A series of security breaches that stuck prestigious law firms last year was more pervasive than reported and was carried out by people with ties to the Chinese government, according to evidence seen by journalists.
The incidents involved hackers getting into the email accounts of partners at well-known firms, and then relaying messages and other data from the partners’ in-boxes to outside servers. In the case of one firm, the attacks took place over a 94 day period starting in March of 2015, and resulted in the hackers stealing around seven gigabytes of data. That figure would typically amount to tens or hundreds of thousands of emails.Read more
Tough new Chinese cybersecurity rules are providing a rare, behind-the-scenes look at a regulatory skirmish between US technology companies and Beijing.
China is moving to require software companies, network-equipment makers and other technology suppliers to disclose their proprietary source code, the core intellectual property running their software, to prove their products can’t be compromised by hackers. Tech companies are loath to offer up their source code, saying this will heighten the risk of their code falling into the hands of rivals or malefactors — and may not guarantee it is hack-proof. Microsoft, Intel and IBM are among those filing objections.Read more
Do you own an Android smartphone? You could be one of those 700 Million users whose phone is secretly sending text messages to China every 72 hours. You heard that right.
Over 700 Million Android smartphones contain a secret 'backdoor' that surreptitiously sends all your text messages, call log, contact list, location history, and app data to China every 72 hours. Security researchers from Kryptowire discovered the alleged backdoor hidden in the firmware of many budget Android smartphones sold in the United States, which covertly gathers data on phone owners and sends it to a Chinese server without users knowing.Read more
Chinese spies repeatedly infiltrated US national security agencies, including official email accounts, and stole US secrets on Pentagon war plans for a future conflict with China, according to a forthcoming congressional commission report.
“The United States faces a large and growing threat to its national security from Chinese intelligence collection operations,” states the late draft report of the US-China Economic and Security Review Commission. “Among the most serious threats are China’s efforts at cyber and human infiltration of US national security entities.” The report identified repeated infiltrations by Chinese spies of US national security entities.Read more
For more than a decade, the US military and intelligence community has quietly warned that the world's largest telecom equipment manufacturer, Huawei, is an arm of the People's Liberation Army and that its phones, circuits and routers are instruments of Chinese eavesdropping.
Now these agencies are starting a formal review, led by the FBI and the NSA, examining the national security implications of Huawei's potential participation in building the US 5G wireless network, according to current and former US intelligence officials. These officials told that while the two largest US telecom providers have yet to join up with Huawei on this project, the prospect of such a partnership is real and alarming.Read more
An FBI electronics technician pleaded guilty on Monday to having illegally acted as an agent of China, admitting that he on several occasions passed sensitive information to a Chinese official. Kun Shan Chun, also known as Joey Chun, was employed by the Federal Bureau of Investigation since 1997.
He pleaded guilty in federal court in Manhattan to one count of having illegally acted as an agent of a foreign government. Chun, who was arrested in March on a set of charges made public only on Monday, admitted in court that from 2011 to 2016 he acted at the direction of a Chinese official, to whom he passed the sensitive information.Read more
China is making plans to ban ad-blocking software from citizen's machines, according to Ben Williams, head of operations at Adblock Plus, who recently posted a blog entry on the subject entitled The lonely bully.
"There are apparently 159 million people who block ads on their mobile devices in China. Desktop numbers are relatively low by comparison. All of them, though, are going to have a fundamental right snatched from them come September, when their government will take away their right to block ads," he said. "That’s because just last week China issued its Internet Advertising Interim Rules, Article 16 of which will place a ban on ad blocking … thus spake the Bully."Read more
Security experts have discovered that the Maxthon web browser collects sensitive information and sends it to a server in China. Researchers warn that the harvested data could be highly valuable for malicious actors.
Developed by China-based Maxthon International, the browser is available for all major platforms in more than 50 languages. In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption. Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file to a server in Beijing, China, via HTTP.Read more
Advertising agencies go to great lengths to spread their clients’ messages. Now, researchers have uncovered a new approach: malware.
This month, cybersecurity company Check Point reports that a Chinese group called Yingmob has distributed mobile device malware on a massive scale, apparently alongside a legitimate advertising analytics business. This malware allows the injection of adverts into victims' devices. Whenever someone clicks on one of these adverts, Yingmob gets paid, just like a typical advertising campaign. ts professional-looking website claims its easy-to-deploy ads support text, pictures, and video, and don't affect the user experience.Read more
A 470 gigabits per second distributed denial of service attack on an unnamed gambling website has been described as one of the largest and most complex assaults to date. The perpetrators' multi-vector approach reached a packet-per-second peak of 110 million, although the assault was quickly mitigated by a security firm.
The attack reportedly lasted just over four hours on 14 June and was notable not only for the strength of the assault, but also the multi-vector approach that mixed "nine different payload types". The security firm claims that only 0.2% of DDoS attacks from the first quarter of 2016 were multi-vector.Read more