Sleight of Hand is out today. Written with
@kristindelrosso
and published through
@ACGlobalChina
, our report ties China's new vulnerability system to its offensive teams and explains how we got to Hot Zero Day Summer. 🧵
Microsoft sees an increase of PRC hackers using 0days after the first year of the Software Vulnerability Disclosure Law in effect, just as predicted. China has weaponized the entire PRC software research community for the intelligence services. I'll be dig in at
@CYBERWARCON
Today is my last day at
@CSETGeorgetown
. It's been an amazing ride and I'm excited to start consulting next week for
@KrebsStamos
. I thought I'd reflect on all the things we uncovered on China's cyber programs as I leave. A long ass 🧵
My last paper from my time at
@CSETGeorgetown
is out today! The report is a quick overview of China's cyber ranges with ties to the security services. The PRC has built at least 19 across China, but these five are ✨special✨
Hear me out. Phishing campaign where the emails look like a regular advertising email for your generic company with a malicious hyperlink in the unsubscribe button at the bottom.
So many spies tell other people about their actions. Feels like one of the best CI lessons is to encourage folks to listen and believe when those people talk.
Two U.S. Navy sailors have been arrested and accused of providing sensitive military information to China — including details on wartime exercises, naval operations and critical technical material, federal officials said.
China's CVERC claims to have identified 13 NSA operators responsible for hacking into Northwestern Polytechnical University. Attribution is supposedly being withheld. This follows the ramp up in attribution of attacks to NSA by PRC media and cybersecurity firms. Notable Qi An Xin
🚨 NEW
@DukeCyberPolicy
: former student researcher
@itsjhk
asked 37 data brokers about buying mental health data, 11 of which were willing to sell it. Advertised data included depression, insomnia, ADHD, anxiety, ... — some for just hundreds of dollars.🧵
My
@CYBERWARCON
talk covers the build up in PRC cyber talent and capabilities from 2013 til now. My latest find, which I'll debut there, is China's 2022 "Cybersecurity Talent Actual Combat Abilities White Paper, Attack & Defense Capabilities Edition"
Maybe someone else can improve this. I've overlayed the
@KathrinHille
and
@Dimi
TSMC piece on fabs with
@Ian_M_Easton
piece Hostile Harbors to show proximity of fabs to potential amphibious landing spots. Black circles are approximate location of fabs.
I'm excited to present on China's cybersecurity policies at this year's
@CYBERWARCON
! I'll be talking about the evolution of PRC policies from 2013 until now and their implications for defenders. Don't miss my talk, "China Stands Up" on Nov. 10.
We are thrilled to announce this year’s
#CYBERWARCON
lineup! 🎉
The CFP board had a huge challenge selecting from an incredible collection of talks but we are certain we have put together a show you won’t want to miss.
My latest report is out this morning and my first published by
@LabsSentinel
! Following the joint statement by the US/UK/EU in July 2021, China started blaming the US for hacking victims inside PRC. It's an abnormal campaign 🧵
Friday's measures were a huge shot across the bow on global trade and the next few years will be defined by other countries' responses. We're at the dawn of a new period in global commerce.
Re-upping this paper on destructive cyber attacks on ICS systems enabled by AI. One researcher is tied to Zhejiang Labs, which hosts a cyber range I've tied to China's security services.
Wow. Maybe letting the wealthy cosplay as national security experts across a variety of policy areas where domain expertise is required is a bad fucking idea. That's crazy. Maybe policymakers and media should assess whether somebody is an expert on the thing or just rich. 🤷
Eric Schmidt warned lawmakers about the emergence of China’s tech industry – but that didn't stop his foundation from investing in it. Now,
@willknight
breaks down Schmidt’s complex relationship with the U.S.'s chief geopolitical rival:
Ever find yourself wondering which PRC companies are the best at finding vulnerabilities? Which ones have good collection or analysis capabilities? Now you don't have to wonder! Thanks, CNVD! 😘
Incentives to steal and transfer IP are only increasing, just as China’s hacking teams are starting to reap the benefits of the last 8 years of policy changes to improve their talent and capabilities pipeline. The golden years of PRC hacking are only just beginning.
