Analysts determine Chinese law lets police hack online services and copy user data for...

[mongeese]

(Lack of) Privacy: Security analyst firm Recorded Future has published a report detailing the potential impact of China’s updates to its cybersecurity law that came online last November. Bottom line: they can hack any company with online services in China under the guise of searching for security flaws, and they can access and copy all user data while doing so.

The new provisions supposedly have the goal of protecting Chinese citizens by letting the Ministry of Public Security (MPS) perform remote or on-site penetration testing and network analysis. They’re allowed to target any company that provides internet services in China or any company with online computers in China.

However, nowhere does it say that they must disclose those security flaws to the company, nor help patch them. They also don’t have to reveal what part of the company’s network they’ll be looking at, or what data they’re copying. That’s possibly the worst bit: the government gets a copy of ALL user data a company has connected to their Chinese network, which may extend to other countries depending on the company.

While the new provision lets the MPS walk in the door of any company at any time with minimal prior notice, that’s not necessarily how they’ll access information. Penetration testing, which normally has the goal of finding flaws by attempting to hack a network, doesn’t have to stop when flaws are exposed. The MPS is permitted to exploit any flaws they discover however they like.

Even in the case that there aren’t any vulnerabilities discovered, the MPS also has the power to force a company into creating a backdoor. No simply isn’t an answer, not when the MPS has the People’s Armed Police helping them in every single on-site operation.

Permalink to story.

https://www.techspot.com/news/78674-analysts-determine-chinese-law-police-hack-online-services.html

 

[trparky]

China. You just can't trust them.

 

[psycros]

How far we've fallen, with China now more up-front about its massive domestic surveillance programs than the US. The list of abuses under FISA/FISC is astounding: secret real-time access to all phone calling data that passes through US lines; secret wiretapping of literally anyone without cause; secret imprisonment without cause of anyone for any reason, as long as magic words "terrorism" or "espionage" are used. The FISC courts were meant to oversee electronic surveillance of known or suspected foreign spies and were never empowered to be a rubber stamp for a police state. But I guess it doesn't matter at this point since stupid, lazy westerners happily allow soulless corporations to wiretap them 24/7. True, the US government started this after 9-11 but it didn't take long for the tech barons to join the party. After all, they stood to get even richer supplying a lot of the tech the ruling class needed to create this Orwellian nightmare. Statists like Bill Gates were tripping over themselves with each trying to prove they were the best government lapdog. So fifteen years on, here we are, with almost no privacy and no legal ability to defend it..and the next great smooth-talking mouthpiece of the elites is probably being groomed as we speak. When he emerges from the shadows he'll tell everyone what they want to hear, and people will look to their handscreens, and those screens will say with one voice, "He is good." Anyone who doesn't accept this One Truth will never dare speak it within earshot of a microphone or type it into a machine that's connected to the Internet. Everything points to our future being utterly dominated by corporate-government technocracies because we couldn't be bothered to pay attention.

 

[Eldritch]

China continues to stoop further down even when we thought they can't go any lower. Why would anyone risk losing their entire R&D and IP globally just to access their market?
Solution is simple, give Chinese market last gen services and wall them off from global content creators e.g. In case of Techspot, people of world can share and comment but Chinese techspot will have only Chinese comments and content creators.

 

[psycros]

China continues to stoop further down even when we thought they can't go any lower. Why would anyone risk losing their entire R&D and IP globally just to access their market?
Solution is simple, give Chinese market last gen services and wall them off from global content creators e.g. In case of Techspot, people of world can share and comment but Chinese techspot will have only Chinese comments and content creators.

This is exactly how the web already is over there, but even local content gets banned if its deemed too offensive or criticizes the government in any way. This power of censorship extends abroad because the data mongers want access to the biggest market on Earth, so you won't hear a Google or Microsoft seriously questioning China's actions. You also don't get to play in China's software sandbox unless you hand over certain parts of your source code for inspection and modification. There is a team at Apple that liaisons with the US government and part of their job is figuring out what new spycrap Chinese manufacturers have been installing into Apple devices month to month. Apple benefits from government expertise and the feds get a better idea of the PRC's capabilities. The NSA has gotten so good at identifying certain firmware hacks and chip swaps they can trace them back to specific teams and even individuals working for red chip IT companies.

 

[PEnnn]

This is rich!! US citizens blasting the Chinese for spying on their citizens and everybody else.

Meanwhile, the NSA and dozens of other top secret agencies with secret budgets are doing the same to US citizens, companies local and foreign and everybody else around the globe!!

 

[cmc487]

This is rich!! US citizens blasting the Chinese for spying on their citizens and everybody else.

Meanwhile, the NSA and dozens of other top secret agencies with secret budgets are doing the same to US citizens, companies local and foreign and everybody else around the globe!!

Totally agreed with you ! , while China has a law the US do it all around the world without permission ....