The Linkielist

Linking ideas with the world

The Linkielist

Daily Archives: July 8, 2022

FBI and MI5 bosses speak out together: China hacks and steals at massive scale

Posted on by

The directors of the UK Military Intelligence, Section 5 (MI5) and the US Federal Bureau of Investigation on Wednesday shared a public platform for the first time and warned of China’s increased espionage activity on UK and US intellectual property.

Speaking to an audience of business and academic leaders, MI5 director general Ken McCallum and FBI director Chris Wray argued that Beijing’s Made in China 2025 program and other self-sufficiency tech goals can’t be achieved without a boost from illicit activities.

“This means standing on your shoulders to get ahead of you. It means that if you are involved in cutting-edge tech, AI, advanced research or product development, the chances are your know-how is of material interest to the Chinese Communist Party,” said McCallum.

“And if you have, or are trying for, a presence in the Chinese market, you’ll be subject to more attention than you might think,” he added.

The Chinese Government sees cyber as the pathway to cheat and steal on a massive scale

McCallum described China’s efforts to acquire Western expertise, technology, research as a planned and professional “coordinated campaign on a grand scale” that has been strategically executed across decades.

China’s efforts have stepped up significantly, McCallum said, with MI5 running seven times as many investigations against Chinese activity today than in 2018.

“The most game-changing challenge we face comes from the Chinese Communist Party. It’s covertly applying pressure across the globe,” said McCallum. Threats MI5 is working to counter include covert theft of trade secrets, patient cultivation of contacts, and establishing a “debt of obligation.” Advanced persistent threats are deployed when needed, too.

The MI5 director also warned that China was working to change attitudes to suit the Chinese Communist Party’s interests and support it dominating the international order – and playing the long game to normalize mass theft as “the cost of doing business these days.”

Wray added that in the US, China’s efforts spare none and are visible in both big cities and small towns, Fortune 500s and startups, and across everything from aviation, to AI, to pharma.

The FBI director then referred to China’s hacking program as “lavishly resourced” and “bigger than that of every other major country combined.”

“The Chinese Government sees cyber as the pathway to cheat and steal on a massive scale,” said Wray.

Wray said the efforts were not just big, they were effective, offering the following insight on cyber attacks:

Over the last few years, we’ve seen Chinese state-sponsored hackers relentlessly looking for ways to compromise unpatched network devices and infrastructure.

And Chinese hackers are consistently evolving and adapting their tactics to bypass defenses. They even monitor network defender accounts and then modify their campaign as needed to remain undetected.

They merge their customized hacking toolset with publicly available tools native to the network environment—to obscure their activity by blending into the ‘noise’ and normal activity of a network.

However, he warned, it’s not just through hacking that the Chinese state-backed threats act, but “by making investments and creating partnerships that position their proxies to steal valuable technology.”

Wray described all Chinese companies as beholden to the Chinese Communist Party (CCP) in some form, with the government disguising its intent to obtain influence.

Efforts include creating elaborate shell games to outsmart government investment-screening programs, passing statutes like the 2015 critical infrastructure law that requires companies to store data domestically and convenient for government access. He cited a 2020 law that required malware-laden Chinese software be used by foreign companies filing taxes – forcing the companies into installing their own backdoors – as another example of the CCP at work.

On the same day as the two spook bosses issued their warnings, the US National Counterintelligence and Security Center issued a bulletin [PDF] offering more detail of China’s efforts by detailing tactics used by Beijing to infiltrate US business and government for the purpose of exerting influence.

Know your foe

The FBI, NCSC, and MI5 all warned against confusing the Chinese diaspora with the CCP and Beijing.

“If my remarks today elicit accusations of Sinophobia, from an authoritarian CCP, I trust you’ll see the irony,” said Wray.

Liu Pengyu, spokesperson for China’s embassy in Washington, responded on Wednesday denying interference, accusing the US of cyberattacks itself and characterizing criticism as “US politicians who have been tarnishing China’s image and painting China as a threat with false accusations.”

China’s foreign minister Wang Yi and US secretary of state Antony Blinken are scheduled to meet at the G20 Foreign Ministers’ meeting this week. The agenda, according to Chinese state-sponsored media is “to exchange views on current China-US relations and major international and regional issues.”

Source: FBI and MI5 bosses: China cheats and steals at massive scale • The Register

EU will require all new cars to include anti-speeding tech ISA by 2024

Posted on by

Every new car sold in the European Union will soon include anti-speeding technology known as intelligent speed assistance, or ISA. The EU regulation (part of the broader General Vehicle Safety Regulation) goes into effect today, and states that all new models and types of cars introduced to the European market must include an ISA system. The policy doesn’t apply to any new cars that are in showrooms today — at least, not yet. By July 2024, every new car sold in the EU must have a built-in anti-speeding system.

“The roll out of ISA is a huge step forward for road safety and has the potential to dramatically reduce road traffic injuries and fatalities. Car manufacturers now have the opportunity to maximise the potential ISA presents for creating safer roads for all,” said the European Commission in a press release.

For those unfamiliar with ISA, the term describes a whole raft of systems that can detect road speed limits via front-mounted cameras, GPS data or both. Depending on the specific ISA and how it’s configured by the driver, the technology can provide reminder feedback about the speed limit, automatically adjust cruise control to match the road’s speed or even reduce power to the motor to slow speeding vehicles.

