CAT | China
“HONG KONG — The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ worth of business in China.”
Previous blog posts on China censorship:
Multiple sources are reporting that Google services are once again available in China. They had been blocked in the lead up to the 25th anniversary of Tiananmen Square protests.
In anticipation of possible protests in memory of the Tiananmen Square massacre 25 years ago, China has blocked access to Google search and Gmail. The censorship has been in place for a few days now, suggesting that this may be more than a short term action.
China has long blocked access to YouTube, Twitter, Facebook, and services which would circumvent the blocking, like Anonymizer.
Google search, and Gmail are both popular in China. It will be interesting to see if this actually draws attention to the anniversary, rather than diffusing it.
The image with this post is from 2010 when Google moved out of their China offices to avoid government control. (via Wikipedia)
The South China Morning Post reports that the ban on Facebook, Twitter, the New York Times, and many other sites, will be lifted, but only in the Shanghai free-trade zone.
The information came from anonymous government sources within China. The purpose is to make the zone more attractive to foreign companies and workers who expect open Internet access. The sources say that the more open access may be expanded into the surrounding territory if the experiment is successful.
It will be interesting to see if this actually comes to pass.
Two questions occur to me. First, will the free-trade zone be considered to be outside the firewall, and hard to access from within the rest of China? Second, is this as much about surveillance of activity on those websites as it is about providing free access?
Welcome to The Privacy Blog Podcast for May 2013.
In this month’s episode, I’ll discuss how shared hosting is increasingly becoming a target and platform for mass phishing attacks. Also, I’ll speak about the growing threat of Chinese hackers and some of the reasons behind the increase in online criminal activity.
Towards the end of the episode, we’ll address the hot topic of Google Glass and why there’s so much chatter regarding the privacy and security implications of this technology. In related Google news, I’ll provide my take on the recent announcement that Google is upgrading the security of their public keys and certificates.
Leave any comments or questions below. Thanks for listening!
When we hear that a company has been hacked by China what is usually meant is that the company has been hacked from a computer with a Chinese IP address. The immediate implication is that it is Chinese government sponsored.
Of course, there are many ways in which the attacks might not be from anyone in China at all. Using proxies or compromised computers as relays, would allow the attacker to be anywhere in the world while appearing to be in China. The fact that there is so much hype about Chinese government hacking right now, makes China the perfect false flag for any attacker. It sends investigators down the wrong path immediately. However, there is growing evidence that many of the attacks are actually being perpetrated by independent Chinese civilian criminal hackers out to make a buck. They are intent on stealing and selling intellectual property. The huge supply, and under employment, of computer trained people in China may be to blame. They have the skills, the time, and a need for money.
The Chinese government has also been very lax about trying to track down these individuals and generally suppress this kind of activity. The hacking activity is certainly beneficial to the Chinese economy, as the IP is generally stolen from outside China and sold to give advantage to Chinese companies. That gives a kind of covert and subtle support to the hacking activity without any actual material help or direction.
So, it is not quite government sponsored, and it IS actually Chinese. The bottom line is that it is a real problem, and a threat that is actually harder to track down and prevent because it is so amorphous.
Another from the “if the data exists, it will get compromised” file.
This article from the Washington Post talks about an interesting case of counter surveillance hacking.
In 2010, Google disclosed that Chinese hackers breached Google’s servers. What only recently came to light was that one of the things compromised was a database containing information about government requests for email records.
Former government officials speculate that they may have been looking for indications of which of their agents had been discovered. If there were records of US government requests for information on any of their agents, it would be evidence that those agents had been exposed. This would allow the Chinese to shut down operations to prevent further exposure and to get those agents out of the country before they could be picked up.
I had not thought about subpoenas and national security letters being a counter intelligence treasure trove, but it makes perfect sense.
Because Google / Gmail are so widely used, they present a huge and valuable target for attackers. Good information on almost any target is likely to live within their databases.
The short version is, if an attacker is going for you specifically, they can do enough research to craft an email and attachment that you are almost certain to open. The success rate against even very paranoid and sophisticated users is shockingly high.
In Bruce Schneier’s blog post about this he quotes Brian Snow, former NSA Information Assurance Director. “Your cyber systems continue to function and serve you not due to the expertise of your security staff but solely due to the sufferance of your opponents.”
It appears that China recently launched a poorly executed Man in the Middle (MITM) attack on GitHub.
GitHub.com is an https only website, so the only way to monitor it is to use a MITM attack to decrypt the contents of the communications. There is evidence that GitHub is widely used in China for code sharing, so the backlash from blocking it completely was too large, and it was unblocked a few days later.
The attack happened on January 26. It was poorly executed in that the faked certificate did not match the real one in any of the meta-data and it was not signed by a recognized certificate authority. This caused most browsers to report a security error. The MITM attack only lasted about an hour.
Based on reports it only impacted users in China, which strongly suggests that it was government backed at some level. My work in censorship circumvention over the years has shown that China is far from monolithic. This could have been the work of a local government or regional ISP. I have not seen an analysis showing if this was country wide or not. It seems very ham fisted for the central government.
The speculated reason for the attack is to monitor access to a list of people who have been involved in creating the Great Firewall of China, which is hosted on GitHub, and is connected to a petition on Whitehouse.gov proposing that those people be denied entry to the US.
In the tradition of Jonathan Swift’s “A Modest Proposal” is “The Dictator’s Practical Guide to Internet Power Retention, Global Edition”.
Under the pretext of being a guide on how to crack down on Internet dissent for dictators, it does a nice job of analyzing how the Internet is used by dissidents, and the techniques used by governments to crack down on those practices.
Thanks to boingboing for bringing this to my attention.