomware group. All enterprises need to reduce their attack surface as much as possible to ensure that they are as safe from attack as possible.

UPDATE: Chris Olson, CEO, The Media Trust had this to say:

“Zero-days and other vulnerabilities in networked devices are an overlooked national security threat, especially in the midst of mounting geopolitical tensions. Unfortunately, the problem is not isolated to IT infrastructure, but also extends to the software supply chain, popular apps and mainstream websites. Today, foreign adversaries are targeting American consumers and businesses through code, with no borders to prevent malicious activity. In addition to following the advice published in the joint cybersecurity advisory, organizations should regularly monitor their digital ecosystem for the presence of untrusted third parties and remove bad actors to protect their users.”

Huawei & ZTE Punted From Canadian 5G Networks…. What Took Canada So Long To Do This???

Posted in Commentary with tags , , , on May 20, 2022 by itnerd

Late yesterday news filtered out that both Huawei and ZTE have been banned from Canadian 5G networks over national security concerns. And any telco that are using their gear needs to rip it out ASAP. This mirrors similar moves by the US, UK, New Zealand, and Australia who along with Canada are known as the “Five Eyes” which is an alliance of these five countries to share intelligence. The difference is that Canada was late to this decision while the other four made this call years ago. Thus one has to wonder why it took Canada so long to make this move.

In my opinion, one factor had to be the Michael Kovrig and Michael Spavor situation where those two Canadian citizens were essentially held hostage by the Chinese government in retaliation for the arrest of Meng Wanzhou who is the CFO of Huawei in Vancouver and at the request of the US government. That eventually got sorted when the US cut a deal with Wanzhou which allowed the two Michael’s to be released by China as that’s how “hostage diplomacy” works. But even then, that was over a year ago and they are only banning Huawei and ZTE now. So that can’t be the only reason. Though it’s not clear to me what other reasons exist.

Regardless of what reasons exist, here’s the thing that really bothers me about this rather late decision by the Canadian government to ban Huawei and ZTE. If you accept that both of these companies are arms of Chinese intelligence, which I happen to believe to some degree, then this inaction by the Canadian government has given both these companies an inside look at not only the telecommunications networks in Canada, but how Canadians use those networks. Not to mention that they could have been doing who knows what to gather whatever information that the Chinese government wanted them to gather. All while the Canadian government sat on its hands and did nothing. So even though they’re now banned, Huawei, ZTE, and the Chinese government still win. And that highlights how the Canadian government has failed miserably on this issue.

When it comes to national security, governments have to take it seriously. They have to make decisions that lean towards ensuring security and they have to make those decisions quickly. That didn’t happen here, and I have to wonder if it is going to cost Canada down the road. Because it’s pretty clear that the Canadian government dropped the ball here, and there needs to be some accountability on that front.

Chinese Hackers Targeting Ukraine Says Google

Posted in Commentary with tags , on March 20, 2022 by itnerd

Google’s Threat Analysis Group (TAG) says that China has gotten involved in the Russia/Ukraine war by having its hackers target Ukraine. Google TAG Security Engineer Billy Leonard posted this to Twitter:

In case you’re wondering who Intrusion Truth are, they are a secretive group known for its work on exposing suspected Chinese hacking operations. So if they’re saying something that Google is confirming, then it’s pretty much fact.

This was backed up by Shane Huntley who runs Google’s Threat Analysis Group:

I wonder what the US Government thinks of these reports as US President Joe Biden has recently warned Chinese President Xi Jinping not to get involved in the Russian/Ukraine war. He was talking about weapons and the like. But maybe he should add this to the list as clearly China isn’t neutral when it comes to this war.

The Official Beijing Winter Olympics App Is Found To Be insecure By Citizen Lab

Posted in Commentary with tags , on January 18, 2022 by itnerd

In a report released by The University of Toronto’s Citizen Lab today, researchers analyzed the ‘My 2022’ Beijing Winter Olympics app and discovered the app is insecure when it comes to protecting the sensitive data of its users. The app’s encryption system carries a significant flaw that enables middle-men to access documents, audio and files in cleartext form. Researchers found that the ‘My 2022’ app, which is required for all athletes, members of the press and the audience to have installed, is subject to censorship based on keywords and has an unclear privacy policy that doesn’t determine who receives and processes sensitive data, thus violating Google and Apple’s App Store guidelines. 

