A multinational tech company gets schooled in the risks of doing business in China.
Read the whole story
Read the whole story
Chinese bank requires foreign firm to install app with covert backdoor
- Thread starter JournalBot
- Start date
Arguably, it's stopped being a capitalist or democratic society at that point. When the rich and powerful ("Moneyed Class") run all competition out of the society, it becomes more an economic and political oligarchy. Got to love it.
Upvote
7
(11
/
-4)
Very greedy.
Or did they find an original attack vector that compromised the software repo? One would think if the government in question runs the tax system downstream, they would have good controls, or at least hashes for all authorized software.
Or did they find an original attack vector that compromised the software repo? One would think if the government in question runs the tax system downstream, they would have good controls, or at least hashes for all authorized software.
Upvote
-1
(0
/
-1)
Capitalism, in-of-itself, does not necessitate, or even naturally facilitate, competition. Monopolies are, well, the unfettered goal of all Capitalism.
Upvote
17
(20
/
-3)
Genuine question - as I don’t know nearly enough... would a VM be enough to stop a system level attack?
Upvote
1
(1
/
0)
Quick answer in this case: no. Installing this infected software on a VM would have the same effect. They don't explicit all the system level controls in the case, but having system rights is enough to do all possible damage.
Upvote
4
(4
/
0)
Edited: for more info.
My comment says "the best thing" not "is good in every way." I agree with that comment, but not sure how it relates in the context of international trade. Monopolies don't last very long historically. While one may control a product or service, it's hard to prevent new solutions from replacing yours and to prevent commoditization.
Upvote
1
(2
/
-1)
No, but with a VM, once you discover that it's infected you can simply wipe it.
Upvote
6
(6
/
0)
Honestly that would be great but in the present it is nearly impossible to make a phone outside of china. The supply chain and the words largest population for cheap labor is just all there.
The only place that can compete is india yet they don't have the infrastructure. Not to mention I worry about india and china going to war in the future. Look at their recent border dispute.
Upvote
-5
(1
/
-6)
Not particularly, it's pretty old-school in that it makes obvious, persistent file changes, installs services, and contacts a C&C network that is already known to anti-malware software. The newest wave of advanced stuff is making none of those mistakes which is making it much harder for the majority of the current crop of corporate protection tools to spot them.
Upvote
2
(2
/
0)
Except, as mentioned, this VM would have had access to a boatload of very sensitive information as part of its intended mode of operation. All that will have been compromised anyway. I'm really not seeing what "but in a VM" adds here; it's not as if rolling out a fresh image to a physical machine is exactly rocket surgery either and in both cases you're still borked, effectively.
Upvote
9
(9
/
0)
Phones are mostly assembled in China, not made there.
Also, start looking at your electronics. Starting to be a lot of stuff made in Vietnam and elsewhere.
Upvote
6
(7
/
-1)
In theory what you describe might work but it is not scalable and could not be implemented in a bank. No banking processes in this day and age can be run based on an employee manually copying data to a USB drive and then walking it over to a different system. (Never mind that transferring data using USB drives is a great way to compromise your otherwise air-gapped network)
Your comment about not doing business in China I agree with completely.
Upvote
7
(7
/
0)
We install this type of software onto physical machines that are network segmented (automatically by 802.11x) to only talk to the internet. The only information on them is the documents that are already being transferred to the bank or national tax authority.
Upvote
11
(11
/
0)
Nope.. businesses wouldn't be going to Asia without the higher profit margins.. cheap stuff is a secondary consideration. Don't blame the consumer for his/her lack of agency in this relationship.
Upvote
8
(9
/
-1)
A lot of phones are made in South Korea, most LG and Samsung phones as an example.
Upvote
3
(3
/
0)
One thing that seems to be missing from the Ars writeup is the fact that we don't know if the Chinese Companies involved were the ones that deployed this malware or if it was done by hackers taking advantage of lack security or the fact that it is required software (similar to the recent story of hackers using Google Analytics to hide credit card skimming) or if a Government inserted it (similar to the NSA inserting malware into Cisco Routers).
