When China Hoards Its Hackers Everyone Loses (engadget.com) 89
An anonymous reader shares a report: For over a decade Pwn2Own -- happening this week -- has brought together security talent from across the globe in a friendly hacking competition that is a cornerstone of research and advancement on par with Black Hat and Def Con. China's hackers routinely win, sweeping the board -- notably, the Tencent and Keen teams. Pwn2Own is good-natured, and all in the name of researchers finding big bugs, nabbing great bounties and drawing attention to security holes and zero-days that need to be fixed. But this year, according to Pwn2Own manager Brian Gorenc, China is no longer allowing its researchers to compete. Prior to the start of Pwn2Own this week, Gorenc told press "There have been regulatory changes in some countries that no longer allow participation in global exploit contests, such as Pwn2Own and Capture the Flag competitions."
One thing's for certain: yearly champions Tencent's Keen Labs and Qihoo 360's 360Vulcan team are nowhere to be found and Trend Micro, the conference organizer, has confirmed to Engadget that there are no Chinese competitors in this year's competition. [...] It's a worrying development in the direction of isolationism and away from the benefits of competition in the spirit of improving security for all. It comes at a time when relations between the US and China strain under the weight of Huawei security concerns, which are not at all new, but are certainly coming to a head as American companies sever business ties with the firm.
One thing's for certain: yearly champions Tencent's Keen Labs and Qihoo 360's 360Vulcan team are nowhere to be found and Trend Micro, the conference organizer, has confirmed to Engadget that there are no Chinese competitors in this year's competition. [...] It's a worrying development in the direction of isolationism and away from the benefits of competition in the spirit of improving security for all. It comes at a time when relations between the US and China strain under the weight of Huawei security concerns, which are not at all new, but are certainly coming to a head as American companies sever business ties with the firm.
Re:When Will Peeps Learn? (Score:5, Insightful)
Yep, it was Trump that just abolished term limits. Oh Wait...
Re: (Score:2)
Nope, but he definitely likes the idea! [abc.net.au]
Hmm.
Grow up America.. (Score:5, Insightful)
Everyone loses, really?
I wonder what people would think if Americas best and brightest security researchers/hackers were going to China to be involved in paid bug-hunts.
I am suspecting the reaction would border on claiming treason, there would certainly be calls for them to be cut out of any real security work, and their personal lives would probably be destroyed also...
but no, apparently EVERYONE loses if China doesnt send their best and brightest over to help out American corps..
Grow up.
Re: (Score:1)
Everyone loses, really?
I am suspecting the reaction would border on claiming treason,
Only if they're employed by the military. Lots of security researchers are just university types, writing their papers. They can go anywhere their budgets allow.
Re: (Score:2)
But in China, every citizen is property and asset of the state. Every person a government employee or resource. That's why not toeing the line in China gets you tossed in the gulag or worse - everyone is a slave who must be obedient to the CCP masters.
Re: (Score:3)
I don't know about this. DefCon is gearing up for a Chinese event, and I don't see any problem with British hackers going. Or German, or American, or whoever.
Re: (Score:2)
Everyone loses, really?
I wonder what people would think if Americas best and brightest security researchers/hackers were going to China to be involved in paid bug-hunts.
I am suspecting the reaction would border on claiming treason, there would certainly be calls for them to be cut out of any real security work, and their personal lives would probably be destroyed also...
but no, apparently EVERYONE loses if China doesnt send their best and brightest over to help out American corps..
Grow up.
China is a hacking country. Why should they participate. If they present the flaws they found, it will be one strike or or more against China.
China is now a dictatorship with a President for life. He needs to keep knowledge internal to China
Good move tactically (Score:2, Insightful)
Why would you want to reveal your capabilities to your enemy? They have confirmed now they have the best in the world. They don't need to prove anything any more. Now they can build their army behind the curtain. And they will. Better hope your firewalls are up to the challenge. And you might want to start teaching Chinese in elementary school (says Wernher von Braun).
Re: Good move tactically (Score:2)
Re: (Score:2)
They haven't actually proven that, because CIA certainly doesn't let its crew participate, nor does GRU.
Chinese were basically that up and coming country that didn't yet control it's top talent, and allowed it to become targets for foreign agencies through competitions like this. Now they passed that development stage and keep their top NatSec talent out of sight, just like everyone else is.
Trump starts a trade war... (Score:1, Flamebait)
.... China gears up for a cyber war.
These are the wages of empowering stupidity.
Re: (Score:2, Flamebait)
I don't like Trump either, but I doubt his trade war stupidity is the issue. More likely, China wants to keep any Chinese-discovered exploits in-house to aid in it's Orwellian pursuit of 100% monitoring and control over its citizens (and, probably, others beyond its borders).
Re: (Score:3)
The USA wants to keep any US-discovered exploits in-house to aid in it's Orwellian pursuit of 100% monitoring and control over its citizens (and, probably, others beyond its borders).
Re: (Score:1)
FIFY
The USA wants to keep any US-discovered exploits in-house to aid in it's Orwellian pursuit of 100% monitoring and control over its citizens (and, probably, others beyond its borders).
The United States are not the ones banning their citizens from competition, dumbass.
