Concerns for Chinese firms and the cyberespionage

We often discuss about warfare and cyberespionage, focusing on the usage of technology to steal intellectual property of foreign states. Of course the countries that have valuable technology skills are most exposed to targeted attacks that daily try to steal information regarding hi tech projects. Japan, US and European Countries are preferred target of many nations, China first, but also Russia, Iran and North Korea.

Which are information they were looking for?

Patents, confidential information related to policies of private companies, government information, all these date are principal targets of hackers sponsored by foreign governments.

Which are the main methods of cyberespionage?

The methods of cyber espionage are innumerable, the use of malware and hacking for infiltrating enemy networks are undoubtedly the most successful techniques. But don’t forget that we live in the era of globalization, US and Chinese companies operate everywhere in the world, however American law enforcement officials declared that giving in outsourcing critical services, such as telecom, could allow theft of intellectual property and cyberespionage. According to the FCC, 43.5% of the company is indirectly owned by foreign interests.

Of course the threat is not related to every foreign company but it’s specific for those businesses that are government-owned like some Chinese mobile phone giants. The specific case is related to the world’s largest mobile provider China Mobile applied in October for a license from the Federal Communications Commission to provide service between China and the United States and to build facilities on American soil. Of course the concerns of the intelligence services are high, providing similar projects foreign companies have access to communication infrastructures and network traffic making possible spying operations and the exposure of intellectual propriety and national secrets. The risks is concrete, in many occasion has been discussed about the continuous attacks of Chinese stated sponsor hackers against American networks. Officials from the FBI, the Department of Homeland Security and the Justice Department’s national security division compose a special collective named “Team Telecom,” in charge of review FCC applications by foreign-owned companies. The problem is really critic, on one side we have valuable business opportunity, on the other hand there is the security of the nation, for this reasons the group have to define a proper agreement to preserve both needs. In discussion is the routing of traffic from US Carriers (e.g. Verizon Communications Inc. or AT&T Inc) on networks the management of which is licensed by China Mobile. The firm declined to address allegations about Chinese spying and is actually collaborating with US Government for the definition of a satisfactory agreement. In the past Chinese companies China Telecom and China Unicom have been already engaged to carry telecommunications services, but they were other times when no cyber strategy took into account the threat of cyberespionage. Similar agreements have required in the past to the manufacturer the classification and census of all equipment used as communication vector such as undersea cables used to carry traffic to and from the United States. Meanwhile in US is discussing the allocation of services to foreign companies the Reuters agency has confirmed that the ZTE Corp, the world’s No.4 handset vendor, reported that one of its mobile phone models sold in the US contains a vulnerability that could allow a remote control of the handset. The backdoor affects ZTE’s Score model based on Android operating system, it’s the first case reported on the platform and many expert are convinced that the event is not casual. Not to mention the rivers of charges read out against another Chinese company with state participation, the Huweai.

Personally I feel very justified concerns of U.S. security experts, the risk of espionage is real must be managed with the utmost care to avoid catastrophic consequences.

Pierluigi Paganini

 

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

5 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

12 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

23 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.