Posts Tagged ‘cybersecurity’

Apple’s mounting problems in China: Apple Customer Data in China Was Sold Illegally, Police Say

June 10, 2017

To Apple’s mounting problems in China, add official scrutiny over privacy.

The Chinese police said this week that they had arrested 22 people suspected of selling the personal data of an unspecified number of Apple customers. The police, in Cangnan County in the eastern province of Zhejiang, said the thieves had reaped 50 million renminbi, or about $7.3 million, over an unspecified period.

Many of the details were unclear, including the identities of those involved and the severity of the breach.

In a statement on Wednesday, the Cangnan police said they found that Apple employees had illegally acquired personal data, then later in the same statement said 20 of the 22 people worked for companies that sell Apple products or are Apple contractors. The police did not disclose information about the other two people. In China, Apple’s products are sold broadly, in electronics chain stores and small booths in shopping malls in addition to the company’s official Apple Stores.

The Cangnan police also said the data included the names, Apple identification numbers and phone numbers of Apple users. They did not say whether passwords or financial information like credit card numbers were involved, which would suggest the thieves had access to internal Apple data and would make the breach more serious.

The arrests are part of a set of broader difficulties in China for Apple, which is based in Cupertino, Calif. Sales of iPhones, still a sign of middle-class aspiration in China, have slowed, according to analysts, as the public waits for new models and as Chinese manufacturers of cheaper phones step up their quality and marketing.

Apple has also faced new scrutiny from the government on other fronts. Last year its movie and book services were shut down in China.

Still, Apple may simply be caught up in a wider rising of concern over privacy in China.

Few people in China expect the country’s authoritarian central government to stay out of their business. But outside of that, a growing number of Chinese people fear cybercrime and identity theft, particularly as millions of them turn to online shopping and using money electronically.

Between widespread malware campaigns and a large number of new internet users, China has become a playground for internet fraudsters. Last year, China tried 361 criminal cases involving violation of personal data, up from 176 in 2015, said Xie Yongjiang, associate director for the Institute of Internet Governance and Law at the Beijing University of Posts and Telecommunications.

“It is very common. Every one of us can feel it,” Mr. Xie said. “For example, after your child is born at a hospital, someone will phone you and ask if you need baby products. When your child turns 3, someone will phone you and ask if your child would go to their nursery school. When your child reaches primary school age, someone will phone you to ask if you need training services.”

“You have no idea who exposed your personal data,” he added.

The problem is not new. In one incident reported in the Chinese news media just this week, an employee of a Shanghai delivery company was recently arrested on suspicion of selling clients’ personal data.

Other examples abound. An apparent trove of login information leaked onto the Chinese internet was used to hack more than 20 million accounts on Alibaba’s e-commerce site Taobao, according to news reports. Alibaba said that its security systems had not been breached and that it had worked with the police to quickly catch the perpetrators.

In another example, China News Service, a state-run news agency, reported late last year that login information and other personal data from accounts associated with the Chinese e-commerce site were exposed in 2013 as part of a security problem. said it had quickly fixed the issue.

The problem is not even new to Apple. Last year, 10 employees of an Apple contractor in China were also found with data from more than 80,000 users.


Chinese Apple staff suspected of selling private data

June 8, 2017


© AFP | Chinese authorities say they have uncovered a massive underground operation run by Apple employees selling computer and phone users’ personal data.


Chinese authorities say they have uncovered a massive underground operation run by Apple employees selling computer and phone users’ personal data.

Twenty-two people have been detained on suspicion of infringing individuals’ privacy and illegally obtaining their digital personal information, according to a statement Wednesday from local police in southern Zhejiang province.

Of the 22 suspects, 20 were Apple employees who allegedly used the company’s internal computer system to gather users’ names, phone numbers, Apple IDs, and other data, which they sold as part of a scam worth more than 50 million yuan ($7.36 million).

The statement did not specify whether the data belonged to Chinese or foreign Apple customers.

