China has over 400 million internet users, more than any other nation. This exponentially increasing population of Chinese netizens entering the global internet community has not come without serious negative externality.  Over the past decade, there has been a marked increase in cyber-espionage and hacking coming from Mainland China. Espionage is not new, even between close allies such as the United States and Israel, but the unusually high frequency and intensity of Chinese cyber-spying from both state and non-state actorsis causing great concern.
Besides the traditional attacks on security institutions, Chinese hackers have placed a new focus on private business. For example, over the last several months network, security experts have noticed that Facebook internet traffic has been purposely routed through China.
âItâs real. It is happening. It canât be described as an âaccidentâ anymore,â Joffe [Rodney Joffe, senior technologist at DNS (Domain Name System) registry Neustar], who observed similar traffic snafus involving China last year, said in an e-mail to CNET today.
The issue of Intellectual Property theft has become a palpable one. Western economies, especially the U.S., have become knowledge based service economies, where first mover advantage and property right protections are essential to long term economic growth. The technological advantages the U.S. has enjoyed since the end of the Second World War has been depreciating much faster over the last 10-15 years, especially in relation to the Pacific Rim.  Due to the ease of information transfer, technical capital is being distributed far more quickly than in the past. Any developed nation, including the U.S.,that wants to maintain its economic edge must address these increasing cyber security threats.
The infamous âGoogle E-mail Hacksâ of 2010, are a case and point. Google openly implicated China in an e-mail hacking scandal, but this situation is actually not uncommon, it is just that Google went public and garnered significant media attention due to its status. Over 34 other companies, tech and defense firms, are also thought to have been targets for corporate espionage by government and non-government actors from China. Companies doing direct business with âChinese partnersâ usually come under attack immediately. The real numbers are astounding, reported in the press:
A study released by computer-security firm McAfee and government consulting company SAIC on March 28 shows that more than half of some 1,000 companies in the United States, Britain and other countries decided not to investigate a computer-security breach because of the cost. One in 10 companies will only report a security breach when legally obliged to do so, according to the study.
Further Wiki Leaks Revealed,
âSince 2002, (U.S. government) organizations have been targeted with social-engineering online attacksâ which succeeded in âgaining access to hundreds of (U.S. government) and cleared defense contractor systems,â the cable said. The emails were aimed at the U.S. Army, the Departments of Defense, State and Energy, other government entities and commercial companiesâŠBetween April and October 2008, hackers successfully stole â50 megabytes of email messages and attached documents, as well as a complete list of usernames and passwords from an unspecified (U.S. government) agency,â the cable says.
In a private meeting of U.S., German, French, British and Dutch officials held at Ramstein Air Base in September 2008, German officials said such computer attacks targeted every corner of the German market, including âthe military, the economy, science and technology, commercial interests, and research and development,â and increase âbefore major negotiations involving German and Chinese interests,â according to a cable from that yearâŠFrench officials said at the meeting that they âbelieved Chinese actors had gained access to the computers of several high-level French officials, activating microphones and Web cameras for the purpose of eavesdropping,â the cable said.
In mid-2009, representatives of the China Institutes for Contemporary International Relations, a nominally-independent research group affiliated with Chinaâs Ministry of State Security, contacted James A. Lewis, a former U.S. diplomat now with the Center for Strategic and International Studies. The U.S. government is using Mr. Lewis as a proxy, there have been 3 formal meetings between him and his Chinese counterparts, but no progress has been made.
Various groups in China knows that innovation, like natural resources, is key to keeping the economy growing, which in turn will keep the communist party and itâs hangers-on in the business elite in power. It appears China will innovate âby hook or by crookâ.   The easiest and most cost effective way to innovate is to steal. Corporate espionage can be quite profitable:
Business Software Alliance, an international software industry group, estimates that 79% of the software sold in China in 2009 was illegally copied, creating a loss to the industry of US$7.6 billion in revenue. Even more important to Beijing, these statistics mean the vast majority of Chinese computer systems â government and private alike â remain vulnerable to malware.
Malware is important to the Chinese government, because China also claims it has also been the victim of numerous cyber attacks, and therein lies âthe rubâ.
As Minister of Public Security Meng Jianzhu said in December 2009, âThe Internet has become a major vehicle through which anti-Chinese forces are perpetuating their work of infiltration and sabotage and magnifying their ability to disrupt the socialist orderâ.
Lets get a translation of what Mr. Meng is really saying. Shall we?
China is no doubt facing a paradox as it tries to manipulate and confront the growing capabilities of Internet users. Recent arrests of Chinese hackers and Peopleâs Liberation Army (PLA) pronouncements suggest that China fears that its own computer experts, nationalist hackers and social media could turn against the government.