Chris Olson, CEO at The Media Trust, an enterprise digital safety platform:    

“Poor app security is a leading cause of the rise in cyberattacks on mobile devices. While the security issues found in ‘My 2022’ are concerning, unfortunately they are not as unique as they appear. Not all mobile apps are susceptible to man-in-the-middle attacks, but most of them do contain undisclosed third parties who can access the same user data as the developer. Mobile users frequently assume that they are safe either because of app store policies, or because they have consented to terms of service – but third parties are not carefully checked by app reviewers, and they are rarely monitored for safety. They can be hijacked to execute phishing attacks, share sensitive data with fourth or fifth parties, suffer a data breach caused by lax security practices, or worse.”

I have to admit that if I were an athlete going to these Olympics and I read this, I may think twice about going. And it makes the move by the Dutch to have athletes keep their personal electronics at home look like a good decision.

Dutch Olympic Committee To Dutch Athletes: Don’t Take Your Phones And Laptops To The Winter Olympics In China

Posted in Commentary with tags , on January 12, 2022 by itnerd

Right now, China doesn’t exactly have the best public perception when it comes to being trustworthy. That’s on display via this Reuters article where Dutch Athletes are being told by the Dutch Olympic Committee to leave their phones and laptops at home when they go to the Winter Olympics that are being held in China:

Dutch athletes competing in next month’s Beijing Winter Olympics will need to leave their phones and laptops at home in an unprecedented move to avoid Chinese espionage, Dutch newspaper De Volkskrant reported on Tuesday. The urgent advice to athletes and supporting staff to not bring any personal devices to China was part of a set of measures proposed by the Dutch Olympic Committee (NOCNSF) to deal with any possible interference by Chinese state agents, the paper said citing sources close to the matter. NOCNSF spokesman Geert Slot said cybersecurity was part of the risk assessment made for the trip to China, but declined to comment on any specific measure. “The importance of cybersecurity of course has grown over the years”, Slot said. “But China has completely closed off its internet, which makes it a specific case.”

It will be interesting to see how China reacts to this. If they say nothing, you have to wonder why as that it implies that China is actually doing something. But if they react in an angry manner, then you might say exactly the same thing. And I can see a scenario where if other countries copy the Dutch, then the Chinese might really freak out as a result.

Get the popcorn ready.

US Goes After China For Hacking… China Hits Back

Posted in Commentary with tags , , on July 21, 2021 by itnerd

The US has taken the unusual step taking a shot at China over the hacking of Microsoft. This March, Microsoft reported that at least 30,000 customers were affected by a hack that allowed outsiders to access the firm’s email and calendar service through a software loophole previously unknown to the company. Volexity, the cybersecurity firm that first discovered the Exchange breach, and Microsoft concluded the attacks originated from China and appeared to be state-sponsored.

This has now led to the U.S. Justice Department charging four Chinese citizens from China’s secretive ministry of state security who are alleged to have hacked into the computer networks of dozens of companies, universities and government entities. China denies this:

“The U.S. ganged up with its allies and launched an unwarranted accusation against China on cybersecurity,” Chinese Foreign Ministry spokesman Zhao Lijian said Tuesday at a regular press briefing in Beijing. “It is purely a smear and suppression out of political motives. China will never accept this.”

But this is likely the beginning according to Director of Enterprise Security at Darktrace, David Masson:

“We have entered a new era of cyber-threat – attacks are increasing in speed, sophistication, and scale with malicious software like ransomware being able to encrypt an organization’s entire digital infrastructure in seconds. Even more alarmingly, geopolitical tensions are being played out in cyber battles with organizations getting caught in the crossfire.

Although it is difficult to attribute these attacks to any single nation-state, our government should take every opportunity to pressure cyber-criminals and grow international condemnation in the hopes of resetting the current state of unchecked nation and non-nation state cyber-aggression targeting countries globally. This lack of a unified strong and significant international response only further emboldens nation-state driven or sponsored cyber-attacks against the private sector and government institutions.

Canada can lead the way in putting every nation state and cybercriminal group, whether state-sponsored, supported, or simply sheltered, on notice that cyber-attacks will not only be taken extremely seriously, but that there could be a high cost where those responsible are held accountable through all levers of national power.

The priority must be protecting Canadian businesses and institutions from cyber-attacks that pose a threat to both economic and national security.”

Hopefully Canadian businesses, if not all businesses take heed of this warning.

DHS Warns Americans About Dealing With Chinese Firms Or With Firms With Chinese Citizens In “Leadership And Security-Focused Roles”…. Hmmmm

Posted in Commentary with tags , on December 23, 2020 by itnerd

Earlier today I posted a story on DHS warning consumers about TCL TVs running Android which allegedly contains back doors that could steal data. I did some hunting around and found that DHS has a broader  business advisory that was published on Wednesday that says that Chinese products and services could contain backdoors or other data collection systems. It also said that data theft could occur via insider threats and business partnerships. The goal is to harvest data from western companies for use in furthering China’s economic goals.

