Tag Archive for: China’s

US government to investigate China’s Microsoft email breach • The Register

/in


Infosec in brief The July breach of Microsoft Exchange Online by suspected Chinese hackers is the next topic up for review by the Department of Homeland Security’s Cyber Safety Review Board (CSRB). 

DHS secretary Alejandro Mayorkas announced the review last Friday, saying it would assess the Microsoft intrusion, as well as conducting a broader review of identity and authentication infrastructure used by cloud providers. 

“Organizations of all kinds are increasingly reliant on cloud computing to deliver services to the American people, which makes it imperative that we understand the vulnerabilities of that technology,”  Majorkas said. 

This will be the third investigation by the recently formed CSRB. It first reviewed Log4j vulnerabilities discovered in 2021, concluding the exploit would likely be a problem for at least a decade. Its second report, which was released earlier this week, focused on the threats from hacking group Lapsus$. In that report, the CSRB said the international cyber crime group used “simple techniques” to evade security tools, and offered ten recommendations for hardening environments against such attackers. 

The decision to investigate the July Outlook intrusion, and cloud security more broadly, was welcomed by senator Ron Wyden (D-OR), who last week blamed Microsoft for its failure to protect cloud accounts belonging to US government officials and called for the CSRB to investigate the incident. 

“I applaud president Biden and CISA director Easterly for acting on my request for the board to review this recent espionage campaign, including cyber security negligence by Microsoft that enabled it,” Wyden said. “The government will only be able to protect federal systems against cyber attacks by getting to the bottom of what went wrong. Ignoring problems is both a waste of taxpayer dollars and a massive gift to America’s adversaries.”

CISA director Jen Easterly said the CSRB’s findings would help advance cyber security across the cloud – both government and enterprise. 

It’s worth noting that the CSRB has no regulatory or enforcement powers. Rather, “its purpose is to identify relevant lessons learned to inform future improvements,”…

Source…

Xi Jinping’s vision of China’s national security

/in


The security issue in China occupied a central position in the foreign policies of the ruling Communist Party, so “security” has become one of the objectives of China’s internal and external policy. It is achieved by following preventive and remedial measures, and China aims behind it to change the surrounding environment internally, regionally and externally.  Chinese President Xi Jinping is interested in the concept of “comprehensive national security”, through Beijing’s imposition of a wide range of legislation to protect itself from expected threats, through the laws of (anti-terrorism, counter-espionage, cybersecurity, monitoring foreign non-governmental organizations, and modernizing the national intelligence system and data security).  For this reason, China and its ruling Communist Party decided to establish a State Security Commission and improve the system and strategies to ensure China’s national security, according to a statement issued after the conclusion of the (Third Plenary Session of the 18th Central Committee of the Communist Party) directly.  There is sensitivity in China towards everything related to national security risks for the Chinese, with a call on all Chinese people to stand with their country in the face of any external interference, so China regularly calls on all its citizens, whether through the media or through posters on buildings, to be careful in facing real or perceived harm risks to China’s national security. Here, China’s state television “CCTV”, in April 2022, Chinese authorities have published graphics asking citizens in China to beware of “potential spies”, especially people who “claim a desire to start a romantic relationship, for example”.

  In order to protect China’s national security, Chinese leader Xi Jinping called on the country’s top national security officials to think about worst-case scenarios and modernize security systems. President Xi stressed, during a meeting he held with the National Security Committee of the ruling Communist Party at the end of May 2023, that “the complexity and difficulty of national security issues that the country is now facing, therefore, efforts must be…

Source…

Senators Want Details on China’s Latest Hack of Microsoft email

/in


Senators want answers from the State Department’s IT chief about how hackers, said to be from China, broke into diplomats’ Microsoft email accounts earlier this year, as officials were planning high stakes visits to Beijing for Secretary of State Anthony Blinken and other cabinet officials.

In a letter sent Wednesday to State Department Chief Information Officer Kelly Fletcher, and exclusively obtained by Newsweek, 14 senators of both parties are asking for details of the extent of the breach, and the timeline on which it was fixed.

Microsoft revealed on July 11 that hackers had “acquired” a master cryptographic key, which allowed them to impersonate almost any user of the company’s cloud-based Outlook email and calendar services, meaning they could log on as that person and copy all their email traffic and calendar appointments.

The letter, originally drafted by Sen. Eric Schmitt, R-Mo., was signed by GOP colleagues including Tim Scott of Florida and Bill Hagerty of Tennessee; and by the Democratic Chairman of the Senate Foreign Relations Commitee Ben Cardin of Maryland and several of his colleagues including Tim Kaine of Virginia. It asks for a “closed, unclassified briefing” for members and staff by September 6.

The intrusion, which started mid-May and was discovered a month later, would have allowed Beijing to see into diplomats’ planning for a succession of high stakes visits to China in June and July by U.S. cabinet members, including Blinken, Commerce Secretary Gina Raimondi and Treasury Secretary Janet Yellen, according to former officials.

The hack has led to questions about Microsoft’s relationship with China and whether that creates risks for the U.S. government, which relies heavily on the Redmond, Wash.-based tech giant’s services and products.

Bill Gates and Xi Jinping
A China Central Television news broadcast shows Microsoft co-founder Bill Gates, left, meeting with Chinese President Xi Jinping, on a giant screen outside a shopping mall in Beijing in June. Xi called Gates “a dear old friend of ours,” highlighting the close relations Microsoft has maintained with China.
AFP via Getty/Greg Baker/AFP/Getty

The senators’ letter also asks Fletcher to explain how she plans to “ensure a more robust,…

Source…

Cooperation or competition? China’s security industry sees the US, not AI, as the bigger threat

/in


BEIJING — After years of breakneck growth, China’s security and surveillance industry is now focused on shoring up its vulnerabilities to the United States and other outside actors, worried about risks posed by hackers, advances in artificial intelligence and pressure from rival governments.

The renewed emphasis on self-reliance, combating fraud and hardening systems against hacking was on display at the recent Security China exhibition in Beijing, illustrating just how difficult it will be to get Beijing and Washington to cooperate even as researchers warn that humankind faces common risks from AI. The show took place just days after China’s ruling Communist Party warned officials of the risks posed by artificial intelligence.

Looming over the four-day meet: China’s biggest geopolitical rival, the United States. American-developed AI chatbot ChatGPT was a frequent topic of conversation, as were U.S. efforts to choke off China’s access to cutting-edge technology.

“This new technology contains a great potential danger,” said Fan Weicheng, Director of Tsinghua University’s Center for Public Safety Research. He clicked through a presentation featuring an AI-generated figure of Barack Obama speaking, illustrating the risks of deceptive images and video that can now be digitally created.

“The United States has a 21st century national security strategy. Russia has a national security strategy. Germany has a strategy. So does Japan,” Fan said. “We in China are also working on this.”

Chinese academics, Fan says, are working on an “early warning system” to identify and manage potentially disruptive technology, creating indexes and formulas to measure the impact emerging technology could have on China’s national security.

In the past decade, China’s AI technology has made rapid advances, fueled in part through cooperation with American research institutes and tech firms. As in the U.S., Chinese leaders are worried about advances in artificial intelligence.

A vendor sits near a board depicting surveillance cameras during...

A vendor sits near a board depicting surveillance cameras during Security China 2023 in Beijing, on June 9, 2023. After years of breakneck growth, China’s security and surveillance industry is now focused on shoring…

Source…