This week we saw more news emerge of the escalating tit-for-tat cyber attacks apparently being launched by actors sympathetic to the Philippines and China over a naval stand-off in the South China Sea.
Scarborough Shoal – also known as Panatag Shoal or Huangyan island – is the region long-disputed by the two countries and things got serious earlier this month after Filipino navy officials tried to arrest Chinese fisherman operating in the area but were stopped by Chinese surveillance boats.
Cue a barrage of cyber attacks on Philippine government and university web sites by apparent Chinese hackers, and then reprisals from the other side.
It’s pretty basic stuff, site defacement and DDoS attacks designed to send a clear message to the other side, and in this kind of thing China is probably a world leader.
Although it will never be revealed exactly how many patriotic hacktivists there are in the People’s Republic, what’s more interesting is their relationship with the government. In all but the most repressive states – think Iran or Syria – governments disassociate themselves from any hacking behaviour, but I learnt recently that China has done the opposite.
It has long been suspected, but China has effectively made a deal with the hacking community, a source told me, which goes thus:
- Never hack your own government or companies in your own country
- If you find anything of interest in your hacking activities which could help your country improve its status on the world stage, hand it over.
- When called upon to help the ‘cyber military’, make sure you respond
The deal is simple, the source explained, follow these rules and you can hack away with impunity. It means attacks of the sort seen this month on the Philippines can be carried out with the covert blessing of the government and the Party.
Of course the PRC’s standard response to these accusations is that it denounces all hacking activities, that it is taking steps to prevent cyber crime and that China itself is as much a victim of such attacks as western countries.
Even if tracking technologies mature to the level where the source of such attacks can be pinpointed, by operating at arm’s length, the government will always have the advantage of plausible deniability. It’s just a case of whether the international community will eventually lose patience with China and demand action, economic superpower or not.
One of the best things about being in Hong Kong at this time of year is, for the first time in about seven years, I’m missing the annual slog-fest that is the three day Infosecurity Europe show in London. While the speaker line-up in the keynote theatre is always of good quality (at least on the first two days), the constant cajoling from desperate PR professionals trying to set up last minute briefings with their clients is power-sappingly depressing at best.
However, I haven’t managed to shun IT security completely over here, thanks to the 4th MIG InfoSecurity Summit at Wan Chai’s Hong Kong Convention and Exhibition Centre (HKCEC). Eschewing the vendor pitches, as always, I snuck into the panel debates to find some refreshingly honest discussions from the assembled IT experts.
The first was all nominally about disruptive tech, but some of the most interesting comments came about plain old threats. SH Lim, head of infosecurity at Hong Kong Jockey Club hit the nail on the head when he said the future entailed “a lot of us losing our hair”. Humour turned to exasperation soon after when discussing the problems of dealing with zero day threats and tardy patches.
“How fast can any organisation patch versus how fast can the malware writers write malware,” he added. “How do we test our apps within five days? Do we do a self-DOS by causing an app to fail by not testing a patch properly?”
SC Leung, senior consultant at the HKCERT, went further, blaming cloud computing.
“Cloud computing is great technology but the criminals are using it more efficiently for web hosting and they can subscribe to cloud services to get bandwidth on demand,” he said.
“They can hack computers thanks to the computing power of Amazon and it’s very hard to trace them. We need to solve this problem with the cloud service providers.”
Fair enough. But blaming cloud computing for security threats is like blaming ammunition manufacturers for war. The causes need addressing more holistically to make a difference.
The second panel debate focussed much more on the changing role of the CISO. Nothing ground-breakingly new there but again some good advice for budding security chiefs, namely, brush up on your business skills and learn about risk management rather than get bogged down in tactical, technology-focussed issues.
There was also a word of warning that CISOs everywhere need to heed – beware the regulator.
This is a strange one. A report issued by part of China’s Ministry of Industry and IT (MIIT) has apparently warned the country’s home grown mobile phone makers to beware of getting sued by foreign firms looking to assert their patents.
The report is long and in Chinese, so I’ve had to take China Daily’s word for the content of the paper – never the best and most reliable source of the truth, but given the report is government led, the state-run paper is unlikely at least to have hidden any important facts.
The message is fairly clear – now that China produces most of the world’s mobile devices and now its domestic brands have edged out international competition in the People’s Republic, patent holders from abroad may start sniffing around.
All of which is fair enough. China is a dominant player in the global mobile market, but why was the report written now, and what are the alternatives?
Well, as IDC’s Melissa Chau told me, there aren’t really any. Even the supposedly home grown operating systems mentioned in the report from various Chinese operators, Baidu and Alibaba, are based on forks of Android. These have singularly failed to capture the popular imagination, she said.
If the government is suggesting, as appears to be the case, that mobile makers look for alternatives to Android – the OS which is currently battling Oracle over Java patents and Microsoft – then it is going to take some time.
I’ve no doubt that China’s domestic brands will get there in the end. In fact, Deloitte’s William Chou said as much when I chatted to him a month or two ago.
“No Chinese handset maker has a solid platform that can compete with Apple and Google yet but we are at a very early stage,” he said at the time. “Vendors like Huawei and Lenovo are providing smartphones not because they want to earn a profit from the sales but because they eventually want to dominate the application market.”
It can be spoken of in the same breath as China in many ways in that they are both burgeoning nations with huge populations, a growing middle class and aspirations to lead the world in their own ways in the production and consumption of technology.
So it was no surprise when I read Gartner’s latest stats indicating Indian consumption of semiconductors is set to grow faster than any country this year – up by 20 per cent from 2011 to reach a whopping $9.2bn in revenue.
Compared to a global average of just four per cent growth it’s clear the country is undergoing a rapid transition.
Gartner research director Ganesh Ramamoorthy told me that the growth is likely to be sustained for some time to come, driven by huge demand for mobile phones, PCs and LCD TVs in the country.
Due to the low penetration of such kit in India at the moment, the potential is there for CAGR of 16 per cent to 2016, he added.
All of which is good news for Asian companies in general, because while India may be consuming all those semiconductors, it doesn’t make them.
“I do see China based semiconductor companies benefiting a lot because a substantial amount of semiconductor requirements of local manufacturers in India is imported from China,” said Ramamoorthy.
“The strong, growing demand for overall electronic equipment in India benefits other companies as well such as LG, Samsung, Panasonic, Toshiba etc, from countries like Korea and Japan.”
Japanese tech firms in particular have had a tough time of it of late and are struggling in the shadow of China. Salvation comes from strange places sometimes.