China’s Censorship Supremo is Gone, But Little Will Change

Posted: July 8, 2016 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , , , , | Leave a comment

great wall chinaChina’s head honcho when it comes to censorship recently stepped down. This being China, no-one seems to know whether he was effectively sacked, or asked to move to a new bigger and better role. But what we do know is that things aren’t going to get any better for those inside the Great Firewall.

Over the past three years, Lu Wei has been a constant thorn in the side of rights groups, diplomats and Silicon Valley bosses. His aggressive defence of China’s sovereign right to do with its internet what it sees fit – most notably at the laughably titled World Internet Conference in Wuzhen – has been jarring at times. The Cyberspace Administration of China (CAC) he headed up also runs root CA and .cn operator the Chinese Internet Network Information Center (CNNIC). As such, it was blamed by Google last year for issuing unauthorized TLS certificates for several of its domains, which were subsequently used in man-in-the-middle (MITM) attacks.

Even more damning, the CAC was accused of launching Man in the Middle attacks on Outlook users last year in response to its migration to HTTPS, which the authorities can’t monitor. And then it was pegged for a DDoS attack on anti-censorship organisation Greatfire.org – a constant thorn in the side of the authorities in Beijing.

I spoke to Greatfire.org co-founder Charlie Smith about the reasons for and implications of Lu’s departure.

“If it ain’t broke, don’t fix it, right? We probably just had the quietest anniversary of Tiananmen [Square massacre] yet, in terms of online dissent and discussion. There is more censorship in general. Less circumvention because of a crackdown on VPNs. And fewer foreign companies are trying to challenge the status quo,” he told me via email.

“We know controlling the medium is pretty near the top of [president] Xi Jinping’s agenda. So why make a change now? The timing likely indicates that this was a planned and not a rash decision. There was no need to unsettle things before the 4 June anniversary and the change happens well before the next ‘World’ Internet Conference in Wuzhen.”

Smith went on to argue that, even though Lu presided over an unprecedented crack down on internet freedom – primarily through a new regulation banning the spread of “rumours” online – he didn’t go far enough.

“Lu was not perfect. As we have shown, it is impossible to completely block all information for those inside China,” Smith continued. “Maybe in this regard, Lu was being blamed and Xi decided he wanted somebody who can get the job done. Maybe Xi was upset about being ‘vilified as a murder suspect’ and could not comprehend why Lu Wei was unable to scrub information from the Chinese internet.”

Lu’s removal, if that is what it was, may also have been an attempt by Xi at curbing his growing influence – after all, propaganda is at the heart of the Party’s power and everyone inside knows it. His replacement, Xu Lin, is a Xi Jinping acolyte and one time deputy secretary of  Tibet’s Shigatse Prefecture who will certainly toe the presidential line.

As Smith put it, “if Xu Lin fails to quell ‘rumours and slander’ Xi does not have to second-guess whether or not Xu is doing everything within his power to stop these attacks.”

So what prospects for the future? Pretty grim if you’re inside China and are a fan of human rights and internet freedom.

Beijing was one of a few countries – Russia, India, Indonesia included – that voted against a non-binding resolution at the UN this week stating all individuals must be afforded the same rights online as offline and that the universal right to freedom of expression should be upheld online.

As Smith said, if Xu Lin “handles information control on the Chinese internet the same way the authorities handle information control in Tibet then the situation could even get worse.”

There is some hope for businesses and individuals which need to leap the Great Firewall.

Greatfire.org itself this week launched Circumvention Central, a new site designed to provide real-time info on which VPN is the best performing and most stable in your area.

The hope is that it will encourage greater use of VPNs and help developers improve their circumvention products, as well as provide a much needed additional source of revenue for Greatfire.

The concern is that if it gets popular enough, Beijing will do all it can to put it out of action.

Censor much? What to expect from the Great Firewall in 2015

Posted: November 21, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , , | Leave a comment

chinese flagI’ve been speaking to anti-censorship organisation Greafire.org about online freedoms in China and what we’re likely to see in 2015. It makes for pretty depressing reading.

