China is building a cyber army of hackers, report finds
China is building a cyber army of hackers, report finds
Hackathons are common, but Chinese hacking competitions are different. China has been dominating popular international cybersecurity competitions like Pwn2Own. However, more recently, the country has developed its own hacking contests, essentially withdrawing from international events
cross-posted from: https://scribe.disroot.org/post/2653687
Hackathons are common, but Chinese hacking competitions are different.
...
In 2017, Zhou Hongyi, the founder of Chinese cybersecurity giant Qihoo 360, publicly criticised the practice of sharing vulnerability discoveries internationally, arguing that such strategic assets should stay within China. His sentiments, supported by the Chinese government, gave birth to the national hacking competition called the Tianfu Cup. The contest is focused on discovering vulnerabilities in global tech products like Apple iOS, Google’s Android, and Microsoft systems.
How is Tianfu Cup different?
A 2018 rule mandates participants of the Tianfu Cup to hand over their findings to the government, instead of the tech companies.
Dakota Cary, a China-focused consultant at the US cybersecurity company SentinelOne, said, “In practice, this meant vulnerabilities were passed to the state for use in operations.”
This approach effectively turned hacking competitions into a government pipeline for acquiring zero-day vulnerabilities — software flaws unknown to vendors and extremely valuable for cyber-espionage.
...
In recent years, China’s hacking competitions have increasingly shifted focus toward breaching domestic products, including Chinese-made electric vehicles, phones, and security software.
...
Honestly, every rich country.
... criticised the practice of sharing vulnerability discoveries internationally, arguing that such strategic assets should stay within China.
A 2018 rule mandates participants of the Tianfu Cup to hand over their findings to the government, instead of the tech companies.
Which countries do have something similar to a 'Tianfu Cup?'
For some it's an ambition, but not a priority. Germany simply doesn't pay skilled people enough to serve as cyber soldier.
I mean, the NSA doesn't need to do the same because they're wiretapping the entire fucking country (see : room 641A, Edward Snowden...) so they already get every American hackaton's results
Not that I think wiretapping is a good thing (it's very bad, no matter who does it), but why is it that whenever one posts something critical of China here on Lemmy, there is some commentary arguing that the US is doing the same? I don't understand that. US wiretapping doesn't make this Chinese policy better.
[Edit to correct a typo.]
It doesn't. But it irks me that when the USA does the same shit, if not worse, and just as blatantly, no one cares. But when it's China it's instantly nefarious and dangerous, when in reality it's a world superpower doing exactly what the "good ones" are also doing in this case.
And I'm not pretending that China is less autocratic than our western democracies. But our state surveillance has nothing to envy to theirs.
What is defcon?
Yearly cyber security convention in USA
It's a con. A def one.
Building? It has been around for years
'China has almost doubled their aggression in cyber’, experts say
Today, Western governments have been more outspoken in linking China to cyber attacks and sanctioned organizations linked to malicious cyber activity. Despite this growing awareness of the threat posed by China-backed groups, ... people still don’t have a firm grasp on the extent to which China has infiltrated enterprise systems ...