Search This Blog

Showing posts with label China. Show all posts

Cyber-War Exercise held between US and Taiwan


In a cyber-war event that has been going for a week now, the Taiwanese executives are getting hit by phony emails and messages as a part of it. The event is said to be one of its kind. As a part of the cyber-war training between Taiwan and America, the local authority (of Taiwan) is co-directing the cyber drill with the American Institute in Taiwan (AIT), which also represents the US interests in Taiwan. "The foremost is attention is on threats professed by 'North Korea and other countries' that are responsible for the attack," says AIT in a statement.


On the contrary, Taiwan says that a vast number of cyber-attacks that it suffers come from China. "It is like fighting combat when we are dealing with attacks like these," said a Taiwanese official earlier this month. The cyber-war drills are to take place on Friday, which will try to break into the administration servers and websites by duping the workers in receiving misleading messages. "Taiwan considers China as the main offender for these cyberattacks threats on the island," said Veerle Nouwens, Royal United Services Institute for Defence and Security Studies, UK.

"Taiwanese administration's systems suffer around 30 million cyberattacks every month, and China is responsible for half of it," says the administrator general of Cyber Security Agency, Taiwan. He further adds, "But, no matter where the origin of the attacks happen, building a robust cyber-security system is the first priority for every government and private-sector corporations."

Risks involved- 
The cyber-war exercises were formally started by Raymond Greene, Director, AIT, at a Microsoft event. "It is a start of new opportunities between the two nations in the cybersecurity field," says Raymond regarding the tests. "The concern today is not any physical violence in any country but rather an invasion of cyber-security by corrupt criminals that is capable of stirring the society from the inside." "But in the end, these attacks are a concern for us all in numerous ways." This is a matter of serious concern as the cyberattacks are trying to influence the elections, economy, and infrastructure of the victim country.

China supported website attacks Hong Kong activists : leaking their personal details online!


HK Leaks, a notorious website is targeting Hong Kong pro-democracy supporters, leaking their personal details online and there seems to be no way of catching the site and stopping it.

The website is using a Russian based server and is also supported by China's ruling Communist Party. From Journalists to lawmakers, around 200 individuals, those supporting the protests in Hong Kong have been "doxxed"- had their personal details broadcasted online by the site.

Since June anti-government protests have rocked Hong Kong against proposals to allow extradition to mainland China and clashes between the activists and police have become increasingly violent, with police firing live bullets and protesters attacking officers and throwing petrol bombs. With this new development, of doing activists; the situation shows no sign of dying down.

Privacy Commissioner Stephen Wong said he had ordered HK Leaks to take down all posts but the site remains online. On the home page of the website, a picture of black-clad protester is shown and a banner in Chinese saying, "We want to know who these people are and why they are messing up Hong Kong!". Phone numbers, addresses and personal details of hundreds of people are posted with their "misdeeds". And it is illegal in Hong Kong to disclose certain personal details, including phone numbers, without consent.

HK Leaks has a very sophisticated operation, designed to evade prosecution. It is registered anonymously on a Russian server, DDOS-Guard and has changed domain three times since August.

"The IP address that is shown for the website is not that of the website itself but of the DDOS-Guard company," cybersecurity expert Brian Honan said. The site has a bulletproof anonymous hosting, and whoever is running the website is very good at what they do. It ran as hkleaks.org in early August then migrating to hkleaks.ru, which discontinued in late October and since then three more similar domains have been used by the site.

"This site seems to be really well set up to reveal as little as possible and it doesn't use lots of external services, like buttons, statistics trackers, various scripts that would leak information," said Maarten Schenk, co-founder of the fact-check site Lead Stories.

To extract any details from the domain registrar, a court order would be necessary and the site is heavily supported by the big guns of China with heavy traffic, which is 175,000 unique page views. Chinese Communist Youth League, a group linked to China's Communist Party, has promoted the site's content on its official Weibo accounts. The state-run broadcaster, CCTV and Global Times newspaper, also posted similar messages on their social media accounts.

Some victims also accused the Chinese authorities of involvement behind the leaks, said that the fake address they gave the police during an interrogation showed up on the website HK Leaks.