First of all, the app market will see an ever-tightening regulatory regime following new regulations passed in October, according to co-founder Percy Alpha.

“I fear that in the future, apps will be like websites, i.e you have to get a license before publishing any,” he told me by email.

Then there’s the current trend for Man in the Middle attacks as a way to monitor and block access to various online services and sites.

The Great Firewall has already tried this tactic on Google, Yahoo and iCloud to name but three. It’s the only way the authorities can see what people are up to once a site switches to HTTPS.

The smart money is apparently on more of these attacks in 2015, but increasingly focused on smaller sites so as to not arouse much media attention.

The Chinese authorities have also been going after Greatfire itself of late, proof the anti-censorship group must be doing something right.

Their mirrored sites, which allow users behind the Great Firewall view blocked content, have been a minor irritant to the authorities until now. But since last week Beijing upped the ante in two astonishing moves against the content delivery networks (CDNs) Greatfire uses.

The first resulted in EdgeCast losing all service in China – which could mean tens of thousands of sites affected. Then another swipe took out an Akamai subdomain also used by HSBC. The result? Its corporate banking services became unavailable. It just shows the lengths the Party is prepared to go to control the flow of information.

The last word goes to co-founder Charlie Smith:

“I think we will continue to see the kinds of crackdown we have seen this past year. I think that for a long time, many optimists have said, give the authorities some time, restrictions will loosen up and information will flow more freely. If anything, the exact opposite is happening – I’m not sure why people seem to make comments otherwise.

 If anything, I think the authorities will take censorship too far in 2015. They will push the Chinese over the limit of what they are willing to tolerate.”

China’s mobile cyber crime underground…and me on the Beeb

Posted: March 7, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , | Leave a comment

chinese flagI was on BBC Newsday, a World Service breakfast programme, on Wednesday talking about the Chinese cyber mobile underground story I wrote up for The Reg this week.

It’s based on a Trend Micro report The Mobile Cybercriminal Underground Market in China – published this week by its Forward Looking Threat Research Team, which reveals once again the sophistication and commercialisation of the underground networks via which cyber criminals trade goods and service.

Although the report itself doesn’t throw up a huge amount of new data it’s interesting to see evidence that such networks exist in China, selling common attack kits like premium service abusers, SMS Forwarder Trojans and spam.

Typically, being broadcast journalism we were kept strictly to 5 minutes of short, sharp soundbursts by the BBC which allowed for little meaningful discussion of the topic besides “what’s the Dark Web”? “How do I get on it?” and Who’s behind these attacks?”. I had a better chat with the researcher the night before.

That said, it’s an important topic to air publically.

Although we didn’t cover this in as much detail as I’d have liked, the real message to listeners of the program – which apparently has among the highest audience numbers on the planet – is to be more vigilant when downloading apps online and make sure they install basic AV on smartphones.

In China, where unregulated third party Android stores are the norm and mobile AV is rare, the cyber criminals have it made.

The only light I can see on the horizon in this part of the world is for the government to follow through with its planned regulation  of the mobile app space. This would force industry to self-regulate and clamp down on malicious apps either pre-loaded onto phones or uploaded to web stores.

The only problem is that any new regulations are also likely to restrict content deemed “offensive” to Beijing – in other words censorship by the back door.

Decrypt Weibo: new tool promises a censorship-free Sina Weibo

Posted: October 3, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , | Leave a comment

great fireGreatFire.org, a not-for-profit calling for an end to China’s repressive censorship regime, has launched another tool designed to bring transparency to the Chinternet and no doubt some consternation in Beijing.

I covered the Decrypt Weibo announcement over at The Register. It pretty much does what it says on the tin, allowing users who see a post on Sina Weibo that has been blocked by the censors, to retrieve that message.

The founders of GreatFire have been mapping the censored Chinese internet for over two years now and last year launched FreeWeibo, a tool which allows users to conduct uncensored searches of Sina Weibo – by far China’s biggest weibo platform.

However their work so far seems to have flown under the radar, which probably comes down simply to user numbers.

