Can Hong Kong build a ‘Silicon Harbour’? Nah, probably not

Posted: June 10, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , | 1 Comment

hong kong skylineI might be back in London now but I’m still keeping one eye on the East. My latest for IDG Connect is a piece on whether Hong Kong can really lay claim to the title “Silicon Harbour”, given its dubious track record of under-investment and the increasing strength of rival Asian cities including Tokyo, Shenzhen, Shanghai and Singapore.

Well, as always, the jury’s still out. There are a lot of good things going on in Hong Kong, as this upbeat infographic shows. It’s politically stable, safe from most natural disaster and you can use the internet freely (unlike in mainland China). It’s also well connected internet-wise and relatively cheap, as Frost & Sullivan analyst Danni Xu told me: “enterprises in Hong Kong using 100 Mbps Ethernet Point-to-Point (P2P) per month are paying only one third the price of a similar set up in Singapore”.

“However, despite these advantages/benefits, Singapore remains popular in certain cases over Hong Kong when it comes to selecting a destination to set up a data centre,” she added. “Google was a prime example of this when its plan to establish a data centre in Hong Kong did not materialise. The cost and difficulty of acquiring suitable land were cited as the key reasons for this.”

It also seems like HK’s key strengths, its value as a financial centre and proximity to China, are also its biggest drawbacks.  This means Singapore and other cities are usually preferred as regional hubs while HK is the choice as a base for firms looking to expand into China. It also means investors can be reluctant to plough their money into untried or tested tech start-ups as the culture is mainly about finance and property.

Forrester analyst Clement Teo had this:

“There are some structural factors may constrain ICT development in HK e.g. its relatively small domestic market and shrinking manufacturing and industrial sector do not provide sufficient incentives to spur technological developments. Moreover, HK needs to divvy up scarce resources – like land, office space and investment funding and talent – among established economic pillars such as financial services, real estates and retail.”

The HK government this year released an ambitious Digital 21 Strategy – the latest in a long line of such policy documents from the SAR – and certainly talks a good game. But I’m still hugely sceptical whether the political will is there to help smaller tech firms – the start-ups and similar which could genuinely turn the city state into a ‘Silicon Harbour’.

South China Sea: another cyber skirmish to worry about

Posted: May 29, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , | 1 Comment

south china sea mapI seem to have chosen the wrong time to come back from Hong Kong. Just a fortnight after landing back in Blighty, the US raised the stakes between the two superpowers, and mortally offended China’s honour, by indicting five PLA soldiers on charges of hacking US firms for economic gain.

I’ve written enough about it here and here already, so I won’t go into the pros and cons of this high risk strategy again. Safe to say that Beijing already appears to be retaliating in the most effective way possible; by making things decidedly difficult for US tech firms in the Middle Kingdom. Already reports have emerged that Cisco and IBM could be in trouble.

Is a new Cold War about to begin?

Well, if it does, one company it might be worth keeping an eye on is threat intelligence firm Cyber Squared. The firm’s ThreatConnect Intelligence Research Team has an interesting and very thorough analysis of new APT-style cyber attack campaigns in the disputed South China Sea (SCS) region, as I wrote about here.

“What’s that got to do with us?” you might ask. Well, potentially quite a lot, according to Cyber Squared chief intelligence officer, Rich Barger.

“There is a risk of increased data loss for Western firms that routinely work with Vietnamese, Filipino, and other SCS region companies,” he told me. “Unit 61398/APT1 operates on the whim of the PRC, and cyber espionage has been adopted as the preeminent ‘low risk – high payoff’ medium for strategic intelligence collection.

“We typically see companies that are infrastructure related being targeted. Industries such as energy, oil & gas, mining, and transportation may find themselves directly or indirectly impacted.”

The message is loud and clear; if you have any military, economic or geopolitical stake in the SCS region, be aware that Chinese cyber operatives are increasing their activity.

“China has had a long standing national and regional interest within the South China Seas region,” explained Barger.

“It offers them a strategic economic advantage in terms of regional and global energy development and trade. From a military perspective, a strong Chinese presence within the SCS also counters the US pivot to South East Asia where China’s military modernisation, especially its navy, and regional assertiveness have come to an intersection.”

Barger argued that the various disparate groups at risk in the SCS need to start sharing information on attacks and “observing both the technical picture and the geo-political context”.

“It is important for those within these targeted industries to actively invest in threat intelligence processes as a standard business practice that supports internal information security operations,” he concluded.

“It is equally important that technical leaders effectively interpret and articulate regional threats and the context surrounding them to corporate business leaders.”

Cyber crime boss offers Ferrari to ’employee of the month’: truth or hoax?

