作者:高中作文网 来源:网络 时间:2018-03-30 阅读: 字体: 手机浏览

China’s spy agency has ordered local hackers to abstain from global hacking contests and instead report any vulnerabilities to the security ministry or the affected company, according to cyber security experts, as Beijing seeks to tighten its control over technology and information.


The guidance from the Ministry of State Security, which comes as China is taking an increasingly isolationist approach to technology, was aimed at boosting its stash of intelligence, experts said.


“Clearly this is about local control,” said Christopher Ahlberg, co-founder and chief executive of US-based cyber intelligence firm Recorded Future. “Vulnerabilities could be problems in software but are also an opportunity to get backdoors into them.”

“显然这与本地控制有关。”美国网络情报公司Recorded Future联合创始人、首席执行官克里斯托弗?阿尔伯格(Christopher Ahlberg)说,“漏洞可能是软件中的问题,但它们也是在软件身上安后门的机会。”

The move is the latest bid by China to secure control of technology and information. It follows initiatives such as Made in China 2025 — a scheme to restructure China’s industrial policy — and last year’s cyber security law that requires foreign companies to store data locally and allow data surveillance by China’s security apparatus.


The guidance also eliminates some of the key players from what has become a globally popular way of discovering vulnerabilities, so that vendors can fix them before cybercriminals jump in.


Tencent Keen Labs, part of Chinese technology titan Tencent, prompted Tesla to fix vulnerabilities after hacking into its cars. Chinese hackers have also been credited with discovering vulnerabilities at US-based tech multinationals including Google, Apple and Microsoft, according to FireEye, a cyber security company. Tencent did not respond to request for comment.

腾讯科恩实验室(Keen Security Lab of Tencent)隶属于中国科技巨头腾讯(Tencent),曾成功入侵特斯拉(Tesla)的汽车,促使特斯拉修复漏洞。此外,据网络安全公司FireEye称,谷歌(Google)、苹果(Apple)、微软(Microsoft)等美国跨国科技公司的一些漏洞也是由中国黑客发现的。腾讯没有回应置评请求。

While no formal edict has been issued on relevant Chinese state websites, Chinese participants were absent from the annual Pwn2Own hacking contest this month and the Black Hat event in Singapore last week. “They’ve been given guidance that they should no longer participate in events where vulnerabilities are publicly disclosed,” said Bryce Boland, chief technology officer at FireEye.

尽管中国政府相关网站上并未发布任何正式命令,但中国选手缺席了本月举行的一年一度的Pwn2Own黑客大赛和上周在新加坡举行的“黑帽网络安全大会”(Black Hat)。FireEye首席技术官布赖斯?博兰(Bryce Boland)说:“他们接到指示,要求他们不再参加公开披露漏洞的赛事。”

“Pwn2Own used to be basically flooded with Chinese who won all the competitions, but this time there were more or less no Chinese there,” added Mr Ahlberg. Now Chinese hackers could only take a discovery to the vendor or the Ministry “who might notify the vendor or might not”.


MSS has already offered clues on its stance with its National Vulnerability database, CNNVD, a repository of known vulnerabilities in different software products. Analysis by Recorded Future showed it had altered publication dates for at least 267 vulnerabilities — a lag, the group said, that highlighted identities the MSS was “likely considering for use in offensive cyber operations”.

从中国国家信息安全漏洞库(CNNVD)可以在一定程度上看出安全部的立场。国家信息安全漏洞库收录了各种软件产品的已知漏洞。Recorded Future的分析表明,国家信息安全漏洞库改动了至少267个漏洞的发布日期——该公司表示,这一滞后凸显出安全部“很可能会考虑将(这些已查证的漏洞)用于攻击性网络行动”。

Mr Boland said that if the block on attending public contests was designed to have hackers report directly to the CNNVD it would create a “significant threat” because of the scope for Chinese hackers to exploit a huge pool of vulnerabilities.


“It’s like putting a vulnerabilities database with the CIA,” said Mr Ahlberg, referring to the US intelligence agency. “You’re really putting the hen in with the foxes. That’s the policy problem here but they’ve done it for a very good reason: they want total control.”