How China uses LinkedIn to recruit spies


One former senior foreign policy official in the Obama administration received messages from someone on LinkedIn offering to fly him to China and connect him with “well paid” opportunities.

A former Danish Foreign Ministry official got LinkedIn messages from someone appearing to be a woman at a Chinese headhunting firm wanting to meet in Beijing. Three middle-aged men showed up instead and said they could help the former official gain “great access to the Chinese system.”

A former Obama White House official and career diplomat was befriended on LinkedIn by a person who claimed to be a research fellow at the California Institute of Technology, with a profile page showing connections to White House aides and ambassadors. No such fellow exists.

Foreign agents are exploiting social media to try to recruit assets, with LinkedIn as a prime hunting ground, Western counterintelligence officials say. Intelligence agencies in the United States, Britain, Germany and France have issued warnings about foreign agents approaching thousands of users on the site. Chinese spies are the most active, officials say.

“We’ve seen China’s intelligence services doing this on a mass scale,” said William R. Evanina, director of the National Counterintelligence and Security Center, a government agency that tracks foreign spying and alerts companies to possible infiltration. “Instead of dispatching spies to the U.S. to recruit a single target, it’s more efficient to sit behind a computer in China and send out friend requests to thousands of targets using fake profiles.”

The use of social media by Chinese government operatives for what American officials and executives call nefarious purposes has drawn heightened scrutiny in recent weeks. Facebook, Twitter and YouTube said they deleted accounts that had spread disinformation about the Hong Kong pro-democracy protests. Twitter alone said it removed nearly 1,000 accounts.

It was the first time Facebook and Twitter had taken down accounts linked to disinformation from China. Many governments have employed similar playbooks to sow disinformation since Russia used the tactic to great effect in 2015 and 2016.

Indian Healthcare Website Hacked, stolen data for sale





US-based cyber-security firm FireEye discovered a hack into a leading Indian healthcare website, stealing more than 68 lakh data of both doctors and patients.

The FireEye did not name the website but said that the cybercriminals mostly from China are selling the stolen data in web portals around the world.

"In February, a bad actor that goes by the name "fallensky519" stole 6,800,000 records associated with an India-based healthcare website that contains patient information and personally identifiable information (PII), doctor information and PII and credentials," FireEye said in its report shared with IANS.

According to FireEye, in between October 1, 2018, and March 31, 2019, their intelligence team stumbled upon on multiple healthcare-associated databases which were for sale in $2,000.

"In particular, it is likely that an area of unique interest is cancer-related research, reflective of China's growing concern over increasing cancer and mortality rates, and the accompanying national health care costs," the cyber-security agency noted.

"Targetting medical research and data from studies may enable Chinese corporations to bring new drugs to market faster than Western competitors," the report claimed.

Chinese Banking Has A New Edge; Jack Ma Behind The Latest Developments!




Jack Ma is associated with one of the leading economies of the world.The risk management system employed by Jack Ma’s banking endeavors analyses over 3,000.

Per sources his company has lent around $290 billion to over 15 million small companies where the borrowing party could receive the cash almost immediately, with just a few taps.

The entire process requires no human forces and gets completed in around 3 minutes with a default rate of around 1%.

Earlier the small borrowers were rejected but thanks to MYbank and its associates the new form of payments is coming in real handy.

With the slow pace of China’s economy it gets imperative to keep a check on the risks and defaults.
Around two-third of the country’s small businesses couldn’t access loans, according to National Institution for Finance & Development.

But thanks to Jack Ma’s initiatives the lending and borrowing procedures of China are now seeing monumental growth.

Mybank’s lending app has created a real difference. By allowing the bank to access the store transaction data, some small loans have been covered.

China hacked TCS, 7 other major firms: Report

‘Operation Cloud Hopper’ — a global cyber espionage campaign — first made headlines when Chinese hackers reportedly broke past IBM and Hewlett Packard Enterprise. Now, it seems that they weren’t the only ones attacked.

Hackers working for China’s Ministry of State security broke into networks of eight of the world’s biggest technology service providers in an effort to steal commercial secrets from their clients, according to sources familiar with the attacks.