And it seems as if China has a lot of disgruntled netizens. Are âchickenâs coming home to roostâ?
In June 2010, the State Council Information Office published a white paper on the growing threat of cyber-crime and how to combat it. Clearly, these challenges have been addressed this year. The Ministry of Public Security (MPS) announced on November 30 that it had arrested 460 suspected hackers thought to have been involved in 180 cases so far in 2010. This is part of the MPSâ usual end-of-year announcement of statistics to promote its success. But the MPS announcement also said that cyber-crime had increased 80% this year and seemed to blame the attacks only on hackers inside ChinaâŠ
These new efforts all contradict Chinaâs long-standing policy of cultivating a population of nationalistic computer users. This effort has been useful to Beijing when it sees a need to cause disruption, whether by attacking US sites after perceived affronts like the Chinese Embassy bombing in Belgrade or preventing access by powerful foreign entities like Google.
Domestic hackers turning on the CCP, is such a concern that the Peopleâs Liberation Army (PLA) has two military units dedicated to this issue, the Seventh Bureau of the Military Intelligence Department (MID) and the Third Department of the PLA. The MID is the offensive arm (or terrorist/spy wing, depending on how you wan t to see things). The Third Department is focused on national defense. Still, do not expect China to take serious means to halt cyber attacks imminating from the Mainland, instead, expect China to crackdown on non-government aligned hackers who may pose a threat to the CCP (Chinese Communist Party).
Sino-American mutual suspicions are all the rave these days. Much less discussed in the Western media, but has been on this blog, Chinaâs love/hate relationship with Russia. The next installment of this series will look out how increased trade is not necessarily bringing the two Eurasian giants closer together.
RENAULT says its number two executive will be demoted while three others will be sacked in the wake of an industrial espionage fiasco at the French car-maker’s electric vehicles program.
Patrick Pelata’s offer to resign as chief operating officer was accepted but he will stay within the company, the firm said in a statement, adding that three executives from the group’s security service will leave.
Three other top executives will be relieved of their duties while their fate is decided, it said.
The announcement came after an extraordinary board meeting at Renault to study an audit committee’s report on the scandal that saw three senior executives wrongfully accused of selling industrial secrets.
The meeting also agreed on a deal to compensate the executives falsely accused, Renault said.
The French Government, which owns 15 per cent of Renault, had said yesterday the executives responsible for the embarrassing debacle should be sacked.
Finance Minister Christine Lagarde said the audit report showed the company’s management style was “dysfunctional” and revealed the need for both a “revision of the governance rules and for sanctions”.
Chief executive Carlos Ghosn went on prime-time television last month to apologise “personally and in Renault’s name” for the affair, but said he had turned down an offer by Pelata to resign.
Mr Ghosn said he and Pelata would forgo their 2010 bonuses and Renault would review its security procedures and take disciplinary measures against three implicated security employees.
The French car giant in January sacked Michel Balthazard, Bertrand Rochette, and Matthieu Tenenbaum after accusing them of accepting bribes in return for leaking secrets about Renault’s electric vehicle program.
The Government branded the affair “economic warfare” and some pointed the finger at China, drawing an angry denial from Beijing.
But in March the firm apologised to the managers after it emerged police had found no trace of bank accounts the accused men were alleged to have held and that the source of the spying allegations may have been a fraudster.
Investigators later questioned three Renault security managers and one was placed under formal investigation on suspicion of organised fraud.
Renault and its Japanese partner Nissan have staked their future on electric vehicles and plan to launch several models by 2014 to meet rapidly rising demand for more environmentally friendly methods of transport.
They have invested âŹ4 billion ($5.48 billion) in the program.
Nissan and Renault joined forces in 1999. Renault currently owns a 44.3 per cent stake in its Japanese partner, while Nissan holds 15 per cent of the French auto maker’s shares.
Resurrecting a sleepy small-town newspaper is a tough job. But it’s even tougher when Fox News chairman Roger Ailes uses the News Corp. security detail to spy on you. According to Gawker’s John Cook and Hamilton Nolan, Ailes has been doing just that to his staffers at the Putnam County News and Recorder, one of two small Hudson Valley-area newspapers owned by Ailes and his wife Elizabeth, near where they planned to retire. Cook and Nolan write “more than 10 full-time and freelance staffers have left the Ailes’ Putnam County papers in the last 10 months,” including former News and Recorder staffer Joe Lindsey, a former Weekly Standard editorial assistant brought in personally by Ailes to turn the paper around. After Lindsey quit in January, he was driving to get lunch when he noticed a black Navigator following him. Suspicious, he eventually “got a look at the driver, who was a News Corporation security staffer that Lindsley happened to know socially. Lindsley continued on his way and later called the driver to ask if he was following him. The answer was yes, at Ailes’ direction.”
