Tag Archive for: Beijing

Chinese report on suspected NSA hack shows Beijing pushing back

/in


For years, Washington has accused Beijing of instigating cyberattacks against the US and its allies. Now, a Chinese cybersecurity firm says it has identified hacking within China by a group linked to the National Security Agency, hinting at a rethink of how Beijing handles its geopolitical rival.

Chinese officials and companies like Huawei Technologies Co have often responded to US accusations in the past by declaring America the worst cyber-offender of all, pointing in particular to Edward Snowden’s revelations about US espionage.

But this week, Pangu Lab said it discovered US-sponsored hacking activity on Chinese soil. It said it found malware in domestic IT systems it claims was created by hacking group Equation, which is “generally believed” to be linked to the US National Security Agency. In a report issued Feb 23 and covered by the Communist Party-backed Global Times, Pangu Lab said the malware, called Bvp47, had been discovered within “a key Chinese department” in 2013 and 2015. Pangu Lab claimed the malware infiltrated systems to monitor and track key institutions in 45 countries around the world, including US allies, in a campaign that lasted 10 years.

The report marked a departure from Beijing’s typical stance. Faced with allegations of hacking, China has routinely denied the behaviour and labelled the US an “empire of hackers”. Beijing responded to recent reporting that Chinese spies used Huawei to hack an Australian telecommunications network by calling the accusations an “arbitrary smear”, “groundless” and “irresponsible”.

But the effectiveness of that approach has been questioned, including by former Global Times editor-in-chief Hu Xijin. In a recent WeChat post, the widely followed journalist said Chinese officials have been unwilling to provoke its geopolitical rivals and their tactic of relying heavily on statistics was ineffective.

“It is dry,” he wrote on Feb 21. “When have you ever seen a fresh face in China, facing the camera and angrily scolding Washington: The cyber hackers you support attacked our computer system!”

That might be…

Source…

FBI asks athletes to use burner phones during Beijing Winter Olympics

/in


FBI asks athletes to use burner phones during Beijing Winter Olympics | Security Magazine




Source…

Official Beijing 2022 Olympics Mobile App Is Marred by Security Flaws, Researchers Say

/in


A mobile app that’s mandatory for all participants in next month’s Winter Olympics in Beijing contains security flaws that could make it easy for a hacker to steal sensitive personal information, cybersecurity researchers in Canada warn.

The China-built app, My 2022, will be used to monitor the health of attendees, as well as facilitate information sharing, leading up to and throughout the 2022 Games. Technicians with Citizen Lab, a human rights-focused cybersecurity and censorship research group at the University of Toronto, said they found the app failed to authenticate the identity of certain websites, leaving transfers of personal data open to attackers.

In a report released Tuesday, Citizen Lab also said the app didn’t properly encrypt sensitive metadata transmitted through the app’s messaging function, which meant any eavesdropper operating a Wi-Fi hot spot could discover who users are communicating with and when.

The researcher found the vulnerabilities in the iOS version of the app after downloading it and creating an account, said

Jeffrey Knockel,

one of the authors of the report. They weren’t able to create an account on the Android version of the app but found similar vulnerabilities by testing its publicly available features, he said.

Beijing has been put on high alert ahead of the Olympics, with authorities trying to quickly stamp out Covid-19 outbreaks wherever they pop up.



Photo:

Kevin Frayer/Getty Images

Citizen Lab said the vulnerabilities were similar to those frequently found in other Chinese apps, which led it to believe they are more likely to be the result of China’s lax enforcement of cybersecurity standards than part of an intentional government effort to steal data.

Apple

and Google, the maker of Android, didn’t immediately respond to requests for comment. The Beijing Olympic Committee didn’t respond to a request for comment.

The Beijing 2022 handbook for athletes and officials…

Source…

Beijing presses Didi to delist from U.S. over data security fears – sources

/in


HONG KONG/SHANGHAI, Nov 26 (Reuters) – Chinese regulators have pressed top executives of ride hailing giant Didi Global Inc (DIDI.N) to devise a plan to delist from the New York Stock Exchange due to concerns about data security, two people with knowledge of the matter told Reuters.

China’s powerful Cyberspace Administration of China (CAC) has asked the management to take the company off the U.S. bourse due to worries about leakage of sensitive data, said one of the people.

It also wants the ride-hailing giant to promise it would solve the delisting issue within a certain period of time, said the person.

Register now for FREE unlimited access to reuters.com

The cyberspace regulator said, according to the person, the prerequisite for the relaunch of Didi’s ride-hailing and other apps in China is that the company has to agree to delist from New York.

Proposals under consideration include a straight-up privatisation or a second listing in Hong Kong followed by a delisting from the United States, said the person.

In July, the CAC ordered app stores to remove 25 mobile apps operated by Didi – just days after the company listed in New York. It also told Didi to stop registering new users, citing national security and the public interest.

Reuters reported earlier this month that Didi is preparing to relaunch its apps in the country by the end of the year in anticipation that Beijing’s cybersecurity investigation into the company would be wrapped up by then, citing sources directly involved in the relaunch. read more

Neither Didi nor the CAC responded to Reuters’ requests for comments.

The app logo of Chinese ride-hailing giant Didi is seen through a magnifying glass on a computer screen showing binary digits in this illustration picture taken July 7, 2021. REUTERS/Florence Lo/Illustration

The people declined to be identified as they were not authorised to speak to the media.

Bloomberg first reported regulators’ request for Didi to delist on Friday. Shares in Didi investors SoftBank Group Corp (9984.T) and Tencent Holdings (0700.HK) fell more than 5% and 3.1%, respectively following the report.

SoftBank Vision Fund owns 21.5% of Didi, followed by Uber Technologies Inc (UBER.N)

Source…