“We’ve been operating FreeWeibo.com now for almost a year and they have not done anything to try to block that service,” co-founder Charlie Smith told me. “It may be that we are just a small blip on their radar. But we think that we are making things difficult for them and we are going to continue to makes things difficult.”

The big worry for internet freedom advocates is that China’s latest attempts to suppress online free speech have edged the closest yet to an Orwellian “thought police” model.

In attaching severe jail terms to any popular online message subsequently deemed to be a harmful “rumour”, the government will slowly and insidiously create a nation where all but the bravest are afraid to say anything mildly controversial online, for fear of reprisals.

That’s the worry anyway, as GreatFire alludes to in its post explaining the launch of Decrypt Weibo, although it’s good to hear that Smith and his team are undimmed in their fight.

“Sina’s likely reaction to our new service will be to inform the authorities about our presence … and put the matter in the hands of the police. The police won’t find us and won’t be able to shut us down which means that they would have to shut down the entire Sina Weibo service to stop us doing what we are doing. This would lead to a massive public outcry,” he said.

“Of course, we hope that they just decide to end online censorship voluntarily.”

In the end, the only way this could happen is if the Communist Party realised that its demand for indigenous innovation-based economic growth (rather than one reliant on copying and stealing IP) is doomed if it continues to suppress debate online and place such a heavy burden on web companies for self-policing their platforms.

Unfortunately I don’t think this will happen anytime soon, so in the meantime let’s hope Decrypt Weibo finds its way into the hands of as many Chinese netizens that need it as possible.

Don’t worry Cisco, you’re not getting kicked out of China

Posted: July 4, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , | Leave a comment

cisco logoA lot of media reports have been flying around this past week or two predicting that US tech firms will find life increasingly difficult for them in China following the various revelations leaked by Edward Snowden.

It’s a compelling narrative and on one level makes quite a bit of sense.

If, as the PRISM whistle-blower has claimed, the NSA really is spying on foreign targets including China and Hong Kong and even allies like the EU, then the logical next step would be to assume it could be doing so with the acquiescence of US technology providers who have managed to establish a firm foothold in the country.

After all, wasn’t it US lawmakers who branded Huawei and ZTE a national security threat due to the perceived risk of the firms being forced by Beijing to modify systems to enable state-sponsored eavesdropping?

No wonder then that Chinese state-run media including the English language Global Times have called for US companies including Cisco to be replaced by domestic providers. China Daily even sourced an anonymous “industry insider” who claimed: “There is a terrible security threat in China from US-based technology companies including Cisco, Apple and Microsoft.”

There’s good reason to believe that Cisco et al won’t be overly concerned about such claims, however.

For one thing, although its kit is all over China’s network infrastructure, the market there accounts for less than 5 per cent of turnover.

Huawei is probably Cisco’s biggest Chinese competitor, especially in the telco edge router market, and has certainly been taking market share from the venerable US giant, but a rip-and-replace policy of the sort advocated in the Chinese media is simply not practical.

“I would say a few vendor replacements had considerations beyond the offerings themselves, for example for certain clients with high security sensitivity,” Gartner analyst Tina Tian told me. “But much more of it would be purely a market decision.”

As for the other US technology providers, the likes of Google Android, Microsoft and Apple between them control just about the entire mobile and desktop operating system market in China.

For that reason and the lack of strong domestic alternatives (for the time being) we’re just not going to see wholesale changes here, which could even work in Cisco’s favour, according to Tian.

“Even if China could replace all the networking equipment from foreign vendors, their data would still need to be handled by IBM, Oracle, HP, EMC, Intel and also Microsoft,” she said.

China’s hacking problem: more sinned against than sinning?

Posted: May 20, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , | Leave a comment

hackerLast week I finished off an analysis of the China/cyber espionage stories that have been flying around in recent months, with a surprising conclusion – in many circumstances the country may well be as much a victim of attack as a perpetrator.

