In one look.
- China’s attempts to control exposure to citizen data risk… in more than one way.
- US bill prevents purchase of foreign surveillance software.
- FBI Cyber Division director calls for clarity on penalties and incident reporting rules.
China’s attempts to control exposure to citizen data risk… in more than one way.
China is currently facing what could be the biggest data breach in the country’s history, despite the fact that lawmakers have implemented one of the strictest cybersecurity and data protection systems in the world. . The Wall Street Journal explore how the government’s vast surveillance network has made it a target for data theft. According to database tracking service LeakIX, China has tens of thousands of unprotected databases exposed on the Internet totaling more than 700 terabytes of data, the largest amount of exposed data of any country. Additionally, the data is particularly sensitive in nature, largely due to the way China aggregates data from multiple sources into its state-run surveillance platforms. In 2019, Shanghai launched a fully integrated data platform with AI capabilities, collecting data from public security, public health and transportation, and even private food delivery companies. He created a house of cards scenario where a breach can lead to the exposure of an avalanche of data.
Meanwhile, a story from MIT Review demonstrates how China’s tight grip on data only forces citizens to find creative ways to circumvent the rules. Chinese gamers on Steam, the world’s largest gaming platform, have abused an app called Wallpaper Engine in order to circumvent the country’s ban on internet pornography. App reviews detail how the software can be used as a cloud player and video player allowing gamers to share adult-only content, and Steam’s high-speed international servers and inability to block explicit content make it the perfect vehicle. Cui Jianyi, a Chinese writer who has studied the phenomenon, says it’s a natural reaction to a government trying to control its citizens’ Internet behaviors too tightly. “If there are no legit porn websites, people will consume it wherever they can find it,” he said.
US bill prevents purchase of foreign surveillance software.
The U.S. House Intelligence Committee on Wednesday introduced a bill that would give the U.S. director of national intelligence the power to block any contracts between foreign surveillance software makers and the intelligence community. Like Reuters Remarks, the move follows media reports that Israeli company NSO Group, maker of the infamous Pegasus spyware, was in talks to be bought by US defense contractor L3Harris Technologies Inc. United States National Security,” the bill also gives the White House the power to sanction foreign spyware makers if they target American spies. Additionally, the measure would allow the Director of National Intelligence to prohibit any part of the intelligence community from entering into a contract with a US company that had acquired foreign commercial spyware, essentially killing the acquisition of L3Harris. The bill must be approved by the entire House and passed by the Senate before becoming law.
FBI Cyber Division director calls for clarity on penalties and incident reporting rules.
Speaking at this week’s International Cybersecurity Conference, Bryan Vorndran, deputy director of the Cyber Division of the US Federal Bureau of Investigation (FBI), said the agency urges the Treasury Department and the United States Securities and Exchange Commission (SEC) to clarify rules imposed when paying ransomware attacks and reporting cyber incidents. The disc by Recorded Future Explain that for years, the Treasury Department’s Office of Foreign Assets Control threatened to penalize organizations that paid ransoms to sanctioned ransomware groups. But there has been confusion over exactly which groups are sanctioned, especially since many threat groups do not publicize their ties to countries like Russia, Iran or North Korea, and Vondran says the American companies have approached the FBI for clarification. “Treasury guidelines on sanction payments are opaque. It’s not clear. We went to Treasury and asked them to clarify that,” Vondran said. He also noted that the FBI has asked the SEC to add an exception to the reporting rules that would give companies a delay option if disclosing an attack could pose a threat to national security. “These discussions are taking place at the highest levels of the FBI and [Department of Justice] with the SEC about the national security implications,” Vondran said.