Following months of investigation, the statement said, police across more than four provinces — Guangdong, Jiangsu, Zhejiang, and Fujian — apprehended the suspects over the weekend, seizing their “criminal tools” and dismantling their online network.

The suspects, who worked in direct marketing and outsourcing for Apple in China, allegedly charged between 10 yuan ($1.50) and 180 yuan ($26.50) for pieces of the illegally extracted data.

The sale of personal information is common in China, which implemented on June 1 a controversial new cybersecurity law aimed at protecting the country’s networks and private user information.

In December, an investigation by the Southern Metropolis Daily newspaper exposed a black market for private data gathered from police and government databases.

Reporters successfully obtained a trove of material on one colleague — including flight history, hotel checkouts and property holdings — in exchange for a payment of 700 yuan ($100).


China’s New Cybersecurity Law Tested by iPhone Information Theft

June 7, 2017

Foreign technology companies said they were uncertain how the new law would affect their operations

Image result for apple store in China, photos

The Wall Street Journal
June 7, 2017 9:38 a.m. ET

BEIJING—A week after China’s first cybersecurity law took effect, an investigation over the alleged theft and sale of iPhone users’ information looked set to test how well Apple Inc. and other foreign companies protect Chinese citizens’ personal data.

Police in eastern China said they had detained 22 people, including 20 from Apple “direct sales outlets” in China and companies Apple outsources services to. Police said those detained had used Apple’s internal system to illegally obtain information associated with iPhone products like phone numbers, names and Apple IDs, and then sold the information.

A statement by police in Cangnan county in Zhejiang province gave no further information on the Apple outlets involved, or details on the two other people detained. Calls to the police’s news department went unanswered.

The statement said the 22, who were detained May 3, charged from 10 yuan ($1.50) to 180 yuan for each piece of information and that the total amount of money involved was over 50 million yuan.

An Apple spokeswoman in China didn’t respond to a request for comment.

China has long struggled to rein in a robust black market in personal information, prompting one political activist last year to purchase and publish in a form of protest the private data of several Chinese tech CEOs, including Alibaba Group Holding Ltd. co-founder Jack Ma. The activist showed evidence of one vendor offering to sell personal information ostensibly belonging to Chinese President Xi Jinping for 1,000 yuan.

A core aim of the cybersecurity law is to better protect individuals’ private data, authorities have said.

iPhone users’ information is highly prized on the black market because of the belief they are more affluent. Obtaining data such as a user’s Apple ID could help hackers lock iPhones remotely and then demand payment from the user to unlock it. The potential for abuse widens further if hackers gain access to a user’s cloud storage.

Ahead of the June 1 implementation of the cybersecurity law, foreign technology companies expressed concern, saying they were uncertain how it would affect their operations. Specific measures to comply with the law’s mandates on protection of personal information are still being worked out, according to the regulator, China’s Cyberspace Administration.

Under earlier laws, companies have largely escaped punishment when employees used their access to internal computer systems to steal users’ personal data, according to Liu Chunquan, an intellectual property lawyer with Shanghai-based Duan & Duan Law Firm.

That has changed under the cybersecurity law, Mr. Liu said, with companies now potentially facing fines and other punishment by regulators unless they can prove their systems weren’t to blame for leaks.

“Now with this law, Apple as a company faces much greater legal risk than it would have before,” he said.

A company could face fines of as much as 10 times the illegal revenue from a theft if it is found to have had inadequate protections against a leak, according to the law. In serious situations, regulators can temporarily close or revoke the business licenses of companies found in violation of the new law.

Based on information police have released so far, government authorities could now have grounds to look into potential holes in Apple’s internal data management in China, said You Yunting, a partner with Shanghai-based DeBund Law Offices.

Cangnan police posted a series of photos of officers detaining and interrogating the detainees on the popular WeChat messaging app. In one image, several people are shown standing in front of a police station in handcuffs. They are accompanied by what appears to be plainclothes police, including one holding a bouquet of flowers.

