←back to thread

PRC Targeting of Commercial Telecommunications Infrastructure

(www.fbi.gov)
286 points 2OEH8eoCRo0 | 1 comments | 14 Nov 24 00:59 UTC | HN request time: 0.213s | source
Show context
clwg ◴[14 Nov 24 02:45 UTC] No.42132630[source]
I was working with MISP[0], an open-source threat intelligence sharing platform, and came across a really interesting dataset from the Australian Strategic Policy Institute on China's technology research institutions[1]. I liked the data so much I built a quick cross-filter visualization on top of it to help explore it[2].

The data offers a fairly comprehensive and interesting perspective on China's research priorities and organization, I can't speak to the effectiveness of the programs themselves, but it does make me concerned that we are falling far behind in many areas, including cyber security.

[0] https://www.misp-project.org/

[1] https://raw.githubusercontent.com/MISP/misp-galaxy/refs/head...

[2] https://www.layer8.org/8541dd18-ff05-4720-aac7-1bd59d3921dd/

replies(5): >>42132801 #>>42133485 #>>42134891 #>>42137891 #>>42143837 #
acheong08 ◴[14 Nov 24 03:17 UTC] No.42132801[source]
> we are falling far behind in many areas, including cyber security

In terms of quantity and quality of talent, I don't think the western world would fall behind China, especially with their strict control of information. Most people there will have difficulty independently learning about cybersecurity.

The difference is that most talent is captured by the private sector with higher compensation or bounties. Meanwhile, China can very easily compel anyone they need into the government so the % utilization on outward attacks is probably higher.

replies(10): >>42132860 #>>42132946 #>>42133034 #>>42133113 #>>42133133 #>>42133189 #>>42133488 #>>42133564 #>>42133646 #>>42135370 #
woctordho ◴[14 Nov 24 03:55 UTC] No.42133034[source]
Every ordinary Chinese needs to self-learn some cybersecurity to do daily things, like to watch YouTube, or to send messages to others without worrying being censored
replies(2): >>42133162 #>>42133283 #
1. viraptor ◴[14 Nov 24 04:26 UTC] No.42133162[source]
There's a big difference between using tools intended for general population and being skilled enough in offensive security to make a difference. It may incentivise some people to learn further, but I don't think the effect would be that large. It's kind of like everyone at Uni knowing about P2P a few years ago - but they knew nothing about protocol design.