Technology service providers such as Hewlett Packard Enterprise (HPE), IBM, Fujitsu, Tata Consultancy Services (TCS), NTT Data, Dimension Data, Computer Sciences Corporation (CSC) and DXC Technology, HPE’s spun-off services arm, were the target of Cloud Hopper attributed to the Chinese government by the United States and its Western allies.

It isn’t just TCS that was hacked. The service provider was used as a jumping off point to gain access to their client’s networks.

Meanwhile, China is denying all involvement in the attacks and companies are claiming that no sensitive information was compromised, but the Reuters report shows otherwise.

A U.S. indictment in December outlined an elaborate operation to steal Western intellectual property in order to advance China’s economic interests but stopped short of naming victim companies.

Reuters has identified more than a dozen victims who were clients of the service providers. That list includes Swedish telecoms giant Ericsson, U.S. Navy shipbuilder Huntington Ingalls Industries and travel reservation system Sabre.

HPE said it worked “diligently for our customers to mitigate the attack and protect their information.” DXC said it had “robust security measures in place” to protect itself and clients, neither of which have “experienced a material impact” due to Cloud Hopper.

NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu and IBM declined to comment. IBM has previously said it has no evidence sensitive corporate data was compromised by the attacks.

Sabre said it had disclosed a cybersecurity incident in 2015 and an investigation concluded no traveler data was accessed. A Huntington Ingalls spokeswoman said the company is “confident that there was no breach of any HII data,” via HPE or DXC.

Chinese Hackers Attacked Eight Major Technology Service Providers




Eight largest technology service providers were attacked by the hackers of China’s Ministry of State Security; they attempted to access sensitive commercial information and secrets from their clients across the world.

In December, last year, a vicious operation was outlined in formal charges filed in the U.S.; it was designed to illegally access the Western intellectual property with motives of furthering China’s economic interests.

According to the findings made by Reuters, the list of the compromised technology service providers include Tata Consultancy Services, Dimension Data, Hewlett Packard Enterprise, Computer Sciences Corporation, HPE’s spun-off services arm, IBM, DXC Technology, Fujitsu and NTT Data.

Furthermore, various clients of the service providers such as Ericsson also fall prey to the attack.
However, IBM previously stated that it lacks evidence on any secret commercial information being compromised by any of these attacks.

Referencing from the statements given by HPE, they worked diligently for their “customers to mitigate this attack and protect their information.” Meanwhile, DXC told that it had, “robust security measures in place” in order to keep their clients secure.

Commenting on the matter and denying the accusations and any sort of involvement in the attacks, the Chinese government said, “The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets,”

“While there have been attacks on our enterprise network, we have found no evidence in any of our extensive investigations that Ericsson’s infrastructure has ever been used as part of a successful attack on one of our customers,” a spokesperson of Ericsson told as the company said, it doesn’t comment on specific cybersecurity matters.



Chinese Cyber-attack Hit Telegram Amidst Hong Kong Protests


Telegram a secure messaging app was as of late literally bombarded by a network of computers in China following the protests started by the Hong Kong government's plans to authorize another law.

On Tuesday night, as the protesters assembled close to the Legislative Building of Hong Kong, the authorities arrested the administrator of a Telegram talk group with approx. 20,000 individuals, despite the fact that he was absent at the protest site.

This law thusly enacted by the Hong Kong Government is said to enable individuals in the city to be 'extradited' to Mainland China, where the court framework is closed off from open scrutiny and firmly constrained by the Communist Party.

The uncommon estimates taken up by the Hong Kong authorities propose that the police have made their own way against the protesters, by constraining the digital communication.

Since the protesters were utilizing the present systems networking tools to summon their positions, share wellbeing tips and arrange reserves of nourishment and beverages, even as they find a way to shroud their characters. The experts reacted by tracking them where they plan their moves, recommending that they are taking cues to the manners in which China polices the internet.

Protesters and police offers like have yet brought along carried another 'technological savvy to the standoff.

Lokman Tsui, a professor at the School of Journalism and Mass Communication at the Chinese University of Hong Kong, shared his opinions with respect to the entire circumstance by saying that, We know the government is using all kinds of data and trails to charge people later on, this is why people are minimizing their footprints as much as possible, they are being much more conscious and savvy about it.”

