These Were China's Top 10 Cyber Security Threats in 2014
A Chinese internet company just listed 2014's biggest information security incidents. By Adam Segal
Netease, a Chinese Internet company, has an interesting list of China’s top ten information security incidents this year. They are:
- The formation of the Small Leading Group on Information Security and Internet Management. Formed in February, the group signaled the increasing importance of cyber to Chinese interests and greater attention to policy making from the highest levels of government. In the words of President Xi Jinping, who leads the group, “No information security, no national security. No informatization, no modernization.”
- Microsoft stops supporting Windows XP. XP is thirteen years old, so it was to be expected that support would end. The program is, however, still widely used in China—over 70 percent of computers, or close to 200 million users—still use the program. No support means no patches and updates, creating a massive security threat for China. Just one more thing China can be annoyed with Microsoft about.
- First National Cybersecurity Awareness Week in Beijing. Held in November, the event involved central agencies as well as provinces and municipalities. It educated the public about phishing, telecom fraud, online rumors, and other topics and will be staged annually. China joins a growing list of countries and organizations sponsoring cybersecurity awareness campaigns that includes the United States,Australia, Canada, the Organization of American States, and the European Union.
- Pangu jailbreaks iOS 7.1. A Chinese group was the first to release a jailbreak of Apple’s operating system—a program that allows users to avoid software restrictions and install third-party applications—and has since gone on to break iOS 8.
- The Heartbleed Bug. According to a survey done by the China Software Testing Center, Heartbleed, which is a vulnerability in a security protocol used for online transactions,was one of the most widely detected security flaw on Chinese websites.
- Sophisticated Android malware. Chinese cybersecurity researchers identified a bootkit trojan called Oldboot.B. The trojan infected phones, stole their data, interfered with calls, and uninstalled mobile antivirus software. Over half a million phones in China were infected.
- Hacking Tesla. During a competition held as part of a cybersecurity conference, a team from Zhejiang University found a flaw that allowed them to honk the horn, lock the doors, and flash the lights of a Tesla Model S. Tesla promised to patch the vulnerability, but concerns about the cybersecurity of automobiles is bound to increase. The team won 10,600 RMB, or about $1,716.
- The Great Domain Name System (DNS) Catastrophe. In January, millions of Chinese users could not access websites with a “.com” domain including the news site Sina.com and the search engine Baidu.com. Chinese experts blamed it on the hack of the DNS, the system that converts numerical internet addresses into easy to remember names, and reflective of the need to build domain name root servers in China. Experts outside of China thought it could be the result of a mistake in China’s censorship system, the Great Firewall of China.
- XX Artifact. The presence of two cases of smartphone malware on the list reflects the importance of the mobile Internet in China. XX artifact spread quickly, texting the first ninety-nine contacts listed on the phone. The author of the code was arrested seventeen hours after it first started spreading.
- Government procurement. In the wake of the Snowden revelations, Chinese government looked at a wide range of policies to reduce dependence on foreign technology companies and increases the competitiveness of domestic firms. One of those tools was government purchases, and the central government announced it would give preference to domestic antivirus products over those from Kaspersky and Symantec
This post appears courtesy of CFR.org.