We are unlikely to ever find out the extent of state-sponsored cyber attacks on the US and its allies, although thanks to several high profile reports which name and shame Beijing it’s clear that the tip of the iceberg is well and truly showing.

However, we can be more clear about how secure or otherwise China’s IP address space is and make some general observations.

I spoke to several information security experts about this and they were all in agreement that China is a particularly attractive place to launch attacks from, simply because there are so many compromised PCs as well as enough bulletproof hosting firms there to use with impunity.

HKCERT senior consultant, SC Leung, explained to me how compromised computers, of bots, in China are helping cyber criminals from outside the country.

“The zombie computer, or bot, steals the data (using its IP address) and sends it back to the attacker. When tracing the compromise police can only find the bot computer IP address. The attacker can further command the bot to send the data to Dropbox or a third party forum, and then retrieved it directly or indirectly.  This long chain of investigation of different servers (probably in different jurisdictions) hampers the investigation.” 

It’s also worth mentioning that not all attacks are being carried out by external forces to compromise Chinese IP addresses which are then used as a staging point to attack other countries. China has a massive internal problem with home-grown cyber crims targeting their own – stealing data, IP, bank credentials and even blackmailing by DDoS or other means.

It’s interesting to note that a week or so after I published this story, the FT ran an interesting piece which reached the same conclusions, claiming that the government is failing to provide coherent oversight on information security matters and that the forensics industry is virtually non-existent in China.

Apart from changing these two problems, there needs to be greater user education and awareness to ensure fewer PCs are vulnerable to outside attack, and a crack down on bulletproof hosters.

At the moment, the Party seems to be happy to close down porn sites in high profile raids, willfully censor its citizens and hit out at any US accusations of cyber subterfuge, but not to get its own house in order.

Cleaning up its address space first would would surely improve China’s standing internationally and may even help foster more cross-border co-operation, rather than the relentless mud-slinging of late.

The Communist Party’s everywhere in China, even in foreign multinationals

Posted: October 12, 2012 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , | 2 Comments

chinese flagToday an interesting tale of ideology, back door deal making and hypocrisy as the worlds of government and hi-technology collide.

You’ve presumably all been made aware by now of the US lawmakers’ report into Huawei and ZTE which basically warns off all American firms and government bodies from purchasing their telecoms kit because of the national security risk they pose.

The key point is that the Chinese tech giants were unable to allay investigators’ concerns about the role of Communist Party committees within their firms.

The report has the following:

In essence, these Committees provide a shadow source of power and influence directing, even in subtle ways, the direction and movement of economic resources in China.

It is therefore suspicious that Huawei refuses to discuss or describe that Party Committee’s membership. Huawei similarly refuses to explain what decisions of the company are reviewed by the Party Committee, and how individuals are chosen to serve on the Party Committee.

All of which is fair enough, although virtually all Chinese companies are required to have a Communist Party committee on board, as Huawei argued to the lawmakers.

However, it has been mentioned since then that may foreign companies, including US ones, with outposts in China also have these committees. If true, it would seem to add weight to Huawei’s argument that the report reached a “pre-determined outcome”, and that its authors were unfairly harsh on the Chinese duo, even hypocritical given Party involvement in US firms in China.

Tea Leaf Nation, for example, pointed to articles claiming IBM, Nokia Siemens Networks, Standard Chartered and others all had communist bodies within them.

Now, I’ve heard back from NSN and IBM who both claimed their Chinese businesses don’t have Communist Party committees but that individual members of staff are free to join the Party if they wish.

However, I’ve yet to hear back from IBM on what  this picture and article refers to, as it seems to indicate a party branch of IBM China members.

Most likely at play here is semantics. These firms are denying having an organised party committee within their organisation, but it seems (at least in IBM’s case) they do have self-organised groups of Party members therein.

Whether this amounts to the same thing is difficult to tell, because if it’s one thing the Party is pretty good at it’s secrecy.

It has become adept over the past several decades at hiding the orchestrating role it plays at all levels of Chinese society – a role so key that it is pretty obvious if a large MNC wants doors to open for it then it needs to acknowledge and engage with the Party.