In addition to the car incident, there were other indications the Aileses were tracking the movements of their staffers. In March, Roger Ailes “confronted the three staffers and accused them of badmouthing him and Elizabeth during their lunch breaks” and multiple staffers told Gawker they had “reason to suspect that their e-mail was being read and that rooms in the News and Recorder offices were bugged.”
As if that wasn’t weird enough, try this on for size: per Cook and Nolan’s piece, the Aileses’ redesigned layout of the “single unisex bathroom in the papers’ headquarters features portraits of Elizabeth and Roger on the walls, watching you, while you poop.”
Please turn on JavaScript. Media requires JavaScript to play.
Security researchers demonstrate the vulnerability of the GSM system. Mark Ward and his BBC colleagues agreed to have their calls monitored
Stroll around a park making or receiving mobile phone calls and it is hard to believe that anyone could be listening in.
Who could possibly eavesdrop on your modern, digitally encrypted handset?
It should take the kind of technology and resources only available to the security services.
Yet two men wearing hoodie tops have managed to crack the system.
Karsten Nohl and Sylvain Munaut don’t look like secret agents, sitting behind their fold-out table next to a pile of old Motorola phones.
But these two security researchers have discovered a cheap, relatively simple way of intercepting mobile calls.
“We have been looking at GSM technology for a while and we find it to be pretty much outdated in every aspect of security and privacy,” said Mr Nohl.
The Global System for Mobile Communications (GSM) is the dominant cellular phone technology, used in billions of handsets around the world.
Large parts of it were developed in the 1980s and it is now vulnerable to 21st century hackers
Future attack
Mobile calls normally remain private thanks to digital encryption and because base stations rapidly change the way they identify a particular handset.
Karsten and Sylvain managed to reverse engineer the mathematical algorithm behind the encryption process, and use it decode voice calls.
Old mobile technology is proving vulnerable to powerful computers and cheap storage
The tools of their trade are a laptop and a particular model of Motorola phone whose base operating system, or “firmware” had previously been pulled apart and its details posted online.
Programmers used that information to create their own customised software, capable of displaying hidden technical information on mobile phone base stations.
The pair set up a demonstration for the BBC, in which they showed how to locate a handset, track its movements from a distance of more than 500m and steal copies of all the calls made on it.
Karsten and Sylvain say they do not plan to release their eavesdropping tools, but warned that it was only a matter of time before someone else re-created them.
That could lead to vandals, criminals and snoopers going on “war drives” – travelling around scooping up interesting conversations.
Such a situation is reminiscent of the early days of analogue mobile phones, when anyone with a radio scanner could listen in on calls.
“It’s a real concern,” said Oliver Crofton, director of Vigilante Bespoke which provides security services to high value individuals including sports stars, celebrities and chief executives.
“It will not take long for someone else to invest time and effort in this,” he said.
Vigilante Bespoke’s own experiences showed that there was already an interest in getting at the phones of the famous and powerful.
About 25% of the handsets analysed by the company are found to contain software or hardware modifications capable of reporting a phone’s location, texts and contacts, said Mr Crofton.
“We’re not talking about teenagers in a bedroom,” he said. “It’s organised crime, malicious journalists and blackmailers.”
Find and fix
The GSM Association (GSMA) said that the weaknesses found by Karsten and Sylvain related to older technologies. However, it conceded that those were still used in networks around the world.
Continue reading the main story
âStart Quote
It will not take long for someone else to invest time and effort in this.â
End Quote Oliver Crofton Vigilante Bespoke
Charles Brookson, chair of the GSMA’s security group for the past two decades, explained that when the first and second generation mobile standards were created, no-one expected them to be in use 20 years later.
“We knew that as the technology aged there was going to be more loopholes in it,” he said.
Those pioneering designers, of which he was one, also had to respect strict controls on the type and strength of encryption they could use.
“It was as strong as we could make it,” said Mr Brookson.
The GSMA was advising its 750 operator members to improve security on networks as they were upgraded, he explained.
It had also added functions that let people spot if they are connecting to a fake base station.
Despite the remaining weaknesses, Mr Brookson said he doubted that others could easily copy Karsten and Sylvain’s hack.
“Yes, the attacks are feasible but they are not exactly the sort of thing that the average person will be doing,” he said.
His view is shared by telecoms analyst Nigel Stanley who has been carrying out his own tests on mobile security.
The handsets of celebrities and sports stars are already being targeted by phone hackers
“It is relatively easy to set this up in a laboratory environment where you have controlled access to the technology,” he said.
“The issue might be if people are out and about driving in the street maybe hoping to intercept people in a real-time live environment,” he added. “I think it might be just a bit more difficult.”