Posted: May 13, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , | Leave a comment

ferrariI’m back in the UK for the time being and writing regular news for Infosecurity Magazine now so expect a fair spattering of off-cuts from this side of the globe for the coming year.

One of the first stories of note I covered was news, broken first by The Indy, that a cyber crime boss had released a video to the darknet offering up a Porsche or Ferrari to the cyber goon-for-hire who could come up with the most lucrative scam.

Now, if it’s true, the story is an interesting one in what it tells us, or confirms to us, about the economics of cyber crime.

Namely, that if the bad guys have this kind of money knocking about – to blow on a kind of bizarre “employee of the month” competition – then how can the police, government and even security vendors hope to attract and retain the best talent?

If nothing else, Rapid7 global security strategist Trey Ford told me by email, it shows the sheer professionalism of cyber gangs today and the vast scale of the underground economy.

“With every part of our lives revolving around increasingly connected technologies, the line between physical and virtual is gone, and the opportunities for attackers are immense,” he added.

“The general public needs to understand this is no longer a world of script kiddies and evil foreign governments, where the average person is unlikely to be a victim. Cyber crime is big business, and everyone is a potential target.”

It sounds obvious but it’s worth saying again, and stories like this at least raise these raise these problems in the public eye.

The other alternative, of course, is that it’s a hoax. Amichai Shulman, co-founder and CTO of Imperva, was not convinced by the story.

“I find it odd that criminal organisations resort to ‘advertising’ an ‘employee of the month’ program. I don’t think that we’ve seen this with recruiting skilled chemists for drug making and drug design or astute economists for money laundering schemes,” he argued. “This leads me to speculate that this is a hoax.”

LinkedIn and the cost of doing business in China

Posted: April 28, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , | Leave a comment

great wallA few weeks ago I covered the launch of LinkedIn in China. It’s been available in English there for a while now and has even managed to amass around 4 million users, I’m told, but this was a big deal because it could give the firm access to up to 140 million Chinese professionals.

That said, many questions remain unanswered about the move, and I’ve been doing a bit of digging to explore them.

The most important centre around exactly what LinkedIn will have to sacrifice to remain unblocked by the Great Firewall. We all know the likes of Facebook, Twitter and YouTube have been forbidden for years by China’s censorship apparatus, but is the cost of doing business there actually worth the potential damage to reputation and bottom line?

Well, CEO Jeff Weiner had this to say about the compromises it has had to make:

As a condition for operating in the country, the government of China imposes censorship requirements on internet platforms. LinkedIn strongly supports freedom of expression and fundamentally disagrees with government censorship. At the same time, we also believe that LinkedIn’s absence in China would deny Chinese professionals a means to connect with others on our global platform, thereby limiting the ability of individual Chinese citizens to pursue and realise the economic opportunities, dreams and rights most important to them.

To me this seems a little disingenuous. Would Chinese citizens’ lives really benefit so much from a local language version of LinkedIn, or is this all about the money?

“I think the CEO should be more upfront about what exactly he is talking about in this situation,” Charlie Smith, co-founder of anti-censorship body Greatfire.org, told me. “What he means to say is that in order for them to get a business license to operate in China so that they can start to sell advertising and recruitment notices, the Chinese authorities insisted that they self-censor.”

The problem is we still don’t know exactly what LinkedIn has agreed to censor. Surely a pre-requisite for getting the green light from Beijing’s censors is having a plan on exactly what will be monitored, and how many resources will be spent on human censors, filtering technologies, etc? Well, LinkedIn told me the license is still pending, and so it can’t be more specific on the details.

But it gets more complicated. Will, as Smith asked me, the profiles of certain rights groups or individuals be removed by LinkedIn, if requested? What if a Chinese user wants to connect with a rights group or dissident outside China? One presumes the firm will have to create some kind of internal firewall between Chinese users and those outside the Chinternet. Aside from the cost to the bottom line, this has all the ingredients for a potential PR disaster.

“How are they going to ‘protect’ Chinese users from seeing content that is being posted by people outside of China that they are connected with? When this kind of censorship comes to light, many people will start testing the LinkedIn platform to see how far this censorship will go,” Smith argued.

“Most people only use LI when they are looking for a job, so I would imagine that many professionals, upon hearing about this complicit censorship, will simply leave the platform and use traditional job boards for their employment search.”

I also spoke to Lucy Purdon at rights group the Institute for Human Rights and Business, which urged more transparency from LinkedIn and encouraged the firm to reach out to the ICT industry and civil society as a member of the Global Network Initiative.

