Slash Boxes

SoylentNews is people

posted by hubie on Friday March 01, @10:05AM   Printer-friendly
from the red-flags dept.

Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government — a trove that catalogs apparent hacking activity and tools to spy on both Chinese and foreigners:

Among the apparent targets of tools provided by the impacted company, I-Soon: ethnicities and dissidents in parts of China that have seen significant anti-government protests, such as Hong Kong or the heavily Muslim region of Xinjiang in China's far west.

The dump of scores of documents late last week and subsequent investigation were confirmed by two employees of I-Soon, known as Anxun in Mandarin, which has ties to the powerful Ministry of Public Security. The dump, which analysts consider highly significant even if it does not reveal any especially novel or potent tools, includes hundreds of pages of contracts, marketing presentations, product manuals, and client and employee lists.

[...] The hacking tools are used by Chinese state agents to unmask users of social media platforms outside China such as X, formerly known as Twitter, break into email and hide the online activity of overseas agents. Also described are devices disguised as power strips and batteries that can be used to compromise Wi-Fi networks.

[...] "We see a lot of targeting of organizations that are related to ethnic minorities — Tibetans, Uyghurs. A lot of the targeting of foreign entities can be seen through the lens of domestic security priorities for the government," said Dakota Cary, a China analyst with the cybersecurity firm SentinelOne.

Also at WaPo, NYT, and The Guardian.

Originally spotted on Schneier on Security

Related: The Internet Enabled Mass Surveillance. A.I. Will Enable Mass Spying

Original Submission

Related Stories

The Internet Enabled Mass Surveillance. A.I. Will Enable Mass Spying 30 comments

Spying has always been limited by the need for human labor. A.I. is going to change that:

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

Before the internet, putting someone under surveillance was expensive and time-consuming. You had to manually follow someone around, noting where they went, whom they talked to, what they purchased, what they did, and what they read. That world is forever gone. Our phones track our locations. Credit cards track our purchases. Apps track whom we talk to, and e-readers know what we read. Computers collect data about what we're doing on them, and as both storage and processing have become cheaper, that data is increasingly saved and used. What was manual and individual has become bulk and mass. Surveillance has become the business model of the internet, and there's no reasonable way for us to opt out of it.

Spying is another matter. It has long been possible to tap someone's phone or put a bug in their home and/or car, but those things still require someone to listen to and make sense of the conversations. Yes, spyware companies like NSO Group help the government hack into people's phones, but someone still has to sort through all the conversations. And governments like China could censor social media posts based on particular words or phrases, but that was coarse and easy to bypass. Spying is limited by the need for human labor.

A.I. is about to change that.

[...] We could limit this capability. We could prohibit mass spying. We could pass strong data-privacy rules. But we haven't done anything to limit mass surveillance. Why would spying be any different?


Original Submission

“Disabling Cyberattacks” Are Hitting Critical US Water Systems, White House Warns 36 comments

The Biden administration on Tuesday warned the nation's governors that drinking water and wastewater utilities in their states are facing "disabling cyberattacks" by hostile foreign nations that are targeting mission-critical plant operations.

"Disabling cyberattacks are striking water and wastewater systems throughout the United States," Jake Sullivan, assistant to the president for National Security Affairs, and Michael S. Regan, administrator of the Environmental Protection Agency, wrote in a letter. "These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities."

[...] The letter extended an invitation for secretaries of each state's governor to attend a meeting to discuss better securing the water sector's critical infrastructure. It also announced that the EPA is forming a Water Sector Cybersecurity Task Force to identify vulnerabilities in water systems. The virtual meeting will take place on Thursday.

"EPA and NSC take these threats very seriously and will continue to partner with state environmental, health, and homeland security leaders to address the pervasive and challenging risk of cyberattacks on water systems," Regan said in a separate statement.

This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday March 01, @12:52PM (1 child)

    by Anonymous Coward on Friday March 01, @12:52PM (#1346956)

    Someone is getting sent to the re-education camp ...

    • (Score: 2, Touché) by khallow on Friday March 01, @01:32PM

      by khallow (3766) Subscriber Badge on Friday March 01, @01:32PM (#1346961) Journal
      It would interesting to see if it's the person who actually leaked. One of the things about a police state. If they can't find a criminal to punish, they always have plenty of scapegoats. And who knows? They might get the right one by accident.
  • (Score: 1, Informative) by Anonymous Coward on Sunday March 03, @06:41AM

    by Anonymous Coward on Sunday March 03, @06:41AM (#1347177) []

    Mei Danowski, a China cybersecurity expert and author of the Natto Thoughts newsletter, said: “We think about [Chinese hackers] as ‘Oh, the state gives them cash to do stuff.’ In reality, if these leaked documents are true, it’s not like that. They have to go and look for business. They have to build up a reputation.”

    “The boss is really anxious,” wrote one employee in September 2022. “I don’t know if the company can survive until the end of the year.” In another chat log, workers spoke about the company’s poor sales and a souring mood in the office. One employee turned to a universal solace: “I’ll probably scream if I can’t have a drink.”

    Seems a bit less state sponsored than Boeing... 😉