Hackathons are common, but Chinese hacking competitions are different.
…
In 2017, Zhou Hongyi, the founder of Chinese cybersecurity giant Qihoo 360, publicly criticised the practice of sharing vulnerability discoveries internationally, arguing that such strategic assets should stay within China. His sentiments, supported by the Chinese government, gave birth to the national hacking competition called the Tianfu Cup. The contest is focused on discovering vulnerabilities in global tech products like Apple iOS, Google’s Android, and Microsoft systems.
How is Tianfu Cup different?
A 2018 rule mandates participants of the Tianfu Cup to hand over their findings to the government, instead of the tech companies.
Dakota Cary, a China-focused consultant at the US cybersecurity company SentinelOne, said, “In practice, this meant vulnerabilities were passed to the state for use in operations.”
This approach effectively turned hacking competitions into a government pipeline for acquiring zero-day vulnerabilities — software flaws unknown to vendors and extremely valuable for cyber-espionage.
…
In recent years, China’s hacking competitions have increasingly shifted focus toward breaching domestic products, including Chinese-made electric vehicles, phones, and security software.
…
Embedding Trojans in your enemy’s infrastructure and leaving them to be switched on in times of war is ABSOLUTELY defense. You may not like it. But that’s called cyber warfare.
Quick question: Do you fundamentally disagree with what China is accused of but fully support Israel and the US’s extrajudicial backdoors, Trojan horses, domestic spying, pager bomb assasinations, AI targeted air strikes, and other clandestine war crimes just because they are perpetrated by “the good guys”?
nice try derailing the conversation with a “quick question”, let’s ignore it.
you are correct, it is cyber warfare, and china sees the US as their enemy. however it is not “ABSOLUTELY” defense.
i guess the conventional warfare equivalent would be to place explosives on the territory of your enemy to set it off in case of war. which smells way more like preparing active warfare than some kind of defense.
it brings it’s own set of problems as well. let’s say they get triggered by accident, either by incompetency or a third conflict party.
it will be very hard to explain why they were there in the first place, and “yes we deployed the <insert ‘defensive’ measure> on your soil, but it wasn’t us who triggered it.” might just not cut it.
This is (deploying malware and backdoors outside of wartime, often widely) criticisized very often and rightfully so. By both cybersecurity people and various political leanings, especially leftists.
Your analogy is good. These things are often intended to kill, and are often countervalue (read: target civilians). It is in fact bad no matter what state does it. It however should also come as no surprise that all states variously want to, though for example the usa has historically gone back and forth on how selective they are for many of the reasons you state. Though other reasons include things like not revealing exact capabilities by releasing malware ahead of time to be spotted and studied.
Thanks for your reply, it made some good points. It however didn’t need the part starting with “It however…” as phrases like this simply devalue everything that was written before them, and are usually followed by a change of topic.
The topic was the question if deploying trojans in another country’s infrastructure counts as an “ABSOLUTELY defensive” measure.
This could have been a perfect sentence to finish with, don’t you think? ;)
@demesisx@infosec.pub
Quick question also to you: Do you fundamentally disagree with what Israel and the US are accused of but fully support China’s domestic surveillance, transnational repression, supression of free speech and freedom of the press, bullying of its neighbours, aggression against Taiwan, just because they are perpetrated by “the good guys”?
You conveniently dodged my question, then asked me stupid questions, thinking I’d have to agree with cherry-picked offenses by China. I am not a fan of China. I just think they are justified in defending themselves. Furthermore, I think it’s hilarious that the the US decided to offshore our high tech goods to have them manufactured there as if we weren’t ASKING to be hacked. The only solution going forward is CLEARLY domestic RISC-V manufacturing and not allowing our enemies to manufacture our critical technologies.
Do I support China’s:
Do I support China engaging in pre-emptive cyber warfare against aggressors: absolutely
Do I support the US engaging in pre-emptive cyber warfare against aggressors: absolutely
Do I support Israel engaging in pre-emptive cyber warfare against aggressors: absolutely
Do I support war crimes being committed by ANY of these countries: NO
Removed by mod
Removed by mod
Removed by mod
Removed by mod
Removed by mod