Purdon added:

LinkedIn should learn from the experience of other ICT companies operating in China, especially where government requests for user details present particular risks to users and conflict with the company’s commitment to respect internationally recognised human rights.

In the post-Snowden fallout, LinkedIn has filed legal challenges in the US, seeking permission to provide greater transparency of the number of national security requests they receive from the US government. Given that, at the very least we would expect LinkedIn to push for the greatest transparency in China and include requests from the Chinese government in their transparency reports, which provides a country by country breakdown. In addition, LinkedIn should consider expanding the categories to include censorship requests.

Now this is just the opinions of two organisations. But they’re valid ones and highlight the problems facing any social media or user-generated content-heavy company trying to do business inside China. It’ll be very interesting to see just how LinkedIn handles these issues as it expands its beta service behind the Great Firewall.

East Asia top source of cyber espionage, but with major caveats

Posted: April 25, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , | Leave a comment

chinaVerizon’s annual Data Breach Investigations Report is out and several headlines have pointed to it highlighting China once again as the biggest source of global cyber espionage threats, however we need to be careful drawing such conclusions.

The report revealed that when it comes to cyber espionage, the majority (87%) is state affiliated rather than committed by organised crime (11%) and is targeted at victim organisations outside of the country of origin.

When it comes to “victim countries”, the US (54%) accounts for by far the majority, followed by South Korea (6%) and Japan (3%), although this is more of a reflection of the intelligence sources that inform the report than anything else.

More interestingly, it pegged “external actors” operating from Eastern Asia – mainly China and North Korea – as the most prolific worldwide, accounting for 49%.

Eastern Europe was next (21%), followed by Western Asia (4%), while North America and Europe were way down with just 1% each.

So what does this tell us? Well, those looking to prove that China is once again the arch bogeyman when it comes to global state-sponsored attacks should think twice, according to Verizon.

Report co-author and senior analyst, Kevin Thompson, told me that the results reflect the fact that large numbers of North American companies participate in the study and relatively few hail from East Asia – with none from China and Japan.

“We have been trying to recruit a partner organisation from China, Japan, or South Korea to increase our visibility into that part of the world,” he added. “Since many of our partners that investigate cyber espionage are based in North America they tend to only see attacks that are aimed at North American companies.”

Also, out of 511 total cyber espionage incidents recorded, more than half (281) were removed because no country could be attributed as the source of an attack.

“East Asia is the most commonly seen espionage actor when our partners are able to identify the country at all, which is not even half of the time,” Thompson explained.

“There tends to be more research around East Asian espionage than other countries, especially among North American partner organisations. Since there is more research in that area, it is easier for a partner to identify espionage from those regions while espionage from North America or Europe might be labelled ‘Unknown’ and would not be included in figure 59 of the report.”

If the NSA revelations have taught us anything it’s that the 1% figure for North America-based attacks is likely to be way smaller than in reality.

Verizon also claimed in the report that “the percentage of incidents attributed to East Asia is much less predominant in this year’s dataset”.

The real growth in activity is actually coming from Eastern European attackers, it said, adding the following:

At a high level, there doesn’t seem to be much difference in the industries targeted by East Asian and Eastern European groups. Chinese actors appeared to target a greater breadth of industries, but that’s because there were more campaigns attributed to them.

Malicious email attachment (78%) and web drive-by (20%) are still the most popular method of gaining access to a victim’s environment.

As for advice on how to lower the risk of a compromise, Verizon reiterated the basics.

These include: patch all systems and software so they’re fully up-to-date; use and keep an updated anti-malware solution; maintain user training and awareness programs; segment your network; log system, network, and application activity; monitor outbound traffic for data exfiltration; and use 2FA to stop lateral movement inside the network.

Indonesia’s 20 per cent smartphone tax likely to backfire

Posted: April 11, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , | Leave a comment

indonesiaThis week news emerged that the Indonesian government is planning to levy a 20 per cent luxury goods sales tax on all smartphones made outside the country. It’s an old fashioned piece of protectionism which could hit mobile phone makers in the region pretty hard and is unlikely to have the desired outcome.

As I mentioned in my story for The Register, Indonesia is a growing smartphone market with massive potential – as the world’s fourth most populous nation.

Firms that might be particularly dismayed by the tax include BlackBerry, which counts Indonesia as one of its few remaining strongholds, and Apple, which only recently restarted iPhone 4 production to target budget conscious locals.

If the rumours are true it can be seen less as an attempt to spur local handset makers, of which there are few, and more as a means to persuade more global manufacturers to locate facilities in the country.

Foxconn has already stolen a march on its rivals here by announcing a $1bn investment in facilities there.