Yang Jie and Josh Chin contributed to this article

(END) Dow Jones Newswires

June 07, 2017 09:53 ET (13:53 GMT)

China gives businesses 19 months to comply with controversial cross-border cyber data rules

June 1, 2017

Beijing gives grace period for foreign businesses to satisfy a controversial new law demanding critical information be stored on the mainland

By Liu Zhen and Wendy Wu
South China Morning Post

Thursday, June 1, 2017, 9:05am

China will delay enforcement for 19 months of part of its controversial cybersecurity law, after vigorous complaints from foreign businesses.

The Cybersecurity Law takes effect from Thursday but the Cybersecurity Administration, the government body responsible for overseeing it, said a grace period would be given for businesses to comply with cross-border data transfer regulations. That period starts ­on June 1 and continues until the end of next year.

The law was passed in November to “defend cyberspace sovereignty, national security and public interests”, according to the central government. But foreign companies and governments complained the law set unfair barriers, ran counter to World Trade Organisation rules, and lacked compliance details.

Michael Chang, vice-president of the European Union Chamber of Commerce in China, said some key areas of the law would have a huge impact on the way business was done on the mainland. “There are [still] uncertainties and unclarified terms,” Chang said.

One of the biggest concerns is the requirement that all critical data and the data from “critical ­information infrastructure” be saved on the mainland. Such ­information also has to be examined and assessed before being transferred out of the country.

A draft of the supporting regulations was released for public comment in April, while another draft measure on the definition of “critical information infrastructure” was released on Saturday. It is also not clear how such infrastructure will be protected.

The Cyberspace Administration met international stakeholders on May 19 and discussed the cross-border data movement ­regulations, offering the grace ­period, according to a document obtained by the South China Morning Post.

Chen Jihong, a partner at the Beijing-based Zhonglun Law Firm, said the decision to have a grace period might have been prompted by the absence of supporting regulations; the need for internal communication within relevant ministries and government departments; and the companies’ demands for more time to make the necessary changes.

Chen said the supporting regulations, including the cross- border data transfer rules, would probably be finalised later this year because Beijing was determined to enforce the law.

The Cyberspace Administration said the cross-border data flow measures were not meant to disrupt email, e-commerce or other commercial activity.

It also said the requirement that operators must stop transmitting “illegal information” would not jeopardise privacy or freedom of speech.

A partner at one international law firm said: “A number of ­people have questioned whether it is the right way to proceed, but as of now the requirement to store data in China still applies.

“The authorities indicate they haven’t sort through all of the ­implementations of the requirements, all of the difficulties that they present.

“Hopefully there will be some rethink of the regulation.”


Putin: Anti-Russia spin pushed by those who lost US election & can’t face reality — “Putin’s Finest Hour”

May 31, 2017

31 May, 2017 09:36
RT (Russia Today)
Anti-Russia spin pushed by those who lost US election & can’t face reality – Putin to Le Figaro
Image may contain: 1 person, suit
President Vladimir Putin © Sergey Guneev / Sputnik
A powerful bureaucracy is preventing US presidents from making changes, Vladimir Putin told Le Figaro, saying he’s not surprised Donald Trump hasn’t restored relations with Moscow amid a power struggle – just as Obama failed to shut down Guantanamo.
Despite early signals from the Trump administration that it would not mind improving relations with Russia, which seemed to hit rock bottom during the last months of the Obama presidency, Moscow “had no special expectations” with regards to the new US President Trump, the Russian leader said in an interview to be published in full Wednesday.
No automatic alt text available.
While US presidents “come and go,” its political landscape is hardly prone to changes, Putin said, noting that the incumbent US leader “is steering a traditional US policy.”
This political invariability can be ascribed to the sprawling US bureaucratic machine, which imposes rigid constraints on every neophyte leader as soon as he rises to power, Putin argued.“When a person is elected, they may have some ideas. Then people with briefcases arrive, well dressed, wearing dark suits… These people start explaining how things are done. And instantly, everything changes,” Putin elaborated, noting that no administration is able to escape this trap, which significantly narrows its room for maneuver.