The advice that DHS has is to take care when sharing data with Chinese firms; using equipment produced or maintained by Chinese companies; and even when working with companies that have Chinese citizens in “key leadership and security-focused roles.” Which is pretty broad and borders on sounding racist to me. I have to wonder how much of this is a legitimate threat, and how much of this is xenophobia. I guess we’ll find out soon enough.

India Bans More Chinese Apps

Posted in Commentary with tags , on November 24, 2020 by itnerd

India is not done banning Chinese apps. The world’s second largest internet market, which has banned over 175 apps with links to the neighboring nation in recent months, said on Tuesday it was banning an additional 43 such apps.

Like with the previous orders, India cited cybersecurity concerns to block these apps. “This action was taken based on the inputs regarding these apps for engaging in activities which are prejudicial to sovereignty and integrity of India, defence of India, security of state and public order,” said India’s IT Ministry in a statement. The ministry said it issued the order to block these apps “based on the comprehensive reports received from Indian Cyber Crime Coordination Center, Ministry of Home Affairs.” The apps that have been banned include popular short video service Snack Video, which had surged to the top of the chart in recent months, as well as e-commerce app AliExpress, delivery app Lalamove, and shopping app Taobao Live. At this point, there doesn’t appear to be any Chinese app left in the top 500 apps used in India.

Oh boy. I think it’s safe to say that you can expect a response from China as this is pretty much an “F-U” to China. And that’s likely to be an instant response.

This should be fun to watch.

India Bans More Chinese Apps….. 118 Of Them….

Posted in Commentary with tags , on September 2, 2020 by itnerd

A few weeks ago I wrote a story about India banning TikTok over security concerns. There’s news now that they’ve banned 118 apps of Chinese origin including PUBG and Tencent. Medianama shared an official statement from the Indian government on the ban extension:

“The Ministry of Electronics and Information Technology has received many complaints from various sources including several reports about misuse of some mobile apps available on Android and iOS platforms for stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India. The compilation of these data, its mining and profiling by elements hostile to national security and defence of India, which ultimately impinges upon the sovereignty and integrity of India, is a matter of very deep and immediate concern which requires emergency measures,” the IT Ministry said in a statement.

You can fully expect this to inflame tensions between India an China. And those two countries have lots of tensions at the moment. Plus it will likely encourage the US to ban more Chinese apps. Especially seeing as the date to ban TikTok in the US is approaching.

US To Purge “Untrusted” Chinese Apps And Stop US Apps From Being Installed On Huawei Phones

Posted in Commentary with tags , , on August 6, 2020 by itnerd

This situation between the US and China is escalating further with news that the US is going to purge what it calls “untrusted” apps which all happen to be from China:

U.S. Secretary of State Mike Pompeo said expanded U.S. efforts on a program it calls “Clean Network” would focus on five areas and include steps to prevent various Chinese apps, as well as Chinese telecoms companies, from accessing sensitive information on American citizens and businesses. 

Pompeo’s announcement comes after U.S. President Donald Trump threatened to ban TikTok. The hugely popular video-sharing app has come under fire from U.S. lawmakers and the administration over national security concerns, amid intensified tensions between Washington and Beijing. 

“With parent companies based in China, apps like TikTok, WeChat and others are significant threats to personal data of American citizens, not to mention tools for CCP (Chinese Communist Party) content censorship,” Pompeo said.

To the shock of absolutely nobody, China is not at all happy:

In an interview with state news agency Xinhua on Wednesday, Chinese foreign minister Wang Yi said the United States “has no right” to set up the “Clean Network” and calls the actions by Washington as “a textbook case of bullying”.

“Anyone can see through clearly that the intention of the U.S. is to protect it’s monopoly position in technology and to rob other countries of their proper right to development,” said Wang.

But the US action doesn’t stop there. The US doesn’t want US apps on Huawei phones:

Pompeo said the United States was working to prevent Chinese telecoms firm Huawei Technologies Co Ltd from pre-installing or making available for download the most popular U.S. apps on its phones. 

“We don’t want companies to be complicit in Huawei’s human rights abuses, or the CCP’s surveillance apparatus,” Pompeo said, without mentioning any specific U.S. companies.

No matter how you look at it, this war between China and the US is going to be very bad and you can expect to see more shots traded between these two. Especially in the lead up to the US election in November.