Canalys analyst Jessica Kwee told me that, seeing as most domestic smartphone makers are focused on cheap, low-end handsets it’s unlikely that high-end users will be persuaded by the tax to buy local.

“What I think is more likely to happen is that the extremely wealthy would continue to buy their premium phones as is,” she said.

“Then other users will resort to the grey market to source their high-end phones – either via grey importers, by buying when they travel to nearby countries like Singapore or Malaysia, or by requesting from their friends etc. The latter would certainly not benefit the government.”

It’ll be interesting to see whether the government follows through with its plans. After all, at one stage it was mooting the tax only on handsets over Rp 5 million (£260), which I still reckon is the most likely outcome.

“Don’t get bitten by Asia’s offshore tigers,” says Gartner

Posted: April 3, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , | Leave a comment

chinese dragonIT offshoring; not the most exciting topic in the world but a vital contributor to the global IT economy. Last week Gartner released a new report detailing the challenges and opportunities facing Asian locations and warned that while emerging stars such as Indonesia and Vietnam offer great cost savings, there are risks.

Primary among these, as I noted for The Reg, is that none are doing well when it comes to their Data/IP Security and Privacy rating.

Indonesia, Thailand, Sri Lanka, Bangladesh and Vietnam all ranked “poor”, while more mature markets China, Philippines, India and Malaysia only did one better at “fair”.

Report author Jim Longwood also told me that despite ostensibly low costs, some emerging destinations may incur hidden “soft costs”.

“In some countries, for example, you might have to use a local joint venture; or for manufacturing pay additional fees to ensure a higher level of continuity of power supply than local businesses and homes might receive to avoid ‘brown outs’,” he said.

“Another soft cost is building a local brand, to enable the captive to attract a better quality of resources, e.g. when competing against the well-known global brands like of IBM, HP, Microsoft, SAP & Oracle for local talent. Part of this may well be investing building campus type facilities as the Indian providers have done.”

So, which will emerge as the favourite place to offshore IT services in the future?

Well, there are a number of locations vying for the business of MNCs, the analyst told me. Vietnam Bangladesh and Indonesia are leading the pack of emerging Asian countries thanks to strong government support for the first two and “more adhoc local entrepreneurial means” in the latter.

As for China, well it is certainly creeping up fast on India, and was rated by Gartner as the sub-continent’s number one challenger in terms of scale.

However, India has won the “current battle” in terms of horizontal IT services for apps and business processes and will not be overtaken by the Middle Kingdom anytime soon.

“However, versus India, China has certainly won the ‘battle’ to be a leading global site for manufacturing technology whether for TVs, telecommunications or IT hardware componentry,” he added.

Alibaba’s IPO: time to splash some cash on the cloud

Posted: March 18, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , | Leave a comment

moneyAlibaba finally announced plans to list on the stock market on Sunday after months of speculation and protracted discussions with the Hong Kong stock exchange.

A lot of the column inches devoted to this piece of news have focused on the firm’s decision to chose the US, rather than Hong Kong to IPO, and while it will be a blow to the SAR, there really wasn’t much it could do.

The bottom line is that Alibaba wanted to continue electing the majority of its board even after going public and the HKSE has a very strict one-shareholder-one-vote rule, which it could not break. End of story.

Of course, its decision to go Stateside doesn’t hurt Alibaba’s attempts to globalise its brands and attract more big name investors from the US. It will certainly be pretty happy with the way things turned out.

However, it would be wrong to interpret the move as an attempt to internationalise, even given the following statement from the firm:

This [IPO] will make us a more global company and enhance the company’s transparency, as well as allow the company to continue to pursue our long-term vision and ideals.

As numerous industry analysts have told me this week, the IPO is all about raising funds (as much as $15bn if rumours are to be believed) to grow its business in China.

Yes, it’s still China that dominates Alibaba’s thinking and it’s easy to see why. In terms of e-commerce the likes of Amazon and eBay will make it very difficult to compete outside the Middle Kingdom, while inside there is still a huge amount of growth going on.

China is poised to become the world’s biggest market for online commerce by 2015-16. “Growth will double in the next five years so the market is definitely big enough for two or three major providers,” Gartner analyst Jane Zhang told me.

This is just as well, as arch rival Tencent is breathing down its neck with its recent JD.com deal and could present a significant challenge to Ali in the future, Zhang added.

Not that Alibaba has taken its eye off the ball with mobile, investing in Sina, AutoNavi and extending Taobao to the mobile sphere, but its Laiwang messaging service has been a bit of a stinker and really pales in comparison to WeChat’s success.

A lot of the IPO money, Zhang told me, will go on growing its cloud and hybrid infrastructure, as Alibaba takes a leaf out of Amazon’s book and goes into business of providing IT infrastructure as a service in earnest.

