【设为首页
前往首页
以后地位: 注释

中国指示本国黑客不要参与黑客大赛

工夫:2018-03-30 00:02泉源:作者: 点击:
破绽能够是软件中的题目,要求本国企业在当地存储数据和容许中国平安机构监控数据的网络平安法,腾讯科恩实行室,的汽车,据网络平安公司FireEye称,但中国选手出席了本月举行的一年一
  

China’s spy agency has ordered local hackers to abstain from global hacking contests and instead report any vulnerabilities to the security ministry or the affected company, according to cyber security experts, as Beijing seeks to tighten its control over technology and information. 网络平安专家表现,中国的特务机构已指示本国黑客不要参与环球黑客大赛,而要向平安部或涉事公司陈诉其发明的任何破绽。北京方面貌前正试图收紧对科技和信息的控制。 The guidance from the Ministry of State Security, which comes as China is taking an increasingly isolationist approach to technology, was aimed at boosting its stash of intelligence, experts said. 中国国度平安部属达这一指示之际,中国正在接纳一种日益伶仃主义的科技道路。专家表现,这一指表示在扩展中国掌握的谍报储藏。 “Clearly this is about local control,” said Christopher Ahlberg, co-founder and chief executive of US-based cyber intelligence firm Recorded Future. “Vulnerabilities could be problems in software but are also an opportunity to get backdoors into them.” “显然这与当地控制有关。”美国网络谍报公司Recorded Future结合开创人、首席实行官克里斯托弗?阿尔伯格(Christopher Ahlberg)说,“破绽能够是软件中的题目,但它们也是在软件身上安后门的时机。” The move is the latest bid by China to secure control of technology and information. It follows initiatives such as Made in China 2025 — a scheme to restructure China’s industrial policy — and last year’s cyber security law that requires foreign companies to store data locally and allow data surveillance by China’s security apparatus. 此举是中国为确保对科技和信息的控制所接纳的最新实验。此前,中国还出台了一些步伐,包罗《中国制造2025》(一项调解中国财产政策的方案),以及客岁出台的、要求本国企业在当地存储数据和容许中国平安机构监控数据的网络平安法。 The guidance also eliminates some of the key players from what has become a globally popular way of discovering vulnerabilities, so that vendors can fix them before cybercriminals jump in. 这一指示还使得一些紧张的到场者出席一种环球盛行的发明破绽的方法。借助这种方法,软件供给商可在破绽遭网络立功分子应用前修补它们。 Tencent Keen Labs, part of Chinese technology titan Tencent, prompted Tesla to fix vulnerabilities after hacking into its cars. Chinese hackers have also been credited with discovering vulnerabilities at US-based tech multinationals including Google, Apple and Microsoft, according to FireEye, a cyber security company. Tencent did not respond to request for comment. 腾讯科恩实行室(Keen Security Lab of Tencent)从属于中国科技巨擘腾讯(Tencent),曾乐成入侵特斯拉(Tesla)的汽车,促使特斯拉修复破绽。别的,据网络平安公司FireEye称,谷歌(Google)、苹果(Apple)、微软(Microsoft)等美国跨国科技公司的一些破绽也是由中国黑客发明的。腾讯没有回应置评恳求。 While no formal edict has been issued on relevant Chinese state websites, Chinese participants were absent from the annual Pwn2Own hacking contest this month and the Black Hat event in Singapore last week. “They’ve been given guidance that they should no longer participate in events where vulnerabilities are publicly disclosed,” said Bryce Boland, chief technology officer at FireEye. 虽然中国当局相干网站上并未公布任何正式下令,但中国选手出席了本月举行的一年一度的Pwn2Own黑客大赛和上周在新加坡举行的“黑帽网络平安大会”(Black Hat)。FireEye首席技能官布赖斯?博兰(Bryce Boland)说:“他们接到指示,要求他们不再参与地下表露破绽的赛事。” “Pwn2Own used to be basically flooded with Chinese who won all the competitions, but this time there were more or less no Chinese there,” added Mr Ahlberg. Now Chinese hackers could only take a discovery to the vendor or the Ministry “who might notify the vendor or might not”. “过来Pwn2Own大赛上根本上满是中国人,他们博得了一切的比赛,但这一次简直没有中国人参赛,”阿尔伯格增补称。如今中国黑客只能把发明的破绽上报给软件供给商或平安部,而平安部“能够会告诉供给商,也能够欠亨知”。 MSS has already offered clues on its stance with its National Vulnerability database, CNNVD, a repository of known vulnerabilities in different software products. Analysis by Recorded Future showed it had altered publication dates for at least 267 vulnerabilities — a lag, the group said, that highlighted identities the MSS was “likely considering for use in offensive cyber operations”. 从中国国度信息平安破绽库(CNNVD)可以在肯定水平上看出平安部的态度。国度信息平安破绽库收录了种种软件产物的已知破绽。Recorded Future的剖析标明,国度信息平安破绽库窜改了至多267个破绽的公布日期——该公司表现,这一滞后凸显出平安部“很能够会思索将(这些已查证的破绽)用于打击性网络举动”。

Mr Boland said that if the block on attending public contests was designed to have hackers report directly to the CNNVD it would create a “significant threat” because of the scope for Chinese hackers to exploit a huge pool of vulnerabilities. 博兰表现,假如制止黑客参与地下赛事的目标是让黑客间接向国度信息平安破绽库上报,这将培养出一个“严重要挟”,由于中国黑客将拥有应用少量破绽的空间。 “It’s like putting a vulnerabilities database with the CIA,” said Mr Ahlberg, referring to the US intelligence agency. “You’re really putting the hen in with the foxes. That’s the policy problem here but they’ve done it for a very good reason: they want total control.” “这就像是把破绽库放在美国地方谍报局(CIA)一样。”阿尔伯格拿美国的谍报机构打比如说,“你这实践上是把母鸡放在狐狸堆里。这便是这外面存在的政策题目,但他们曾经这么做了,来由很充沛:他们想要完全的控制。”

------分开线----------------------------
引荐内容
热门内容