From the linked report:
From the linked report:
Upvote
13
(13
/
0)
Good, that's how it should be! Two things: (1) chances are this software was made to move a larger part of the total workflow to that machine, rather than just (and only) the finalised documents as are to be provided to the revenue service, and (2) chances are that this bank was handing over control over those documents to other actors besides the revenue service; a lot of what you tell the tax man is still rather sensitive information you'd rather not have end up in the hands of a competitor in more-or-less real-time.
Besides that, I stand by my point it really doesn't matter whether that's a VM or a physical machine, same data's getting out, same access to the larger network is accomplished (or not, in your case).
I was really just responding to the question whether running this in a VM would help.
Upvote
7
(7
/
0)
First off, truly great catch by Trustwave SpiderLabs Threat Fusion Team! Boffo!
I suppose there is no way to get some hints at preventing or remediating infection, right?
So then, why does MS sign off on extremely bad malware?
Isn't it time for the whole world to consider alternate trustworthy sourcing of electronics able to communicate on the internet or in a computer?
I suppose there is no way to get some hints at preventing or remediating infection, right?
So then, why does MS sign off on extremely bad malware?
Isn't it time for the whole world to consider alternate trustworthy sourcing of electronics able to communicate on the internet or in a computer?
Upvote
0
(1
/
-1)
Every country on earth has a history of terrible acts going back into the distant past. You know, the past where everyone was less enlightened, less aware of the concept of rights, the concept of international law. A past that we aren't in any more. The solution isn't throwing around blame and whataboutism on people and policies long dead to excuse groups still doing the bad old things we are trying to stop. It's making sure we, EVERYONE, start doing better, right now.
People like you like to like to feel righteous for pointing out countries' distant past horribleness... while in fact excusing and enabling other countries' current horribleness. So in fact, you are defending and excusing evil, not exposing it.
Upvote
28
(31
/
-3)
I don't disagree. But also other business partners (who are not so inclined) may also have their data exposed by this weak link introduced by less scrupulous partners unknowingly.
It's not a s simple as "screw the guys doing it directly". But yes indeed, screw them too.
Upvote
3
(3
/
0)
Gotta be straight. As a network engineer, I am designing multinational systems. And I am designing them to treat foreign computer networks as hostile. Which means that to get to my US network, you are going through a VPN concentrator, and an IPS multiple firewalls. Essentially I only allow specific traffic to specific hosts on specific ports.
We also watermark and strictly control data stored on these systems. And we have fired our developers in those countries.
And if you visit, you have to use a custom burner phone and burner computer with absolutely no data or apps on them when crossing the borders. If you need apps and data, you can come to a US based Citrix setup.
At this point I have to assume that our Russian and Chinese networks are compromised. I also assume that anyone I talk to when I am there is a member of that countries security services.
Essentially I feel that if I was them I would totally do it. It would be malpractice on their part not too.
We also watermark and strictly control data stored on these systems. And we have fired our developers in those countries.
And if you visit, you have to use a custom burner phone and burner computer with absolutely no data or apps on them when crossing the borders. If you need apps and data, you can come to a US based Citrix setup.
At this point I have to assume that our Russian and Chinese networks are compromised. I also assume that anyone I talk to when I am there is a member of that countries security services.
Essentially I feel that if I was them I would totally do it. It would be malpractice on their part not too.
Upvote
26
(27
/
-1)
Absolutely!
I run my hobby website through Cloudflare which has an absolutely fabulous firewall system which, for example, can be set up to only make connections from USA ip addresses. But, it's much more than that, too.
Meanwhile, the hardware firewall on top of my home router can be set up to filter by country, ip range, url, host name, etc for every device in the house. Also, monitor all connections.
There's a war going on out there and we are all targets.
Because: Money and Power.
Upvote
1
(1
/
0)
You might want to nix toys off of that list, unless you want to expose your children to lead and other harmful materials that "happen" their ways into the product.
And you might want to take kettles and waffle irons off of the list, too, come to think of it...
Upvote
8
(9
/
-1)
Well, it may not be by the official developer, but it could be added into the binary by one of the Chinese 3 letter agencies.
Just be careful running any software from China.
Just be careful running any software from China.
Upvote
2
(2
/
0)
Why do you find it surprising that companies are self censoring for profit? In the US, Twitter is censoring various politically incorrect people because of popular demand. The excuse used was private platform. When it comes to China, why do you think the same capitalistic corporations wouldn't do the same with popular demand in China?