Putin argued that former US President Obama also fell victim to the system as he was not able to deliver on his pre-election promise to close the infamous Guantanamo Bay prison. Describing Obama as a “forward-thinking man,” Putin said that he has no doubt that Obama genuinely wanted to follow through his pledge, but failed even though the controversial Cuban prison was known primarily for torture and a practice of unlawful detentions.

“Can you imagine France or Russia acting this way? This would have been a disaster. But it is possible in the United States and continues to this day,” Putin said, referring to widespread and well-documented human rights abuses in the prison.

The Russian president said Moscow still hopes for a political normalization with Washington, but is in “no hurry” and “ready to wait” until the anti-Russian hysteria, fueled by the defeated party which seeks to shift the blame for its own loss on Russia, subsides.

“That said, I am cautiously optimistic, and I think that we can and should be able to reach agreements on key issues,” he said.

Criticizing the increase in NATO military spending and its build-up on Russia’s doorstep, Putin nevertheless noted that Trump showed a “pragmatic and understandable approach” when he demanded from other NATO member states to share the financial burden of common defense with the US.

Dismissing allegations of Russian meddling in the US and French presidential elections, Putin argued that claims that Moscow was behind the hacks of the Democratic National Committee emails have not been supported by evidence. He added that it does not take much effort to cover up the source of the attack for the purpose of making Moscow a scapegoat.

“As President Trump once said, and I think that he was totally right when he said it could have been someone sitting on their bed or somebody intentionally inserted a flash drive with the name of a Russian national, or something like that,” Putin said.

U.S. President Donald Trump and German Chancellor Angela Merkel pose during a family phto at the Greek Theatre during a G7 summit in Taormina, Sicily, Italy, May 26, 2017. REUTERS/Jonathan Ernst

The Russian leader believes that essence of the problem lies not in the Moscow’s perceived interference in the electoral process, but in the unwillingness of those who were stunned by the defeat in the November elections to take responsibility for their poor performance.

“They are absolutely reluctant to admit this, and prefer deluding themselves and others into thinking it was not their fault, that their policy was correct, they did all the right things, but someone from the outside thwarted them. But it was not so. They just lost and they have to admit it,” Putin said.

Apparently, Trump turned out to be “closer to the people and better understood what ordinary voters want,” Putin said, suggesting that the Democrats need to put up with the fact and adding that when those drop this mindset “it will be easier for us to work [with the US].”

While there is no timeline for when such a turnaround will happen, Putin believes that this phase in US-Russia relations, during which Russia is being dragged into US internal policy, is temporary.

“The fact that this is being done using anti-Russia tools is not good, as it brings discord into international affairs,” Putin said. “But it will pass, everything passes, and this will pass as well.”


Image result for kislyak

Russian Ambassador Sergey Kislyak


China to launch cybersecurity law despite concerns — New law “preserves social order and prevents overthrowing the socialist system”

May 30, 2017


© AFP / by Ben Dooley | Companies are pleading with the Chinese government to delay the implementation of new cybersecurity legislation amid concerns about unclear provisions and how the law would affect personal information and cloud computing


China will implement a controversial cybersecurity law Thursday despite concerns from foreign firms worried about its impact on their ability to do business in the world’s second largest economy.

Passed last November, the law is largely aimed at protecting China’s networks and private user information at a time when the recent WannaCry ransomware attack showed any country can be vulnerable to cyber threats.

But companies have pleaded with the government to delay the legislation’s implementation amid concerns about unclear provisions and how the law would affect personal information and cloud computing.

The government appears to still be scrambling to finalise the rules.

Just two weeks ago, Zhao Zeliang, director of the cybersecurity bureau, gathered some 200 representatives from foreign and domestic companies and industry associations at the new headquarters of the Cybersecurity Administration of China (CAC) in Beijing.

The May 19 discussion centred on a draft of the rules for transferring personal data overseas, participants told AFP.

Attendees received an updated version of the document, as well as Zhao’s assurance that regulators would remove some of the language that had received strong objections, they said.

The new document, obtained by AFP, removed a contentious requirement for companies to store customers’ personal data in China.