This group of intelligence chiefs, known as the Five Eyes, have never appeared in an interview together. This Sunday, they are warning people about China’s theft of technology. Scott Pelley reports.
Wild that Huawei execs thought they could ask to speak with a source being handled by MSS. The whole thing shows a close relationship between company and state, but that's a whole new level. Could indicate unfamiliarity with intel, or IMO indicate perceived authority on tasking
Now we are getting somewhere. Docs refer to a 2010 directive from central govt titled “Opinion on the Establishment of Cyber Special Investigations Troops” and “Standards for MPS Cybersecurity Dept, Cyber Special Investigations Work”
@matthew_pines
Bingo. Ukrainian warning cyberattacks on critical infrastructure should have cued that this type of action was on the table. If you decide you'll attack critical infrastructure, what other actions will you take? This is at least one.
Welcome
@DakotaInDC
as a nonresident fellow!
Dakota is a China-focused cybersecurity consultant with
@KrebsStamos
. His work examines China's efforts to develop its hacking capabilities and the industrial policies that drive cyber espionage and IP theft.
9 years ago, I interned for Senator Kay Hagan from NC. Today, I return to the same floor of the Dirksen building to testify to
@USCC_GOV
, just a few doors down from where I answered the phones all that time ago. 🙏
Live stream ⬇️
Censors scrub content in China, but most folks posting are not prosecuted. Trash talking the govt at home is allowed. But mass protests make clear, in a way censored posts cannot, just how many people are upset. Protests overcome social signaling issues created by censorship.
China really hates the (correct) global narrative that it hacks and steals. The US, UK, EU condemnation in summer 2021 made a real impact on PRC attitudes on this issue. Since then, there has been a steady drip of weak infosec reports by Chinese companies blaming NSA for hacks
Besides the absolutely unhinged font, Wang Huning's book is a bit weird for other reasons. No publisher or translation house identified, no QR codes, no other branding. Must be the plainest and most understated book from China I've got.
Tried to buy this book on Xi’s exaltations around cybersecurity six months ago and it still hasn’t shipped, so now Im pleading to the internet to make it happen.
My latest report from
@ACGlobalChina
examines China’s efforts to push for new norms around internet regulations and the effects that will have on relations between China and other nations, and on cybersecurity in countries that adopt PRC tech
I think this piece still represents the broad thesis of my research, though I'm less committed to the idea that PRC will drop criminals from cyber. Maybe it will be a both/and situation.
Super excited to have joined
@ryanaraine
for an episode of Security Conversations. We cover the gamut: from Obama-Xi 2015 to China's hacking capabilities relative to other countries.
I’d like a word with the admissions committee of a certain institution for sending out decision letters on Valentine’s Day.
In related news, my wife got into the PhD program of her dreams!
Another man, Le Taowen, worked to coordinate visits between legislators and the PRC, and even worked with the embassy to have hydroxychloroquine delivered for the state senate president.
Interesting to see that NSA thinks PLA units are conducting cyber espionage on political parties. Long assumed that political targeting had transferred to MSS following the 2015 Obama-Xi agreement. I wonder if the targeting sets ever shifted, or if they did and have now returned?
BREAKING: The Select Committee on the CCP will hold a hearing titled “Discourse Power: The CCP’s Strategy to Shape the Global Information Space” this Thursday at 7:15 pm E.T.
Tune in at the link below 👇
81 year today since EO9066 forced 122K Japanese Americans into internment camps. The act of oppression, which was not similar like extended to German Americans, is important to remember as strategic competition is used to support prejudiced ideas about Chinese Americans.