Upvote
-16
(2
/
-18)
How is giving them everything they want standing up to them? He scuttled the TPP with no plans for a replacement which effectively ceded leadership in the Pacific trade zone to China. He’s done nothing to counter their expansion in Africa. He’s withdrawing from groups like the WHO, where the U.S. was the major counterbalance to China’s power. After he pushed huge price hikes onto American businesses (China doesn’t pay those tariffs) he’s been desperate to get the Chinese to import more and that meant that not only is he not negotiating hard, he’s approved things like their concentration camps which previous Presidents would have opposed. He’s sabotaging the American R&D system by preventing talented foreigners from coming here, which means that a lot of work which would have happened in the U.S. will be happening in Chinese universities rather than, say, MIT. Not to mention how gross incompetence handling the pandemic will leave us taking years to recover while all of our allies reconsider their reliance on us.
Russia’s efforts to get him elected have mean they’re the most connected with his name now but I will be surprised if in a couple decades that won’t be a footnote in the “how China became the dominant world power” history lesson.
Upvote
11
(17
/
-6)
Yes actually. Technically and theoretically.
There should be a new alliance of TRUSTWORTHY manufacturing source countries and specific businesses.
The fact of the matter is it seems the whole world is involved in a trade and intellectual property war with China, but don't know it, want to know it or don't care. That's not right.
Upvote
7
(8
/
-1)
This is completely incorrect. Obama was gearing up to compete with China. Look at pivot to Asia and TPP. Both of these are designed to isolate China in the long term without actually going into a full on confrontation.
The idea that Obama is just helping China is incorrect. He's doing it smartly and steadily. Trump is just throwing tantrums and doing it for popular demand.
Upvote
13
(19
/
-6)
Funny, the previous U.S. President came from Hawaii. Feel free to let us know when China will elect it's next Premier from Tibet. Or maybe even just someone who isn't a member of the same political party as the previous Premier.
Upvote
24
(25
/
-1)
It's all about the SUPPLY CHAIN.
China has an unparalleled ability in the Supply Chain to rapidly (much, MUCH faster than anyone else) turn on a dime and provide new engineering, design, finished-product, parts, BOM replacements, and most importantly: SHIPPING ANYWHERE IN THE WORLD on a moments notice.
All of this comes due to the highly interconnected web of design, engineering, fabrication, heavy and Light manufacturing, HIGHLY automated systems, and exceedingly low intellectual, labor, and materials prices, coupled with the cheapest shipping in the world, that exists in China.
No matter what you want, you can have 3-5 FULL FACTORIES producing it in DAYS compared to MONTHS (or YEARS) in most other countries.
Add to that the fact that to do business in the LARGEST consumer market in the World (China) you MUST manufacture there, and turn over lots of IP to the "local partners" you MUST employ.
This is an irresistible siren song to Capitalists, who are always looking to reduce costs and increase "deliverables". As intended by Chinese leaders.
As Karl Marx said: "Capitalists will sell us the rope we will hang them with."
Upvote
14
(14
/
0)
And then you can only buy from countries with mutual bans of electronic gear from China (or at least any electronic parts, but I'm sure there are a ton of ways around that).
It isn't unlikely to see three markets. China and its clients; USA, the "five eyes" and client states; and everyone else. Each can still expect to have hostile software snuck into their systems, Windows, Android and IoT experiences are telling.
Upvote
0
(0
/
0)
greybeardengineer
Ars Praefectus
"When it comes time to hang the capitalists, they will vie with each other for the rope contract"
Upvote
10
(10
/
0)
I'm sure our Neville Chamberlain approach to dealing with China will pay off eventually. LOL. It's certainly paying off for China.
Upvote
8
(9
/
-1)
I can hear them now "The GOVERNMENT has NO RIGHT to tell me where I buy MY stuff!" People want cheap shit that works. Many an average Joe could care less if Xi Jinping knows who he 'bates to. I'm not trivializing the problem, but merely pointing out that people are self-serving.
Upvote
1
(1
/
0)
greybeardengineer
Ars Praefectus
Corporate C suite residents benefit hugely in the short run, shareholders and citizens pay the price in the long run. Applies to a lot other dubious things than just dealing with China.
Upvote
7
(7
/
0)