The police used tear gas as protesters came closer to the Legislative Council building in Hong Kong on Wednesday. Protesters used the app Telegram to organize, but the police were watching.

Telegram said on its Twitter account that it had the option to settle its administrations not long after the attack started. It portrayed the overwhelming traffic as a DDoS attack, in which servers are invaded with solicitations from a planned system of PCs.

A significant number of these protesters seem, by all accounts, to be college-eyed and carefully adroit. They went to considerable lengths to keep from being captured or carefully followed. To go to and from the protesters, many remained in lines to purchase single-ride subway tickets as opposed to utilizing their digital payment cards, which can be followed. Some even standing up to the police, securing their faces with caps and covers, giving them anonymity just as some protection from the tear gas.

Beijing however is the one nation that has been accused in the past for attacks that silence political speech outside mainland China's borders.

“The bottom line is whether to trust Beijing,” said Dr. Tsui, the communications professor. “This is a government that routinely lies to its own citizens, that censors information, that doesn’t trust its own citizens. You can’t ask us to trust you if you don’t trust us.”

“These kids that are out there, all the young people, they’re smart,” he added. “They know not to trust Beijing.”

The event however presents no new challenge for Telegram, for as it has been utilized for boundless protests previously too — and has confronted numerous administration as well as government crackdowns. Some of the leading examples of nations who prohibited or obstructed its utilization include Russia, Moscow and Iran.

New China-Based Campaign Targets Windows MS-SQL and Phpmyadmin Servers Worldwide


A china based attack campaign has primarily targeted on servers having a place with the healthcare, telecommunications, media, and IT segments. The campaign named as Nansh0u is known to target Windows MS-SQL and PHPMyAdmin servers around the world.

Despite the fact that the campaign was detected towards the start of April, however the attacks were observed to go back to February 26. All through the campaign the threat actors used 20 unique payloads, and continued making at least one payload a week and utilized them right away.


More than 50,000 servers were reported to be breached in this campaign, when the targeted servers compromised they were infected with a rather pernicious payload, which thusly drops a crypto-miner that mines TurtleCoin and sophisticated kernel-mode rootkit.

The hackers behind this campaign utilize propelled systems pursued by APTS groups, like the 'fake certificates and privilege escalation exploits' so to state the Nansh0u campaign isn't only a crypto-miner attack.

The attack begins with a serious of login endeavors targeting MS-SQL servers in order to gain administrator privileges. Attacker’s infrastructure consolidates the following modules to dispatch an attack on MS-SQL servers.
  • Port scanner
  • MS-SQL brute-force tool
  • Remote Code Executor


And by analysing the 20 payload samples from the attacker’s servers and Guardicore Global Sensor Network, each payload is a wrapper and has several functionalities.

The reasons being why the researchers are quite confident in accessing that Chinese attackers have operated this campaign are:
  •  The attacker choosing to write their tools with EPL, a Chinese-based programming language.
  • Some of the file servers deployed for this campaign are HFSs in Chinese.
  • Many log files and binaries on the servers included Chinese strings, such as (“duplicates removed”) in logs containing breached machines, or (“start”) in the name of the script initiating port scans.

US Government Issues Alert Warning against China Made Drones




As the Chinese-made drones pose a "cyber-espionage” threat to the American organizations and different businesses that utilize them the US government issued an alert cautioning against them.

The said warning does not allude to a particular organization or company but rather the notice included that those utilizing the flying aircraft for assignments identified with national security or critical infrastructure were at high risk.

Market-leader DJI, which represents over 70% of the US market in drones costing more than $500 said that it had found a way to keep its customers' information secure and gave a statement for the same, 

“We give customers full and complete control over how their data is collected, stored, and transmitted, for government and critical infrastructure customers that require additional assurances, we provide drones that do not transfer data to DJI or via the internet, and our customers can enable all the precautions DHS [Department of Homeland Security] recommends."

Chris Huhn, the Vice-President of business development of Yuneec - the second bestselling Chinese manufacturer - has additionally said that it gives users full control of their information.
"All our UAV [unmanned aerial vehicles] do not share telemetry or visual data with internal or external parties,"

As per CNN, which was the first to report the development, the notice was issued on Monday by the US's Cybersecurity and Infrastructure Security Agency. This cited the notice as saying,

"The United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access,"

"China imposes unusually stringent obligations on its citizens to support national intelligence activities."