Le’s background includes a degree in S&T Intelligence 科技情报, followed by a year of “preparation in Guangdong and Beijing” to become an overseas graduate student 👀
Chat logs show staff talking about heading to the West station of the Chengdu train line to meet the client who wants them to hit Thailand’s health ministry. Says it’s the Sichuan office. (四川厅)
For my wife's birthday, she's getting a six course meal by yours truly. Up first, a Jamaican inspired tuna crudo with pineapple, lime, habenero, and cilantro.
Group was using 上海写逸 (ElegantNet) for language translation via LLM and seems to provide a request to target Guinea and India. Wechat user refers to the ElegantNet employee as “Chief Cheng”. Is ElegantNet a front or providing cover for MPS officers?
What are China's technology import dependencies? A Chinese state-run newspaper profiles 35 of them, and in my first solo-authored paper for
@CSETGeorgetown
, I dish out the details on these PRC self-identified tech "chokepoints":
While in the US, Le Taowen also worked for the Liaoning MIIT bureau from 2003-2017. Based on his background and other, unreported activities and affiliations in the US, it’s likely Le was working to facilitate tech transfer back to China.
Plenty of evidence that 🇨🇳 is building the capabilities to use cyber attacks on satellites. 2 teams under CASIC research institutes develop such attacks
This is my favorite cyber range in this report, mostly because my guy Li Jianhua (李建华)has his finger prints all over it. Li is an important figure in China's cybersecurity policy landscape, lets dig in.
The cyber range at Peng Cheng Labs (鹏城实验室) has it all.
Supercomputer? ✅
PRC Defense University?✅
PRC Government Lab?✅
Top Cybersecurity Firms?✅
APT-Linked Researchers?✅
AI+Cyber Research?✅
Check out our issue brief on China's cyber ranges.
9 years ago, I interned for Senator Kay Hagan from NC. Today, I return to the same floor of the Dirksen building to testify to
@USCC_GOV
, just a few doors down from where I answered the phones all that time ago. 🙏
Live stream ⬇️
Reminder that PLA SSF is upping its cyber talent with a pipeline from 6 schools and 3 SOEs. Those include CAS, Shanghai Jiaotong, Xi'an Jiaotong, Beijing Ligong, Nanjing University, and Harbin University.
2/ 🇨🇳 Dakota Cary uncovers the complexities of China's strategy in weaponizing vulnerabilities against global adversaries. This episode is a deep dive into the intersection of cybersecurity and geopolitics
@DakotaInDC
Listen:
Welcome to worst panel circuit ever created: the holiday season—where your family tells about China and ignores whatever you say. At Thanksgiving, everybody is an expert!
We are absolutely stoked to finally share videos from CYBERWARCON ‘22! We took heavy losses to the lawyers, so almost half of the talks won’t be available online. The only way to see everything is to attend! 1/2
CYBERWARCON is back! Last year I talked about China’s efforts to stand up its cybersecurity talent and tooling pipeline. What will be discussed this year? Foreign observers are dying to know. Don’t worry, 李建华, I won’t put you on blast again. 🤭
US visibility into which people are responsible for infrastructure of APT31 should cause a CI spasm over in Hubei if they're a professional service at all.
🚨NEW - iSoon & the Chinese cyber mercenary ecosystem 🚨
Going back to my roots with some good old fashioned China cyber analysis
@Margin_Research
. How is iSoon related to cyber mercenaries, and the Chinese offensive ecosystem? 🧵/ 5 findings:
H/t to ChinaTalk for highlight the words of the CEO from "Silent National Champion" Qi An Xin, a cybersecurity firm. The issue for the US is that the CEO's words aren't hollow policy proposals, but active research into AI discovery of software vulnerabilities 🧵
On today's Lawfare Podcast,
@EugeniaLostri
spoke to
@__winn
about the data leaks from Chinese cybersecurity firm i-Soon, how the Chinese government hoards vulnerabilities, how the findings from this leak can be used to develop better norms, and more.