Re: (Score:2)
Orwellian pursuit of 100% monitoring and control over its citizens (and, probably, others beyond its borders).
Much like the NSA does. The WannaCry [wikipedia.org] attacks were enabled by NSA-developed weapons which the NSA lost control of [wikipedia.org]. The NSA knew about these exploits for years, weaponized them, and never told Microsoft because they wanted their weapon to be viable for as long as possible.
There are no cleanskins here.
Re: (Score:2)
Cleanskin brings to mind why China does not want it best hackers exposed, they mind end up working in a awkwardly secure location, that the government of China of even a Chinese corporation might desire to be temporarily less secure. Instead of making things more secure the fuckwits at the CIA and NSA decided that playing Sir Hacksalot would be more sensible. We have yet to see the full ramifications for that stupidity in a growing corporate conflict, hack and expose you opposition and your market share wil
Re: Trump starts a trade war... (Score:2)
Re: (Score:2)
America can't stand getting beaten at their game (Score:1, Interesting)
that's all I read when I see these complaints and accusations. For decades their NSA and CIA engaged in cyber espionage and sabotage, literally acts of war, and now that they get beat in their own game, they are crying about it.
You should've chosen a more peaceful and diplomatic way. Now you have to suck it up instead.
Many ways to lose (Score:3)
A. a market of 340 million Americans
B. a market of 1.4 billion Chinese, or
C. a market of 7 billion humans?
free market ? (Score:2, Insightful)
Also not sure there is such a thing as a market of 7 billlion humans except if you're selling... air/w
Re: (Score:3)
if you pollute and dump whatever into the atmosphere should you be able to compete with someone who spends more on cleaning after themselves ?
On a per capita basis, America emits more than twice as much CO2 as China.
Re: (Score:1)
China doesn't have a free market. Its government directly owns huge swathes of the economy, well over 50% in some sectors. It passed laws deliberately designed to benefit itself and harm other countries. That's not free trade. China manipulates its currency to give itself an unfair advantage. They have done wrong for quite a long time now and need to be shown the error of their ways.
Re: Many ways to lose (Score:2)
Re: (Score:2)
Turns out it's usually A; few American companies have managed that holy grail of getting one dollar each from a billion Chinese.
Nearly all of it is a product of misplaced trust (Score:2)
A lot of this is the result of not turning off features that people don't use.
Every program and protocol is stuffed with bells and whistles that no one uses.
Unused features are frequently not disabled which means they're just sitting there in some default state waiting for someone to come in and blow gently in its ear to pervert that feature to take control over whatever.
We need to get better about disabling features we don't use.
First step on that road is getting a really good list of all the features that
Re: (Score:2)
Think of it like welding doors shut that you don't intend to ever open again.
Lock picks won't get through that. The lock in question might even just be slagged.
Re: (Score:2)
Re: (Score:2)
if you have a link to him talking about that, it would be appreciated...
Re: (Score:2)
the idea is to make things either impossible or so absurdly difficult that it won't happen.
You underestimate how much time and determination some people have. It only takes one.
Re: (Score:2)
My standard of almost impossible is rather extreme. When I say "almost impossible"... I tend to mean some james bond shit would have to happen.
And really nothing is going to stop that. The guy will tell everyone his name, kill/have sex with all your guards, and break into whatever using rocket packs and lasers...
As I said before, I'm a big fan of security through literally disabling or breaking features in programs that aren't used or can't be secured.
James Bond will get physical access to whatever we've st
Re: (Score:1)
Whut
If the media would bother to post the numbers, you might note there is a serious imbalance in trade between the US and China which favors China pretty heavily. The " trade war " as the media is calling it, is simply the inevitable outcome of the fact that China doesn't do anything by asking them nicely. They're looking out for China, period and fuck everyone else in the process. The past administrations have all played ball with China by their rules and it's done nothing but screw us over in the proc
Re: China is preparing for war! (Score:2)
I did not say China would start it. (Score:1)
Re: I did not say China would start it. (Score:2)
My guess is that (Score:5, Insightful)
they don't get anything out of it that they don't already know and don't want to show everybody else how far out they are.
Re: (Score:2)
Its the broadband network support used by US officers, contractors in the city next to the USA base, fort, camp, port.
China becomes part of their daily networking in that once secure part of the USA. Consumer crypto supported and trusted by the browser and consumer OS.
That a communist nation would stay with huge numbers of generational trusted human spies all over the USA for the FBI and CIA to find.
The NSA always thought China would be a contained digitally by distanc
Re: My guess is that (Score:2)
Re: (Score:2)
In theory they demonstrated that they have the best cyber security people in the world, and therefore their systems and products should also be the most secure.
Maybe the decided it wasn't worth the bother any more because no matter how good they are it can't overcome all the innuendo about Chinese state back doors, and US efforts to block their products on national security grounds.
China is going to a vary dark and dangerous place (Score:3)
This is part of Emperor Xi's crack down on foreign interactions generally. If you want to control a country and its IT in particular, then the last thing you want is your hackers interacting with foreigners.
For get Putin and Russia. China will give us more grief. And Putin will go after one more term, whereas Xi is no in for life, and by all accounts his health is good.
I would hate to be living in China now, even if the economy is booming. For the time being at least.
This is part of a bigger movement (Score:1)