Airbnb Superhost Caught Filming Guests using spy-camera





An Airbnb’s ‘super-host’ has been caught filming his guests with a hidden camera in the bedroom's internet router in east China. 

According to the reports of the South Morning China Post, a woman who goes by the online name Yunfei paid $250 to spend her three nights in a flat Shandong province. As she works in information security, when she entered the flat found motion sensor at the entrance and she came to know that there is something suspicious. 

She started investigating, after checking the TV and smoke detectors for hidden cameras, router caught her attention, and it looked unusual to her. She compared the router to a photo of the same product online and it was clear some modifications had been carried out. Unscrewing the case revealed a hidden camera mounted and facing the bed, while a memory card was hooked up for recording the footage. 

'As soon as I started removing the screws, I knew something was wrong - the screws were very lose,' she told reporters.

She immediately informed the police about the incidence. 

Police quickly tracked down the flat owner, who had been filming his guests since March this year, the report said.

The unnamed host was fined 500 yuan (£56) and sentenced to a 20-day detention for invasion of privacy. 

Airbnb has apologised for the incident and removed the  host's flat immediately  from its home-sharing platform.

Electricity Wastage Leading to a Ban on Cryptocurrency Mining in China



In the wake of cryptocurrency mining being listed as one of the hazardous and wasteful activities by China’s central state planner, the National Development and Reform Commission, Chinese government has decided to ban cryptocurrency mining in the country. China, after remaining the hub of bitcoin mining has now plans drafted to terminate the activity.

The list generated by China’s central state planner included more than 450 activities  which failed to abide by the regulations  and are categorized unsafe for either they lead to a wastage of resources or pollutes the environment.  

Drawing inferences from an anonymous Chinese bitcoin trader, Reuters noted, “Bitcoin mining wastes a lot of electricity,”

Bitcoin, one of the most popular cryptocurrency hit a record high by the end of 2017 and touched $5,000 for the first time ever since November.  This week, it was down by 1.4 percent along with Ripple’s XRP and Ethereum, which fell down by the same margin.

Lately, cryptocurrency has been under inspection in China and eventually, it led to the banning of initial coin offerings and shutting down of local trading exchanges. With electricity being a crucial factor determining the ban, countries with inexpensive electricity have now emerged as the key hosts of cryptocurrency mining.



During ransomware attack, student's GCSE coursework seized

Sir John Colfox Academy, in Bridport, was the target of hackers, believed to be from China, after a member of staff mistakenly opened an email that contained virus and infected the school’s entire computer network. The email claimed to be from a teacher at another Dorset school.

Hackers seized pupil’s GCSE courework of the secondary school and demanded cash or returning it.

The Sir John Colfox Academy has about 1,000 pupils. The coursework was from one subject submitted by Year 11 students, which was saved on the school' system.

Head teacher David Herbert said: "We are liaising with the relevant exam boards about this specific issue."

Police have launched an investigation into the cyber attack.

Neither police nor the school have said how much money was demanded for the return of the coursework, but police say no money has been paid.

Unprotected Database reveals 'BreedReady' Status for 1.8 Million Women




An unprotected database revealed personal information of more than 1.8 million women in China. The data set includes a ""BreedReady" status of the, apart from the regular information like name, age, and date of birth.

The database includes phone numbers, ID numbers,  addresses,   marital status, URLs to photos, GPS coordinates, information about the political affiliation and education related details, and a 'HasVideo' field.

A well-known security researcher Victor Gevers, working with the non-profit GDI Foundation, was the one who got a hold on the unprotected the data trove while he was searching for open databases in China, and he found tens of thousands of them.

He tweeted the screenshot of the database saying, "In China, they have a shortage of women. So an organization started to build a database to start registering over 1,8 million women with all kinds of details like phone numbers, addresses, education,  location, ID number, marital status, and a ”BreedReady" status?"

The researcher stated that in the database the youngest woman with the status 'BreedReady:1' is 18 years old and the oldest is 39. The BreedReady field meant to specify whether the person has children or not.

Most of the women in the database are single (89%) and are based in Beijing. The youngest girl is 15 years old.