– ‘Headaches for companies’ –

But concerns remain.

“The regulator is unprepared to enforce the law” and it is “very unlikely” anything will happen on June 1, said one participant, who asked for anonymity to discuss the sensitive issue.

That impression was only strengthened a few days after the meeting, when authorities issued 21 new draft documents describing national standards on topics from cloud computing to financial data, noting they would be available for public comment until July 7.

More new drafts, including detailed guidelines on cross-border data transfers, were published Saturday.

It is “crystal clear that the regulatory regime is evolving and does not simply switch on like a light June 1”, said Graham Webster, an expert on Sino-US relations at Yale Law School.

Beijing, he said, is “wrestling with legitimate challenges that every country faces, and … much of the caution and ambiguity comes from a desire to get things right.”

But the process is causing “headaches for companies, Chinese and foreign alike”.

– Protecting ‘national honour’ –

China already has some of the world’s tightest controls over web content, protected by what is called “The Great Firewall”, but even some of its universities and petrol stations were hit by the global ransomware attack in May.

The draft cybersecurity rules provided at the CAC meeting address only one part of the sweeping law.

The legislation also bans internet users from publishing a wide variety of information, including anything that damages “national honour”, “disturbs economic or social order” or is aimed at “overthrowing the socialist system”.

Companies are worried that the new law could lock them out of the market.

Paul Triolo, a cybersecurity expert at the Eurasia Group, wrote in a research note that regulators will likely introduce “new hurdles for foreign company compliance and operations” in industries, such as cloud computing, where China is actively seeking a competitive advantage.

As a result, “companies with politically well-connected competitors could see their profile raised for things such as cybersecurity reviews”.

The European Union Chamber of Commerce, among other groups, has urged Beijing to “delay the implementation of either the law or its relevant articles”.

It “will impose substantial compliance obligations on industry” and “cautious, sound, consistent and fully reasoned supporting mechanisms related to its implementation are essential,” the group said in a statement last week.

The chamber called on policymakers to follow a “transparent” process that will help eliminate “discriminatory market access barriers”.

While there is no indication the law itself will be pushed back, the draft rules distributed at the CAC meeting says companies will have until December 31, 2018 to implement some of its requirements.

“It’s been enormously difficult for our companies to prepare for the implementation of the cybersecurity law, because there are so many aspects of the law that are still unclear,” said Jake Parker, vice president of the US-China Business Council.

“There’s not enough information for companies to be able to develop internal compliance practices.”

by Ben Dooley

WannaCry hackers ‘were likely from southern China’ — Native Chinese-speaking people with southern accents

May 29, 2017

Linguistic analysis of the malware’s ransom note suggests origins of its writers, US security firm says

By Stephen Chen
South China Moring Post

Sunday, May 28, 2017, 11:26pm

The WannaCry attack ultimately infected more than 200,000 computers in more than 100 countries.

The WannaCry attack ultimately infected more than 200,000 computers in more than 100 countries. PHOTO: RITCHIE B. TONGO/EUROPEAN PRESSPHOTO AGENCY

The authors of the WannaCry malware, which infected computers in 150 countries two weeks ago, are probably from the southern mainland, Hong Kong, Taiwan or Singapore, according to a US intelligence company.

Forensic linguistic analysis on the malware suggested it was written by native Chinese-speaking people with southern accents, said Flashpoint.

In a report on its website, Flashpoint, which provides global business-risk intelligence, said it came to the conclusion with “high confidence”. Earlier reports based on code analysis suggested North Korean programmers at work.

The WannaCry malware locked up data on infected computers and displayed a message in 28 languages demanding a ransom for restoration of the data.

 A ransom note that is part of the WannaCry malware, rendered in simplified Chinese. Photo: Handout

The hackers drafted the note in Chinese first, Flashpoint said. Based on the Chinese text, they manually produced an English version, then converted that into other languages using Google’s translation software.

“A typo in the note, bang zu (幫組) instead of bang zhu (幫助), which means ‘help’, strongly indicates the note was written using a Chinese-language input system rather than being translated from a different version,” the report said.

