Chinese Internet Policing Becomes Literal

China is well known for having some of the strictest internet restrictions in the world and the level of control from the government is now set to increase further, with police being posted at the larger internet companies.

The government claims this initiative is designed to strengthen national security by guarding against cyberhacking, terrorism and fraud but naturally some are sceptical about their true intentions. Affected companies have not been publically named but China Mobile, Alibaba and WeChat are all rumoured to be on the list.

This is another step in escalating security measures in China; you will likely have heard about the firewall which prevents citizens from accessing Facebook and other social media. Recently it’s also been announced that all foreign technology in banks, military and state-owned companies will be replaced.

Chinese VPN Services the New Attack Surface

In further news relating to China, recently researchers claim to have discovered an ‘archipelago’ of Chinese VPN services, commonly used by gamers trying to bypass the ‘Great Firewall of China’ they claim that these are also used to disguise the origins of attacks on foreign companies, of which many are believed to originate from China. The below image shows victims of Chinese cyber espionage in the last 5 years

Chinese cyber espionage

This latest research also shows that many of the exit nodes used are not legitimate servers based at Internet Service Providers, but rather compromised Windows servers harvested without the knowledge of their victims and based at large companies such as a fortune 500 hotel chain, added to the VPN ‘archipelago’ and thereby promoting continued attacks on such companies. 

The public would rather be naked on the internet than risk their financial information

A recent MasterCard survey revealed that people were more concerned about their financial information being leaked than they were about having their home broken into or even having naked photos leaked online!

77% of respondents admitted to feeling anxious about the possibility of their financial information being stolen however only 54% regularly changed their passwords and 44% made the mistake of using the same password across multiple accounts.

Google, Facebook, Microsoft and others pledge to crack down on child abuse

The IWF (Internet Watch Foundation), a UK charity, is cracking down further on child abuse online. Having won the support of Google, Twitter, Facebook, Microsoft and Yahoo the company will be sharing hashes (a unique digital fingerprint) of such indecent images in order for them to be tracked down and removed. While the IWF admit that even this coordinated effort will only remove a small fraction of the images, they believe it’s still a huge step forward in the proactive work against child abuse online.

Firefox Exploit Being Used in the Wild

A critical Firefox zero-day has been found being actively exploited in the wild. The exploit allows attackers to create malicious PDF files which then inject JavaScript into local files. The attack can then steal sensitive files, leaving no trace on the local machine and affects both Windows and Linux machines. The emergency security update was released on Friday so if you’re a Firefox user, make sure to update.

Defcon Presentation Gives Worrying Details of Gas Pump Hack Potential

At Defcon this weekend, one of the most interesting presentations concerned the possibilities of gas pumps being hacked. If an attacker chose to be malicious, they could use this to disable leak alarms, cause tanks to overflow or falsify tank levels to cause pumps to be closed unnecessarily.

The researchers went so far as to set up some fake gas pump systems on US servers, which sure enough were attacked and defaced. From baby monitors, to cars to gas pumps; the last few months has definitely started to show us the scary potential of the Internet of Things; it’s no longer an over-hyped buzz-phrase.

SHARE THIS POST
THE AUTHOR
Acunetix

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.