SoylentNews is people
SoylentNews
A large, multinational technology company got a nasty surprise recently as it was expanding its operations to China. The software a local bank required the company to install so it could pay local taxes contained an advanced backdoor.
The cautionary tale, detailed in a report published Thursday, said the software package, called Intelligent Tax and produced by Beijing-based Aisino Corporation, worked as advertised. Behind the scenes, it also installed a separate program that covertly allowed its creators to remotely execute commands or software of their choice on the infected computer. It was also digitally signed by a Windows trusted certificate.
[...]
Trustwave didn't identify the two companies that encountered GoldenSpy or the local Chinese bank that required that Intelligent Tax be installed. Representatives of Aisino Corporation didn't immediately respond to an email seeking comment for this post.
(Score: 4, Insightful) by Runaway1956 on Saturday June 27 2020, @08:22PM (5 children)
Give them end-to-end encryption, but we keep the keys. How is the US different from China?
Abortion is the number one killed of children in the United States.
(Score: 0) by Anonymous Coward on Sunday June 28 2020, @04:47AM
Yet both are still better than Russia. Poor saps, at least they get good cheap vodka to blur the pain.
(Score: 1, Touché) by Anonymous Coward on Sunday June 28 2020, @10:18PM (3 children)
Well, for one, China has the keys but the US doesn't, but the DOJ would love to have them?
(Score: 2) by Runaway1956 on Monday June 29 2020, @12:53AM (2 children)
Touché - the competition, or the race to the bottom, is on. It's a 3-way race between the Far East, the West, and the North, right?
Abortion is the number one killed of children in the United States.
(Score: 0) by Anonymous Coward on Monday June 29 2020, @03:43AM (1 child)
Umm, no, its all the way up for China, they hit rock bottom a while back during the whole socialism stint, didn't work, tweak and try again, they're few iterations in now. They're smart, they have massive amount of meat bags, use them, make them rich, export them and their services, place them in other countries, embed them into the local population, all the while they have the invisible puppet strings attached to them whether they know it or now or willing or not. If you do business in China, nothing comes with no strings attached.
The West? If you think Trump is rock bottom, you poor poor saps..
(Score: 2) by Runaway1956 on Monday June 29 2020, @03:58PM
You raise an interesting question:
What WOULD "rock bottom" mean for the West?
Well, there's the Mafia. Al Capone, and today's more modern drug cartels operating out of Mexico, primarily. There's that "company town" in the southeast, where the company owned every square inch of land in the city - and probably in the county. There are the gangs all over major US cities, and even outside of the cities. The railroad and robber barons of the 1800's.
Mix it all up, and I suppose a half dozen varieties of Al Capone who own and/or control most of the corporations in the US, who make and break politicians, have "agreements" with the gangs and drug cartels, actively fund police departments, "legalize" a huge drug industry, and support the world's "trade agreements".
And, somehow, names like Koch and Soros readily come to mind . . .
I'm reminded of some dystopian stories such as Snow Crash.
But, you're right. Trump is small potatoes compared to what we could have. Just a bit player in the grand scheme of thing, who manipulated a realty company on a rather limited scale. He comes nowhere near a Rupert Murdoch.
Abortion is the number one killed of children in the United States.
(Score: 2) by RamiK on Saturday June 27 2020, @08:37PM (3 children)
Believe it or not, this is their idea of progress: https://textslashplain.com/2020/01/19/retiring-internet-explorer/ [textslashplain.com]
compiling...
(Score: 2) by Runaway1956 on Saturday June 27 2020, @08:50PM (1 child)
I hope that was meant as comedy. It hurts too much to think the guy is serious.
Abortion is the number one killed of children in the United States.
(Score: 2) by RamiK on Sunday June 28 2020, @12:39AM
The point is Microsoft is the one enabling it all: Banks used to rely on ActiveX via Internet Explorer to deliver their backdoored software and now they're baking it straight into their software and signing it with Microsoft's provided certificate and their approval.