“The text uses certain terms that further narrow down a geographic location. One term, libai ( 禮拜 ) for ‘week,’ is more common in southern China, Hong Kong, Taiwan, and Singapore,” the researchers added.

Chinese phrases omitted in other language versions, such as “even the coming of God cannot retire these documents” and “Please relax, I absolutely will not scam you”, also suggested ­Chinese was the hackers’ native language, Flashpoint said.

But Zhang Kefeng, a professor of Chinese language at Jimei University in Xiamen, Fujian province had doubts about some of Flashpoint’s conclusions.

Libai is not just used in southern China. Many areas in the north use the word in communication as well, and every day,” he said.

“It is difficult to spot geographical differences in written Chinese nowadays, especially among educated people. People with different accents tend to write in a style very similar,” Zhang added.

Numerous Beijingers told the South China Morning Post that they used the word libai often.

Tang Wei, vice-president of cybersecurity company Rising, said Flashpoint’s analysis had useful information but that it was too early to reach a conclusion.

“A professional hacker often leaves behind numerous decoys to mislead the chase,” he said. “The unprecedented outbreak of WannaCry showed they could be highly sophisticated criminals.”

China: Foreign Firms Appeal for Delay of Cybersecurity Law — Involves every sector of business in China; technology companies, financial services, semiconductor manufacturers

May 28, 2017

Amendments to China’s new Law, which is set to take effect on June 1, will require a much broader range of companies operating in China to store business and user data on servers inside the country. Whereas the rule only applied to critical information infrastructure operators prior to the change, a much larger number of companies will be subject to restrictions limiting the transfer of data outside China, in addition to provisions setting in place tougher product security review processes and rules governing cooperation with government security investigations. As come to grips with the uncertainties brought by the recent changes, some are already turning their data to local cloud providers. From Bloomberg Technology:

“Almost all our companies are making moves to ensure that the majority of the data they collect in China is stored on servers located within China,” said Jake Parker, vice president of the US-China Business Council in Beijing. “It’s not just the technology companies – it’s financial services, semiconductor manufacturers, every sector of business in China, that’s impacted.”

[…] In addition to the restrictions on moving data beyond the mainland, provisions in the law include a more comprehensive security-review process for key hardware and software deployed in China and a requirement to assist authorities conducting security investigations.

No automatic alt text available.

[…] Another provision requires IT hardware and services to undergo inspection and verification as “secure and controllable” before companies can deploy them in China. That appears to be already tilting purchasing decisions at state-owned enterprises. [Source]

Sarah Cook at The Diplomat discusses what the “worst-case scenario” could look like under the new law, which is expected to tighten an already restrictive cyber environment. In recent years, authorities have carried out an ongoing and persistent crackdown on social media, even without the new law. Influential public intellectual and Peking University Law professor He Weifang recently told the media  that he would no longer post to social media after having his blog, Weibo, and WeChat accounts repeatedly closed by authorities. “I feel utterly helpless,” He told Gerry Shih of the Associated Press. “It’s as if I’m not allowed to make a single sound.” From Cook’s report:

First, social media accounts would be closed on a large scale across multiple platforms. This has already been taking place in a more piecemeal fashion. Since 2013, online opinion leaders with millions of microblog followers on Sina Weibo have had their accounts shuttered. In March 2014, dozens of public accounts on WeChat that shared information on current affairs were closed or suspended. More recently, some journalists and academics have reported having their personal WeChat accounts shuttered. Under the new rules, millions of social media accounts sharing information on even apolitical news topics could be subject to such censorship.

Second, there would be an increase in arrests of ordinary users, including based on private information obtained by Chinese security forces from internet companies. […]

The Chinese authorities have made clear that they are willing to imprison ordinary citizens based on content shared or viewed via social media. A February 2017 Freedom House study on religious freedom found that Falun Gong practitioners had been jailed for posting messages about the spiritual group or human rights abuses to WeChat or QQ, and that young Uyghurs had been imprisoned for viewing online videos about Islam. Last month, Wang Jiangfeng of Shandong Province was sentenced to two years in prison for referring to “Steamed Bun Xi” — a banned nickname for President Xi Jinping — in a group message on WeChat.