He pointed out that the growing focus on mobile security by researchers and criminals was leading mobile providers to take action.
“Operators have reputational risks and they do not want to be associated with running an insecure network,” he said.
Those worried about mobile security can, if they have the right phone, force it to only use third-generation networks that use much stronger encryption.
Mobile owners can also opt for add-on software that encrypts calls to prevent eavesdropping.
Such applications are widely available for smartphones and include Redphone and Kryptos.
“The work that’s been undertaken out there in the community looking at security algorithms and technologies is actually very good,” said Mr Stanley.
“It does inform the network operators and the associations and helps them put in place a more secure infrastructure.”
EVERY word uttered in a cab could soon be recorded. Source: The Courier-Mail
EVERY word uttered in a cab could soon be recorded and stored under proposed State Government changes to the operation of taxi security cameras.
Simply opening the door or starting the meter would activate the recording of trips in an industry that claims to transport 90 million passengers in Queensland each year.
The move has alarmed civil libertarians, the state Opposition and even concerned some members of the taxi industry.
Queensland’s Privacy Commissioner Linda Matthews, who was not consulted about the proposal detailed in a Transport and Main Roads’ discussion paper, said there would be no such thing as “an anonymous taxi ride” once audio recordings were introduced.
“The public would want to be reassured the record is used for genuine law enforcement purpose and the protections that are in place should be sufficient. I guess time will tell,” she said.
When security cameras were first introduced to Queensland cabs in 2006, the recording of audio was not permitted under law for privacy reasons.
But the discussion paper states that “enabling of audio is not considered to increase any risk of breaches of privacy”.
Under the proposal, stickers in taxis would inform passengers that “security cameras and microphones are fitted, you will be photographed, conversations will be recorded”.
Once downloaded by a taxi company, the audio would be able to be held for a maximum 35 days before it had to be deleted or destroyed.
Michael Cope from the Queensland Council of Civil Liberties said the new proposal was “extraordinary and unnecessary”.
“I haven’t seen anything that justifies adding audio to the footage recorded in cabs,” Mr Cope said.
“It wasn’t considered necessary when security cameras were first introduced. You’d really need some strong evidence that it would make a difference to cabbies’ safety to justify it.”
QCCL vice-president Terry O’Gorman said audio was “a totally unjustified intrusion into people’s taxi conversations”.
“We would say that if it goes ahead, downloads should only be done on the order of a magistrate where there’s reasonable cause to think it would assist in investigating a crime,” Mr O’Gorman said.
Lee Sims, from the Cab Drivers’ Association of Queensland, who recently launched a “word of mouth campaign” against the Bligh Government, said there were already too many regulations on downloading material from security cameras.
“As far as I’m concerned we’ve gone too far with privacy and we should not have to jump through so many hoops to get access to material from the security cameras,” Mr Sims said. “A lot more fare evaders would be caught if it was easier to access downloads.”
Queensland Taxi Advisers Incorporated also raised concerns about safeguards, but spokesman John Rahilly said they supported the introduction of audio recordings.
“Greater transparency and certainty will be provided in investigations where there are conflicting statements from drivers and passengers,” Mr Rahilly said. “(But) the security and integrity of the process, especially in the area of downloading, is of paramount importance in protecting the privacy issues of all parties.”
Opposition transport spokesman Scott Emerson questioned why the discussion paper was not advertised by the State Government, with only taxi industry members aware of the document.
Submissions closed last Saturday.
Mr Emerson said it was vital the public had an opportunity to comment on an issue that had the potential to impact everyone who got into a cab.
“This would be a very significant change and it is important that the public is well and truly aware that this is being considered,” Mr Emerson said.
Top five topics raised in cabs (provided by Lee Sims, Cab Drivers Association of Queensland)
1. Personal issues, particularly relationships
2. Weather
3. Sport
4. Politics and current affairs
5. Happenings and events around the city
Mr Sims said despite the commonly held belief cabbies were barometers of social opinion, that was not really the case.
“Conversations in cabs vary greatly. Drivers are told not to initiate conversations but some do of course,” Mr Sims said.
“We do hear some very personal information, kind of like hairdressers I guess. People seem to see cabs as confessional boxes.”
Although Beijing is notorious for draconian internet censorship, having invested inordinate resources in a 30-50,000 man-strong internet shield, known as the Golden Shield (éçŸć·„çš: jÄ«ndĂčn gĆngchĂ©ng), the new focus is on offensive international attacks and data gathering raids. In the case of Facebook, analyst are concerned that China is spying on foreign users in order to lift session ID information, personal information, e-mails, photos, chat conversations, all in order to lift propitiatory information, as well as monitor human rights activism.