Gevers found a total of 18 unprotected databases all are from China, and it has data from six social platforms that are operational in the country. The personal data includes names, ID numbers,  photos, GPS locations, network info, public and private conversations, and file exchanges.



China Launches An App Which Works Like A Debtor Radar!






















Giving apps an absolutely new dimension, China recently launched an app which works like a radar for people who are in debt.


Reportedly this application was developed on the instructions of the Chinese police. The app was created in the Chinese province of Hebei.



The application tends to display the locations of people in debt, whenever the person using the app is within 500 yards of them.



The major inspiration behind the application is the need to report the citizens who spend more than they should.



The application which goes by the name of “Map of Deadbeat Debtors” could be accessed via ‘WeChat’. (A social media app)



It's being claimed that the users are instantly alerted via a flash when they stand within 500 meters of a debtor.



The exact location of the debtor is displayed, if there's any appearance of personal information hasn't been confirmed yet.


It's an initiative which works towards citizens keeping a lookout for potential debtors, regardless of the seriousness of the debt.


  
Apparently, owing a debt is considered inappropriate in the culturally rich country of China.



The new reforms in the social credit system of the country are to be held responsible for the idea of the application.




The latest system is just the thing which the country needs and will judge the citizens on the basis of their social behavior.

Hewlett Packard Enterprise and IBM Networks Breached by China; Clients Targeted




In order to gain access to the clients' computer, hackers of the China's Ministry of State Security breached the networks of Hewlett Packard Enterprise and IBM.

Being a part of the Chinese campaign Cloudhopper, the attacks tainted technology service providers in order to steal secrets from their clients. While the International Business Machines Corp said it had no proof regarding the sensitive corporate data being co promised, Hewlett Packard Enterprises (HPE) simply chose not to comment on the campaign.

Albeit multiple warnings were issued by numerous administration organizations in addition to many cybersecurity firms about the Cloudhopper danger since 2017, the identity of  the technology companies whose networks were imperilled has still not being revealed yet.

As indicated by a U.S. federal indictment of two Chinese nationals unsealed on the 20th of December, Cloudhopper was for the most part centered on targeting the MSPs in order to easily access the client networks and stealing corporate secrets from organizations around the world.

While both IBM and HPE refused to comment on the explicit claims made by the sources, however they did give a statement each,

"IBM has been aware of the reported attacks and already has taken extensive counter-measures worldwide as part of our continuous efforts to protect the company and our clients against constantly evolving threats. We take responsible stewardship of client data very seriously, and have no evidence that sensitive IBM or client data has been compromised by this threat."

HPE said,"The security of HPE customer data is our top priority. We are unable to comment on the specific details described in the indictment, but HPE's managed services provider business moved to DXC Technology in connection with HPE's divestiture of its Enterprise Services business in 2017." 

Reuters was neither able affirm the names of other breached technology firms nor recognize any affected users.

Cloudhopper, which has been focusing on technology services providers for quite a long while, is known to have been penetrated the systems of HPE and IBM on numerous occasions in breaches that have gone on for a considerable length of time.

While IBM examined an attack as of late as this mid-year, HPE was not far behind as it directed a huge breach investigation in mid-2017.

OnePlus denies accusation of sending Clipboard data to China

OnePlus had been accused of sending Clipboard data taken from OnePlus phones in the latest OxygenOS Beta version to China and has now denied the accusations, saying that the file is inactive and created for Chinese phones only.

The information was first revealed by Elliot Alderson on Twitter, where he explained how the application works.

He posted that a strange file called badword.txt existed in the clipboard application, along with 6 others, for the OxygenOS Beta update which could identify what kind of data the user copied to their clipboard and send sensitive data such as bank information and passwords to a Chinese server, allegedly pointing to a Chinese company called Teddy Mobile.

OnePlus has since denied this accusation and released a statement saying that "there’s been a false claim that the Clipboard app has been sending user data to a server. The code is entirely inactive in the open beta for OxygenOS, our global operating system. No user data is being sent to any server without consent in OxygenOS."

They added that the identified folder exists in the open beta for HydrogenOS, their operating system for China exclusively, in order to filter out what data to not upload and that local data in this folder is skipped over and not sent to any server.