The result was a public punishment of Alibaba and implicit warning for anyone else thinking of making a similar move.Ĭhina’s stricter policies have an impact well outside the country itself. We’ve seen one exception to this rule: an employee of the Chinese cloud computing giant Alibaba reported the famous Log4j vulnerability to developers at Apache instead of first delivering it to Chinese government authorities. “They get to choose what they’ll do with this, really increasing the visibility they have into the research being conducted and their ability to find utility in all of it.” “All of the vulnerability research goes through an equities process where the Chinese government gets right of first refusal,” says Adam Meyers, senior vice president of intelligence at the cybersecurity company CrowdStrike. This mandate was expanded with regulation requiring all software security vulnerabilities to be reported to the government first, giving Chinese officials unparalleled early knowledge that can be used for defensive or offensive hacking operations. No one other country exerts such tight control over such a vast and talented class of security researchers. And they must submit everything to government authorities beforehand-including any knowledge of software vulnerabilities they might be planning to exploit. Now, however, if Chinese researchers want to go to international competitions, they require approval, which is rarely granted. Prizes worth hundreds of thousands of dollars incentivize people to identify security flaws so that they can be fixed. A hacking contest pits some of the world’s best security researchers against one another in a race to find and exploit powerful vulnerabilities in the world’s most popular tech, like iPhones, Teslas, or even the kind of human-machine interfaces that help run modern factories. “The Chinese have a unique system reflecting the party-state’s authoritarian model,” says Dakota Cary, an analyst at Georgetown’s Center for Security and Emerging Technology.Ĭhinese cyber researchers are effectively banned from attending international hacking events and competitions, tournaments they once dominated.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |