Tag Archives: China

MI-6 Follows CIA, Just 22 Years Late

Why? Quantum Computing and Artificial Intelligence!

For those of you who are not familiar with MI-6, even via a somewhat romanticized version in James Bond movies, MI-6 is Britain’s spy agency. Working along MI-5 and GCHQ, their goal is to protect Britain from the bad guys. MI-6, similar to our NSA (often referred to as No Such Agency), prefers to stay in the shadows. The agency’s existence wasn’t even formally acknowledged until the 1990s.

However, now they are they are talking very publicly. Richard Moore (AKA “C” in MI-6 speak) talked publicly for the first time since taking over the role of Chief of MI-6. He said that developments in quantum computing and AI are good for society.

Speaking at the International Institute for Strategic Studies, Moore warned that China, Russia and Iran are a threat to the UK (and the rest of the world), who could exploit technology to meet their aims.

While human intelligence is important (and, I might add, becoming harder by the day because of the digital footprint that every human leaves behind – or if they are a spy, do not leave behind), technology is going to be critical to assessing that intelligence.

He warned that “our adversaries are pouring money and ambition into mastering artificial intelligence, quantum computing and synthetic biology because they know that mastering these technologies will give them leverage”.

However, “C” admitted that they (the UK) will lose the battle if they try to out-do big tech.

So, they are doing what the CIA started to do in 1999 and have started a venture capital fund called the National Security Strategic Investment Fund. The CIA calls theirs In-Q-Tel. While I don’t know NSSIF, I did pitch In-Q-Tel a few years ago. Some super smart people. Likely also true for NSSIF. Both are looking for smart people with even smarter ideas who need money. Of course, they want to use, partner, or own the tech that these investments produce. “C” said that this is a culture change for the organization that is going to be a sea-change. The CIA seems to have figured out how to do it. Perhaps the two organizations should chat. Or maybe they already are.

Key point is that Quantum computing and AI are going to be critical to national security and, my guess is, China and the others know that too (read my November 25th blog post if you doubt this). If they can’t develop it themselves, there are other alternatives that they seem to be pretty good at also. Credit: ZDNet

Booze Allen says that the Chinese are already planning for the day when powerful quantum computers are running inside their state run intelligence service. Booze says that Chinese hackers might soon start trying to steal encrypted data such as encrypted weapons design data, biometric data and spy agency human asset info, with the hope that, with quantum computing, they will be able to decrypt it in the future.

Booze writes:

In the 2020s, Chinese economic espionage will likely increasingly steal data that could be used to feed quantum simulations,” the analysts write in the report¬†Chinese Threats in the Quantum Era.¬†

Hackers could steal encrypted data now and crack it with quantum computers later, warn analysts | ZDNet

We either need to protect our tech. Or learn Mandarin.

China Charts Plan for Tech Self-Sufficiency

China’s policymaking body, the Central Comprehensively Deepening Reforms Commission (I did not make up this name) approved a plan yesterday for developing home grown science and technology with an eye toward self-sufficiency.

According to a press release by the state run news agency, Xi said that while China has made substantial progress in trying to develop its science and technology sectors, they are still struggling. Which means that stealing intellectual property from the west is still critical.

And what are they trying to focus on?

Artificial intelligence and quantum computing.

This comes as Biden continues to tighten the screws on the Chinese tech sector, adding another dozen Chinese companies to the entities list, banning US companies from selling to them.

China’s vice premier wrote an article for the People’s Daily yesterday saying, using a lot of words, that innovation is critical and since Xi said that they were still challenged at doing that, it is pretty clear what the alternative is.

China, of course, is not pleased that more companies have been blacklisted, but my guess is that asking us to un-blacklist them will not produce results for them.

Based on this, expect more espionage – both by breaking into US company networks and by planting insiders inside targeted companies. Also expect them to continue to expand the Thousand Talents program.

All in all, this means that US companies with critical tech need to stay on their toes. If you think your tech is important, so does China and they are very motivated to steal it. Likely they will do it very quietly so that you don’t even know that you have been hacked.

Credit: The Record

Privacy and China – In the Same Sentence?

China’s residents are not used to online privacy – from one of the world’s most repressive and invasive regimes, but there is now an online privacy law called PIPL (Personal Information Protection Law).

It went into effect on November 1 and it will change how companies do business in China – but it won’t change a thing about how the government snoops.

While it may affect local Chinese companies like WeChat, TikTok and others, it will also affect how foreign companies do business in China.

Overseas companies may be blacklisted, which of course could escalate tensions.

Already Yahoo announced it was leaving China and Microsoft’s LinkedIn said it was replacing what we think of LinkedIn with a vanilla job board.

There are a lot of similarities between GDPR and PIPL. In some cases the language was lifted. Right to access your information. Right to correct. Right to Delete. Right to withdraw consent.

Fines can be as high as 50 million yuan ($7.8 million) or 5 percent of annual revenue.

The PIPL regulator is a state agency – the Cyberspace Administration of China. Not exactly independent. Or neutral.

The law now requires companies that collect a lot of data (amount undefined) must store their data in China.

Now that Microsoft and Yahoo have left, who remains is Apple. Apple has created a reality distortion field to keep doing business in China. Possibly this is because of all the manufacturing that it does there and the rare earth minerals it needs from China. In any case, they already conceded the privacy of Apple users years ago.

Companies that want to export data have to go through a security review.

One thing that may be a result of China’s law is that other countries, particularly those in Asia, may also decide that companies have to keep data locally. Vietnam and India are already considering similar rules. Maybe others will follow.

For foreign companies (such as U.S. ones), that could mean changing their business models, their technology stack or even their algorithms.

Or, they may choose to not do business in some countries.

The result could turn the world into a bunch of data islands. Do I care if I don’t see data from people in China? I don’t think so. Not sure that is a horrible result but for some companies it messes with their revenue. Worse yet, it makes them make really hard choices like Apple did. Or it can cause other countries to retaliate. Stay tuned, this battle is far from over. Credit: Wired

Security News for the Week Ending September 17, 2021

LA Police Collected Social Media Account Info From People They Talked To

I’m sure they were just curious. The LA police watchdog says that officers were instructed to collect civilians’ social media details when they interviewed them. An Email from the Chief dating back to 2015. He said it could be beneficial to investigations and possibly even future outreach programs. These are people who are neither arrested or cited. I am sure that using people’s email addresses for social outreach is far more effective than, say, Twitter, Facebook or even the 6:00 News. Not. For harassing and scaring people, yes. Credit: MSN

Germany Admits Police Used NSO Group Pegasus Spyware

Germany’s Federal Police admitted that they used the Pegasus Spyware, which can totally own a mobile phone and all the data on it, when testifying before Parliament. They said that some features were disabled due to German law. What features and how many people were not revealed. Likely they are not alone – they just got caught at it Credit: Security Week

Taliban and China Are Reportedly in Bed Together

China has reportedly sent its best (?) cyber spies to Kabul to help the Taliban hack land lines and mobile calls, monitor the Internet and mine social media. While all governments, including ours, does this, the Taliban is not likely to put any controls on what gets monitored. China has been, US intelligence sources say, wooing the Taliban for years getting ready for this. One can only assume that the Taliban will reciprocate, like by giving China access to stuff we left behind. CreditL Mirror

FTC Says Health Apps Must Notify Consumers About Breaches

The FTC warned apps and devices that collect personal health information that they must notify consumers if their data is breached in a 3-2 vote, with the two Republicans voting against it. This is designed to specifically address the gap that apps are not considered covered entities for the most part, hence they are not covered by HIPAA. The two Trump appointees who voted against it are not necessarily against having app makers tell users that their data has been compromised, but would prefer to drag the decision out for a few more years as the government does its normal bureaucratic rulemaking process. Credit: FTC

Cop Instructed to Play Loud Music to Disrupt Public Filming of Their Activities

Police – or at least some police – do not like being filmed while performing their job. One Illinois police department officially came up with an interesting tactic. While it doesn’t stop people from filming them, it MIGHT cause the videos to be taken down from social media, which seems to be the goal. When they detect someone filming them, they turn on copyrighted music to be included in the recording. Most social media have been sued enough that they have tech that detects at least popular copyrighted music and if detects it, it removes the post so they don’t get sued. I think it is pretty simple to distort the music a little bit so the filter won’t work while still allowing a listener to hear the interaction with the police. My guess is that if a case like this came to court over copyright, the court would rule in favor of the person filming, but we are talking about the law here, so who knows. Credit: Vice

What is the Back Story on China’s Hack of Microsoft Exchange Servers?

One possible answer is that they wanted to steal your email, impersonate you and use your email accounts to send spam and malware. This is certainly possible, but there is another, more sinister possibility.

What if – China was looking for mountains of data to train its AI systems?

The attacks gave them tens of billions of messages, calendar information and other files.

That translates to trillions of bits of information.

This is what some government officials and security experts are saying.

And, of course, this is addition to all the data that they have already stolen.

This includes, for example, entire security clearance files from the OPM breach, medical records from the Anthem breach, travel information from the Marriott breach and financial information from the Equifax breach.

William Evanina, former director of the National Counterintelligence and Security Center says that the Chinese have more data on the average citizen than we do.

Sounds a bit scary to me. Credit: The Register

Security News for the Week Ending June 18, 2021

Security Company Founder Charged with Hacking Georgia Hospital

An indictment unsealed this week in a Northern District of Georgia court accuses Vikas Singla, 45, with 18 separate counts of aiding and abetting a 2018 cyber attack against the Gwinnett Medical Center in Georgia. According to his LinkedIn profile, he is (or maybe now was) the COO of Atlanta based Securolytics. It is not clear what he did, but the feds say that he aided and abetted the attack. Credit: SC Magazine

Energy Secretary Says Adversaries Have Ability to Shut down US Power Grid with Cyberattacks

Maybe this story is a no-big-deal in light of the Colonial Pipeline attack, but Energy Secretary Jennifer Granholm said that US adversaries already are capable of using cyber intrusions to shut down the US power grid. This is something that security professionals have been saying for a long time and in light of the almost half dozen attacks on water, oil and support infrastructure in the last couple of months, this is not a big surprise. Credit: Fox8

China Crackdown Continues

The FCC approved a plan this week to ban approvals for Chinese telecom equipment from companies deemed a threat to US national security. This includes, potentially, revoking the approval of equipment and apps already in use. This continues the pressure on China started in the last administration. Credit: Verdict

Apple Not Happy With Proposed Requirement for Competition

Europe is trying to force some competition in the Apple app store and, given the amount of money that represents to Apple, they are not happy. They say that it would harm consumer’s privacy. Informed consumers could make a choice under those circumstances. Would a consumer be willing to trade some personal data in exchange for getting an app for free or at a reduced cost? Apple thinks it is their job to answer that question for their customers; the EU disagrees. Actually, Apple thinks it is their job to be a monopoly. Stay tuned. Credit: The Register