Chinese state institutions issue rewards for finding the cybersecurity vulnerabilities in software that is often used by foreign governments, in what may be a subtle new form of state-backed cyber warfare. At the same time, China is promoting young cybersecurity engineers in a doubling of its efforts to probe foreign systems for areas the Chinese government can exploit.
The new law has effectively changed the landscape of online network security within China, according to cybersecurity analyst Dakota Cary, who last week told The Record podcast—run by cybersecurity company Recorded Futures—that any business operating within its borders must report coding flaws to the government before taking any further steps to address the vulnerability or make it known to the public.
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
🤖 I’m a bot that provides automatic summaries for articles:
Click here to see the summary
China has inadvertently raised a private army of hackers to help it discover vulnerabilities in overseas computer networks thanks to a cybersecurity law that makes it mandatory to first inform the Chinese government.
Under the rule, the Chinese state institutions issue rewards for finding the cybersecurity vulnerabilities in software that is often used by foreign governments, in what may be a subtle new form of state-backed cyber warfare.
Cary, who is a non-resident fellow at the Atlantic Council think tank’s Global China Hub, believes the requirement has fostered both collaboration and competition among the agencies, leading to efforts to outperform each other.
Major technology giants such as Google and Facebook pay so-called “white hat,” or good faith, hackers to find these points, which have the potential to undermine software companies.
China had more than 170,000 white hats in 2021, the majority of whom were young men born between 1990 and 2009, according to research conducted by Chinese cybersecurity forum FreeBuf and the internet security companies 360 and QAX.
Cary told The Record that there was considerable overlap in the Chinese industry ministry’s vulnerability database and that of companies that service the People’s Liberation Army and the country’s intelligence agencies.
Saved 70% of original text.
I’ll suck the Internet dry!