Third, full enforcement would mean greater government control over private media companies and news portals. The CAC rules promulgated on May 2 significantly restrict the space for investment and editorial input by foreigners, requiring editors in chief, for example, to be Chinese passport holders. […] [Source]

A coalition of industry groups from several countries collectively appealed to China this week to postpone the implementation of the , warning that it could hurt cross-border trade. Business and human rights groups critiqued the law before it was passed as well, though their concerns were not included in the final draft. Meanwhile, experts within China who support the law are cautioning against efforts to delay its implementation, according to a report by Cao Siqi at Global Times:

Although the Chinese government said the measure is not intended to unfairly target overseas companies and to “monitor, defend and handle cyber security risks and threats originating from within the country or overseas sources,” some overseas business groups have been pressuring Chinese regulators to delay the law’s implementation.

A Bloomberg report on Thursday said more than 50 trade associations and chambers of commerce signed a letter in May addressed to the government seeking a delay. They argued that the law could have an impact on cross-border trade, lock out foreign cloud operators, restrict competition and may decrease the security of products and jeopardize the privacy of Chinese citizens.

“Some overseas companies, especially multinational corporations from developed countries, have been accustomed to their privilege and special treatment in China. So when they are required to be regulated the same way as Chinese companies, they feel uncomfortable and resist,” Shen Yi, Director of the research center for the governance of global cyberspace at Fudan University, told the Global Times.

“However, many foreign firms have already saved their data in China or have been inspected by the government, and no untoward consequences have happened. We should maintain vigilance against some organizations or governments which have forced their companies to stir trouble. We will never tolerate any disruption to the practical cooperation between the Chinese government and overseas companies,” said Shen. [Source]

Vietnam-linked hackers likely targeting Philippines over South China Sea dispute: FireEye — State-sponsored hacker groups involved

May 27, 2017


Hackers linked with Vietnam’s government are likely targeting Philippine state agencies to gather intelligence related to the maritime dispute in the South China Sea, cybersecurity company FireEye (FEYE.O) said on Thursday.

Vietnam’s government was not immediately available for comment – though it has regularly dismissed similar allegations in the past. The Philippines’ foreign ministry told Reuters it would look into the report.

FireEye said the hackers, called APT32, had attacked a Philippine consumer products corporation and a Philippine technology infrastructure firm in 2016, alongside other companies, some doing business in Vietnam.

The attackers were also targeting Philippine government agencies, FireEye’s chief technology officer for Asia Pacific, Bryce Boland, added in a media briefing.

“This is presumably in order to gain access to information about military preparation and understanding how the organizations within the government operate in order to be better prepared in case of potentially military conflict,” Boland said.

“There are overlapping claims between Vietnam and the Philippines over some islands in the South China Sea and it is quite likely that intelligence gathering is starting around that,” Boland said.

APT stands for advanced persistent threat, a term often used to describe state-sponsored hacker groups.

“We believe all of the activities of APT32 are aligned to the interests of the Vietnamese government,” Boland said.

The Philippines, Vietnam, China, Malaysia, Taiwan and Brunei contest all or parts of the South China Sea, through which about $5 trillion in ship-borne trade passes every year.

Vietnam’s foreign ministry said this month the government of did not allow any form of cyber attacks against organizations or individuals.

“All cyber attacks or threats to cyber security must be condemned and severely punished in accordance with regulations and laws,” spokeswoman Le Thi Thu Hang said, responding to similar accusations.

Philippines foreign ministry spokesman Robespierre Bolivar said on Thursday the government took hacking allegations very seriously.

“Any credible information received will be investigated and addressed as necessary,” he said in a text message.