We've all seen corporate boxes carrying 3 types of VNC clients each by a different software vendor... How OEMs routinely bake RDP clients into their driver support stacks... How Win10 eagerly collect everything and anything it can find on you... There's really nothing new about any of it. In fact, I'm sure it's covered by their EULA. All 10k words of it no doubt...
It's all just part of the Microsoft Windows norm for privacy and security.
compiling...
(Score: 0) by Anonymous Coward on Sunday June 28 2020, @12:41AM
There are programmers, and then there are those that have to wank their ego in public.
(Score: 0) by Anonymous Coward on Saturday June 27 2020, @10:14PM (6 children)
Takes deep breath...
(Score: 4, Interesting) by corey on Saturday June 27 2020, @10:19PM (2 children)
Yeah, says a lot about it hey.
If this were am American, European or other western bank, it would be front page news and their reputation would be trashed. But being Chinese, people will just shrug and go read the next news piece on Trump.
I wonder when the Chinese will wake up to this, and realise this type of thing is why we don't want Huawei doing our 5G network infrastructure.
(Score: 2) by Lagg on Sunday June 28 2020, @02:46AM
I'll believe people would be outraged about it happening for (e.g.) BoA - or even understand the barest details - the moment they start being outraged about modern midshelf TV adware. And plain ol' untrustworthy weird firmware like my printer's. That constantly wants to update itself over the air.
Even when people find out about it and do get outraged. As a whole they really [cs.vu.nl], really [arstechnica.com], really [irdeto.com] give no shits about backdoors or the potential for them. When people don't get outraged, you get the spyware running without much backlash (until very recently anyway, my inactive chrome store account said they updated policy and automated checks to deal with this) in phone barcode scanners and the like.
I mean I hope you're right about it being a matter of "when" they'll wake up. Because 5G to me seems like brand with which to build unholy point-to-point reference jumps of other brand names. That megacorps can build contracts with and establish monopolies. More than it resembles any actual protocol. Is there even any set of spec PDFs for any of this *G shit after LTE at all? So if the chinese population would get around to caring that would be nice. But I figure they currently have other things going on.
http://lagg.me [lagg.me] 🗿
(Score: 0) by Anonymous Coward on Monday June 29 2020, @03:50AM
Why would the Chinese be outraged? Their concept of government and separation of powers are quite different from the rest of the non-totalitarian world. Hence why a lot of them only see one side of the Huawei debacle, that is Chinese discrimination.
Discussing anything about the Chinese government with most Chinese, even migrants, is kinda like discourse with a religious zealot; you can tell even if they're good natured person, their reality view is some what distorted by a fundamental warped view of the Chinese government's role in the country and the world. Yes, there are exceptions to this of course where some have enough critical thinking to pull themselves out of that quagmire, but most do not due to the conditioning they're exposed to since birth.
(Score: 2) by driverless on Sunday June 28 2020, @10:40AM (2 children)
Unfortunately they don't say which CA issued it, merely the company it came from, and since code signing certs are so routinely stolen for use in malware (you can buy them online) that name doesn't really mean anything. Could be malware slipped into the supply chain by a third party, could be bank-created malware, could be PLA-created malware, there's no way to tell.
(Score: 2) by driverless on Sunday June 28 2020, @10:42AM (1 child)
Oh, and I had to guess I'd say it was third-party, the Chinese government/PLA doesn't need to put spyware into stuff, it already has the same access to networks and systems that the NSA has in the US.
(Score: 0) by Anonymous Coward on Sunday June 28 2020, @10:22PM
You say both of these things as fact, but just because things fit your worldview does not make them true, let along "facts."
(Score: 0) by Anonymous Coward on Sunday June 28 2020, @12:29AM
Why not just buy another laptop to dedicate to banking only, keep it air-gapped to any other network used by the company? Just another cost of doing business...
(Score: 4, Interesting) by Revek on Sunday June 28 2020, @04:47AM
Put spyware on one computer. Make sure its fire walled off from the rest of the network and use it only to pay those taxes. Even better would be to tether computer to mobile device that is only used for this purpose.
This page was generated by a Swarm of Roaming Elephants