from randomname@scribe.disroot.org to cybersecurity@sh.itjust.works on 04 May 12:19
https://scribe.disroot.org/post/2653688
cross-posted from: scribe.disroot.org/post/2653687
Hackathons are common, but Chinese hacking competitions are different.
…
In 2017, Zhou Hongyi, the founder of Chinese cybersecurity giant Qihoo 360, publicly criticised the practice of sharing vulnerability discoveries internationally, arguing that such strategic assets should stay within China. His sentiments, supported by the Chinese government, gave birth to the national hacking competition called the Tianfu Cup. The contest is focused on discovering vulnerabilities in global tech products like Apple iOS, Google’s Android, and Microsoft systems.
How is Tianfu Cup different?
A 2018 rule mandates participants of the Tianfu Cup to hand over their findings to the government, instead of the tech companies.
Dakota Cary, a China-focused consultant at the US cybersecurity company SentinelOne, said, “In practice, this meant vulnerabilities were passed to the state for use in operations.”
This approach effectively turned hacking competitions into a government pipeline for acquiring zero-day vulnerabilities — software flaws unknown to vendors and extremely valuable for cyber-espionage.
…
In recent years, China’s hacking competitions have increasingly shifted focus toward breaching domestic products, including Chinese-made electric vehicles, phones, and security software.
…
threaded - newest
I mean, the NSA doesn’t need to do the same because they’re wiretapping the entire fucking country (see : room 641A, Edward Snowden…) so they already get every American hackaton’s results
Not that I think wiretapping is a good thing (it’s very bad, no matter who does it), but why is it that whenever one posts something critical of China here on Lemmy, there is some commentary arguing that the US is doing the same? I don’t understand that. US wiretapping doesn’t make this Chinese policy better.
[Edit to correct a typo.]
It doesn’t. But it irks me that when the USA does the same shit, if not worse, and just as blatantly, no one cares. But when it’s China it’s instantly nefarious and dangerous, when in reality it’s a world superpower doing exactly what the “good ones” are also doing in this case.
And I’m not pretending that China is less autocratic than our western democracies. But our state surveillance has nothing to envy to theirs.
This is outright false. Just the most recent post in this community is about the NSA spying on air-gapped networks. And there is an awful lot more news on Lemmy criticizing the US, EU, or other Western democracies. (However, there’s no whataboutism in these cases. Why?)
Don't let the right hand know what the left hand is doing is great for tricks.
Because criticizing china on that stuff is like beating a dead horse. Of course the autocratic country is gonna spy on their citizens and other countries, and engage in state sponsored hacking (and, mind you, I think it’s ok for a State to use hacking defensively). But our leaders are criticizing them for that and foaming at the mouth to do the same shit domestically, which makes us look hypocritical as fuck and opens us up to stupid headlines like “Putin blasts France for police violence during recent protests” (which is very tangentially related but a very common one over here)
I guess I got jumpy because I recently watched a video about this that ended with the usual “the state pulled out an obscure old law and shut down the lawsuit and possibly proceeded to secretly fuck with the whistleblower for a while”.
What is defcon?
It's a con. A def one.
Yearly cyber security convention in USA
Honestly, every rich country.
Which countries do have something similar to a ‘Tianfu Cup?’
And handing it to techbros for profit first is different how?
As I asked already in this thread: Why is it that whenever one posts something critical of China here on Lemmy, there is some commentary arguing that the US is doing the same? I don’t understand that.
That’s whataboutery back and forth.
Because if we're focused on other governments' misdeeds, we ignore our own, and our own is the more immediate treat, afaict
Eta unless that's the point
That’s an absurdly bad take to justify whataboutism.
You can and will obviously do what you like. My take is, neglecting our own business to focus too much on others' is precisely what got us here. The Red Scare is old tricks and we still refuse to learn from our own mistakes.
For some it’s an ambition, but not a priority. Germany simply doesn’t pay skilled people enough to serve as cyber soldier.
How does mandatory armed or civil service fit into this model?
It could help. Mandatory service typically gets you young people straight from school. That means you need to train them. To be good at cybersecurity and cyber warfare takes years though. Not something you can teach over the course of a year of service.
If they get them straight from Gymnasium, there's still time to pound the whole "love of country/fellow countrymen,” too. I don't know because current generations are leaning alarmingly right.
Germany is still far below the patriotism of France or Poland. Some adjustment towards their levels of patriotism is about time.
Patriot is a fancy way of saying nationalist, nowadays. But there's no reason not to have a love of country/fellow citizens. Or global citizens. And that doesn't preclude defense.
For some it’s an ambition, but not a priority. Germany simply doesn’t pay skilled people enough to serve as cyber soldier.
'China has almost doubled their aggression in cyber’, experts say
Building? It has been around for years