(Reporting by Karen Lema; Additional reporting by Mai Nguyen in HANOI; Editing by Nick Macfie and Andrew Heavens)

WannaCry Malware Has Strong Links to Group Tied to North Korea, Symantec Says

May 23, 2017

Symantec’s analysis showed substantial commonalities with prior Lazarus attacks and WannaCry’s tools and techniques

The WannaCry attack ultimately infected more than 200,000 computers in more than 100 countries.

The WannaCry attack ultimately infected more than 200,000 computers in more than 100 countries. PHOTO: RITCHIE B. TONGO/EUROPEAN PRESSPHOTO AGENCY

May 23, 2017 1:57 a.m. ET

A group linked to North Korea is highly likely behind this month’s global ransomware assault, and the attack more closely resembles the behavior of a crime ring rather than a government-orchestrated campaign, a cybersecurity researcher said.

In a blog post late Monday, Symantec Corp., a cybersecurity firm, said the WannaCry ransomware carried “strong links” to Lazarus, a group security experts suspect was behind the theft of $81 million last year from the Bangladesh central bank and a 2014 hack of Sony Pictures Entertainment. U.S. officials have said they believe North Korea orchestrated the Sony SNE +0.45% attack—which North Korea has denied—and federal prosecutors are building cases that would accuse Pyongyang of involvement in the Bangladesh heist.

Cybersecurity researchers, including Alphabet Inc.’s GOOGL +0.87% Google unit, Kaspersky Lab ZAO and Comae Technologies, had previously drawn parallels between a variant of WannaCry and code used in previous attacks attributed to Lazarus. But those initial reports were cautious about drawing deeper conclusions about how the digital clues related to Lazarus or North Korea.

Little is known about Lazarus, though cybersecurity researchers say the group has been active since 2009. Its initial efforts were focused on Asia, but the group has begun targeting global banks.

Symantec’s new analysis showed “substantial commonalities” with prior Lazarus attacks and WannaCry’s tools and techniques, as well as network infrastructure used in the attack. That makes it “highly likely that Lazarus was behind the spread of WannaCry,” Symantec said. There was also a series of smaller attacks using the WannaCry software in February, March and April, before a widespread assault this month that hit computer networks around the world.

Symantec didn’t address whether North Korea was directly involved with the latest WannaCry assault. Cybersecurity experts have said other hackers could have copied the code in question, meaning the WannaCry malware could have originated from groups other than Lazarus. But even if Lazarus were the culprit, the group could have unleashed the malware without North Korean orders, they say. It is unclear who leads or funds Lazarus.

North Korea’s official state media on Monday denied that Pyongyang had a hand in the WannaCry attack, lambasting South Korean press reports suggesting North Korean involvement as “misinformation” and a “dirty and despicable smear campaign.”

The WannaCry attack, which began on May 12, ultimately infected more than 200,000 computers in more than 100 countries. The malware worm exploited vulnerabilities inMicrosoft Corp.’s Windows systems, attacking machines that didn’t have up-to-date security patches.

The previous versions of WannaCry were used in smaller, targeted attacks, dating as far back as Feb. 10, Symantec said, when a single company and 100 computers were infected. Subsequently, the malware targeted a handful of organizations in March and April. Symantec didn’t identify the affected firms.

But the May attack rippled across the globe because of a bug in the Windows operating system that allowed hackers to take WannaCry global, Symantec said. The prior WannaCry versions required more steps to be spread, such as stealing credentials or copying the malware computer to computer, Symantec said.

That Windows exploit, called EternalBlue, was made public in April, when a shadowy hacking group released documents and hacking tools it says it stole from the U.S. National Security Agency. That leak of the Windows vulnerability “was what allowed the attackers to turn WannaCry into a far more potent threat,” Symantec said. Microsoft had issued a patch for the vulnerability on March 14 but not all computers had the update.

Security researchers say nation-state cyberattacks tend to target foreign intelligence, though North Korea has been suspected of a growing number of attacks targeting banks. The WannaCry attack demanded around $300 payments in bitcoin—with few victims ponying up—pointing more toward low-level crime rings than one organized by a nation-state hacker, cybersecurity experts say.