←back to thread

PRC Targeting of Commercial Telecommunications Infrastructure

(www.fbi.gov)
286 points 2OEH8eoCRo0 | 2 comments | 14 Nov 24 00:59 UTC | HN request time: 0.646s | source
Show context
clwg ◴[14 Nov 24 02:45 UTC] No.42132630[source]
I was working with MISP[0], an open-source threat intelligence sharing platform, and came across a really interesting dataset from the Australian Strategic Policy Institute on China's technology research institutions[1]. I liked the data so much I built a quick cross-filter visualization on top of it to help explore it[2].

The data offers a fairly comprehensive and interesting perspective on China's research priorities and organization, I can't speak to the effectiveness of the programs themselves, but it does make me concerned that we are falling far behind in many areas, including cyber security.

[0] https://www.misp-project.org/

[1] https://raw.githubusercontent.com/MISP/misp-galaxy/refs/head...

[2] https://www.layer8.org/8541dd18-ff05-4720-aac7-1bd59d3921dd/

replies(5): >>42132801 #>>42133485 #>>42134891 #>>42137891 #>>42143837 #
acheong08 ◴[14 Nov 24 03:17 UTC] No.42132801[source]
> we are falling far behind in many areas, including cyber security

In terms of quantity and quality of talent, I don't think the western world would fall behind China, especially with their strict control of information. Most people there will have difficulty independently learning about cybersecurity.

The difference is that most talent is captured by the private sector with higher compensation or bounties. Meanwhile, China can very easily compel anyone they need into the government so the % utilization on outward attacks is probably higher.

replies(10): >>42132860 #>>42132946 #>>42133034 #>>42133113 #>>42133133 #>>42133189 #>>42133488 #>>42133564 #>>42133646 #>>42135370 #
equestria ◴[14 Nov 24 03:40 UTC] No.42132946[source]
> especially with their strict control of information. Most people there will have difficulty independently learning about cybersecurity.

I'm puzzled by this assertion. I know quite a few self-taught infosec folks who grew up there. China is not North Korea. The government, by and large, doesn't monitor what you're doing day-to-day, unless you're a political activist or some other "undesirable". The Great Firewall doesn't stop you from accessing infosec content; and in any case, the use of VPNs is prevalent among techies.

To be fair, the parent's claim that China is "ahead" in infosec also feels like fearmongering. The one thing that's true for China is that their government has far fewer qualms about hacking Western infrastructure to get dirt on dissidents, steal IP, and so on. But that's a matter of ethics and law, not tech.

replies(2): >>42133383 #>>42133847 #
PittleyDunkin ◴[14 Nov 24 05:30 UTC] No.42133383[source]
> The one thing that's true for China is that their government has far fewer qualms about hacking Western infrastructure to get dirt on dissidents, steal IP, and so on. But that's a matter of ethics and law, not tech.

As opposed to the DoD, which strictly fights for freedom, liberty, and democracy?

replies(1): >>42137728 #
1. equestria ◴[14 Nov 24 16:20 UTC] No.42137728[source]
> As opposed to the DoD, which strictly fights for freedom, liberty, and democracy?

Yes, the whataboutism is unwarranted here. The US government is no angel, but is far more constrained in this regard. The bar to become "the enemy of the state" is much higher - for example, your comment won't get you in trouble here. The US government also wouldn't, say, hack Spotify and snoop on their business plans to prop up a competing US startup - something that is commonplace with the Chinese intelligence apparatus.

replies(1): >>42140761 #
2. PittleyDunkin ◴[14 Nov 24 20:21 UTC] No.42140761[source]
> The bar to become "the enemy of the state" is much higher - for example, your comment won't get you in trouble here.

I think you're drastically overestimating the effect of being sarcastic about jingoistic rhetoric on the chinese internet. I imagine China, much like the DoD, is quite proud of their ability to penetrate systems and cause havoc.

> The US government also wouldn't, say, hack Spotify and snoop on their business plans to prop up a competing US startup - something that is commonplace with the Chinese intelligence apparatus.

I can't imagine there's much worth taking from Spotify. Meanwhile, if you think the US won't steal technology from China when there's something worth stealing, you're a massive fool.