Frost & Sullivan analyst Marc Einstein echoed these thoughts.

“Alibaba has some global ambitions but obviously competition is too severe in the US and emerging markets would be more likely targets,” he told me. “Therefore I think that they will continue to diversify into new businesses and mirror companies like Google and Amazon rather than trying to compete head on.”

China’s mobile cyber crime underground…and me on the Beeb

Posted: March 7, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , | 1 Comment

chinese flagI was on BBC Newsday, a World Service breakfast programme, on Wednesday talking about the Chinese cyber mobile underground story I wrote up for The Reg this week.

It’s based on a Trend Micro report The Mobile Cybercriminal Underground Market in China – published this week by its Forward Looking Threat Research Team, which reveals once again the sophistication and commercialisation of the underground networks via which cyber criminals trade goods and service.

Although the report itself doesn’t throw up a huge amount of new data it’s interesting to see evidence that such networks exist in China, selling common attack kits like premium service abusers, SMS Forwarder Trojans and spam.

Typically, being broadcast journalism we were kept strictly to 5 minutes of short, sharp soundbursts by the BBC which allowed for little meaningful discussion of the topic besides “what’s the Dark Web”? “How do I get on it?” and Who’s behind these attacks?”. I had a better chat with the researcher the night before.

That said, it’s an important topic to air publically.

Although we didn’t cover this in as much detail as I’d have liked, the real message to listeners of the program – which apparently has among the highest audience numbers on the planet – is to be more vigilant when downloading apps online and make sure they install basic AV on smartphones.

In China, where unregulated third party Android stores are the norm and mobile AV is rare, the cyber criminals have it made.

The only light I can see on the horizon in this part of the world is for the government to follow through with its planned regulation  of the mobile app space. This would force industry to self-regulate and clamp down on malicious apps either pre-loaded onto phones or uploaded to web stores.

The only problem is that any new regulations are also likely to restrict content deemed “offensive” to Beijing – in other words censorship by the back door.

Apple’s shipment struggles as market share sinks in China

Posted: February 20, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , , | Leave a comment

iphoneLast Friday I reported how China’s smartphone market had hit its first major slowdown in 27 months, as the growth engine of Asia slowly matures.

Well, I’ve been back to the analyst house where those stats came from to ask specifically who the biggest handset winners and losers are in China at the moment.

Unsurprisingly Samsung remains number one with a market share of 19 per cent, followed by local players Lenovo (13 per cent), Coolpad (11 per cent) and Huawei (10 per cent).

Apple rounded out the top five with a 7 per cent share – which various reports have shown was a one per cent improvement on the previous quarter and signs that things are picking up in China for the US giant.

Well, I’m not quite so sure. IDC senior research manager Melissa Chau told me that the biggest year-on-year movers were actually Lenovo (+57%), Coolpad (+36 per cent) and Huawei (+26 per cent). Samsung posted not unimpressive 20 per cent growth, but Apple’s year-on-year share actually dropped 2 per cent.

By comparison, its nearest rival, home-grown star Xiaomi, notched impressive 91 per cent growth to take sixth place with 6 per cent of the market.

So will Apple be worried? Well yes and no, according to Chau.

On the one hand the Cupertino giant has always been a high margin business, making way more money on handsets than Xiaomi and most of its Chinese rivals. To that extent it doesn’t need to shift smartphones in volumes quite so great.

However, the counter argument is that Apple needs to be seen as an attractive, popular platform, for the sake of its ecosystem.

“It is relevant to look at shipments because they affect Apple’s market power; it’s ability to attract developers,” Chau explained.

“Apple must walk a fine line making sure it doesn’t drop so far down that Android is the only ecosystem in China. It won’t be a risk it’s taking this or next year but it needs to watch [this trend]. That’s why it makes sense to launch a lower cost model there.”

You can’t argue with this logic. With Xiaomi’s low margin, high volume strategy potentially lifting it above Apple the last thing Cupertino wants is to be left floating outside of the leading pack, even if it is still hovering up revenue in one of its biggest markets.

Much has been written about the potential sales lift Apple’s recently announced deal with China Mobile – the world’s largest operator by subscriber numbers – will give it. However, as Chau told me, this might have been overplayed by some commentators – after all, we’re not talking about a new iPhone model here.

“Given the model has been out for some time I’m not sure the bump will be as significant as people are making out,” she argued. “The bump will come with the next iteration of the iPhone.”

All at Apple will be hoping that creates more buzz than its last major launch here. Or it could seriously be time to go back to the drawing board.

← Older Entries
Newer Entries →