Many drivers in Europe are already using ISA-equipped vehicles, and major automakers such as Honda, Ford, Jeep and Mercedes-Benz sell certain models with these systems in the European market. According to a projection by the EU-funded PROSPER, a scenario such as this one, where ISA becomes mandated, could result in between 26 and 50 percent fewer fatalities.

As Autocar notes, ISA technology still isn’t perfect. During one test, the ISA system was occasionally “slow to respond” and at one point set the speed limit at 60 mph while driving through a quiet English village.

Source: EU will require all new cars to include anti-speeding tech by 2024 | Engadget

So… can you disable ISA easily then? At least it looks like the tech is contained in the car, hopefully not feeding your driving data and location to 3rd parties where it can be sold on and get lost.

Marriott Hotels confirms yet another data breach

Posted on by

Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data, including guests’ credit card information.

The incident, first reported by Databreaches.net, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel in Maryland into giving them access to their computer.

[…]

Marriott said the hotel chain identified, and was investigating, the incident before the threat actor contacted the company in an extortion attempt, which Marriott said it did not pay.

The group claiming responsibility for the attack say the stolen data includes guests’ credit card information and confidential information about both guests and employees. Samples of the data provided to Databreaches.net purport to show reservation logs for airline crew members from January 2022 and names and other details of guests, as well as credit card information used to make bookings.

However, Marriott told TechCrunch that its investigation determined that the data accessed “primarily contained non-sensitive internal business files regarding the operation of the property.”

The company said that it is preparing to notify 300-400 individuals regarding the incident, and has already notified relevant law enforcement agencies.

This isn’t the first time Marriott has suffered a significant data breach. Hackers breached the hotel chain in 2014 to access almost 340 million guest records worldwide — an incident that went undetected until September 2018 and led to a £14.4 million ($24 million) fine from the U.K.’s Information Commissioner’s Office. In January 2020, Marriott was hacked again in a separate incident that affected around 5.2 million guests.

[…]

Source: Hotel giant Marriott confirms yet another data breach | TechCrunch

Amazon offers to share data, boost rivals to dodge EU antitrust fines

Posted on by

Amazon (AMZN.O) has offered to share marketplace data with sellers and boost the visibility of rival products on its platform, trying to persuade EU antitrust regulators to close their investigations without a fine by the end of the year, people familiar with the matter said.

The world’s largest online retailer is hoping its concessions will stave off a potential European Union fine that could be as much as 10% of its global turnover, Reuters reported last year. read more

The European Commission in 2020 charged Amazon with using its size, power and data to push its own products and gain an unfair advantage over rival merchants that sell on its online platform.

It also launched an investigation into Amazon’s possible preferential treatment of its own retail offers and those of marketplace sellers that use its logistics and delivery services.

Amazon’s process for choosing which retailer appears in the “buy box” on its website and which generates the bulk of its sales also came under the spotlight.

Amazon has now proposed to allow sellers access to some marketplace data while its commercial arm will not be able to use seller data collected by its retail unit, the people said.

The company will also create a second buy box for rival products in the event an Amazon product appears in the first buy box, the people said.

[…]

Source: Amazon offers to share data, boost rivals to dodge EU antitrust fines | Reuters

No way that this is enough. A marketplace owner has no business offering products on their own marketplace at all. That’s always going to be unfair competition. It also fails to address many of the other monopoly problems, like forcing sellers to exclusively use Amazon or downgrading their search results, forcing sellers to use the Amazon delivery options as well as forcing other delivery parties out of business by delivering under cost price.

China’s cyberspace regulator details data export rules

Posted on by

[…]

The Cyberspace Administration of China’s (CAC) policy was first floated in October 2021 and requires businesses that transfer data offshore to conduct a security review. The requirements kick in when an organization transfers data describing more than 100,000 individuals, or information about critical infrastructure – including that related to communications, finance and transportation. Sensitive data such as fingerprints also trigger the requirement, at a threshold of 10,000 sets of prints.

A Thursday announcement added a detail to the policy: the cutoff date after which the CAC will start counting towards the 100,000 and 10,000 thresholds. Oddly, that date is January 1 … of 2021.

A state official explained in Chinese state-owned media on Thursday that the efforts were necessary due to the digital economy expanding cross-border data activities, and that differences in international legal systems have increased data export security risks, thereby affecting national security and social interest.

The official detailed that the security review should occur prior to signing a contract that includes exporting data overseas. Any approved data export will be valid for two years, at which point the entity must apply again.

[…]

Source: China’s cyberspace regulator details data export rules • The Register

Turkey’s Newfound Cache of Rare Earths Could Supply the World’s EVs and More

Posted on by

Turkey announced last week it discovered a massive rare earth reserve almost as big as the world’s largest in China. The find is reportedly so large that it could on its own satisfy global demand for decades.

According to the Turkish Ministry of Energy and Natural Resources, the country found a supply of 694 million metric tons (765 million short tons) of rare earth minerals in Beylikova, Eskişehir. That reportedly makes Turkey’s rare earths reserve the world’s second-largest behind China, which has 800 million tons according to AA Energy. Deposits reportedly include 10 of the 17 rare earth elements and are close to the surface, which would simplify extraction.

Fatih Dönmez, the country’s Minister for Energy and Natural Resources said the construction of processing infrastructure will begin later this year after R&D concludes. When the mining and refinement industries are up and running, Turkey anticipates it’ll have the capability to process 570,000 metric tons of rare earths annually. That’s nearly double the 315,000 metric tons that The Conversation reports will be demanded globally in 2030.

[…]

Source: Turkey’s Newfound Cache of Rare Earths Could Supply the World’s EVs and More