Archived version

Hackathons are common, but Chinese hacking competitions are different.

In 2017, Zhou Hongyi, the founder of Chinese cybersecurity giant Qihoo 360, publicly criticised the practice of sharing vulnerability discoveries internationally, arguing that such strategic assets should stay within China. His sentiments, supported by the Chinese government, gave birth to the national hacking competition called the Tianfu Cup. The contest is focused on discovering vulnerabilities in global tech products like Apple iOS, Google’s Android, and Microsoft systems.

How is Tianfu Cup different?

A 2018 rule mandates participants of the Tianfu Cup to hand over their findings to the government, instead of the tech companies.

Dakota Cary, a China-focused consultant at the US cybersecurity company SentinelOne, said, “In practice, this meant vulnerabilities were passed to the state for use in operations.”

This approach effectively turned hacking competitions into a government pipeline for acquiring zero-day vulnerabilities — software flaws unknown to vendors and extremely valuable for cyber-espionage.

In recent years, China’s hacking competitions have increasingly shifted focus toward breaching domestic products, including Chinese-made electric vehicles, phones, and security software.

  • randomname@scribe.disroot.orgOP
    link
    fedilink
    English
    arrow-up
    3
    ·
    15 hours ago

    @demesisx@infosec.pub

    Quick question also to you: Do you fundamentally disagree with what Israel and the US are accused of but fully support China’s domestic surveillance, transnational repression, supression of free speech and freedom of the press, bullying of its neighbours, aggression against Taiwan, just because they are perpetrated by “the good guys”?

    • demesisx@infosec.pub
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      13 hours ago

      You conveniently dodged my question, then asked me stupid questions, thinking I’d have to agree with cherry-picked offenses by China. I am not a fan of China. I just think they are justified in defending themselves. Furthermore, I think it’s hilarious that the the US decided to offshore our high tech goods to have them manufactured there as if we weren’t ASKING to be hacked. The only solution going forward is CLEARLY domestic RISC-V manufacturing and not allowing our enemies to manufacture our critical technologies.

      Do I support China’s:

      • domestic surveillance: of course not
      • transnational repression: of course not
      • supression (sp!) of free speech and freedom of the press: of course not
      • bullying of its neighbours: of course not
      • aggression against Taiwan: of course not

      Do I support China engaging in pre-emptive cyber warfare against aggressors: absolutely

      Do I support the US engaging in pre-emptive cyber warfare against aggressors: absolutely

      Do I support Israel engaging in pre-emptive cyber warfare against aggressors: absolutely

      Do I support war crimes being committed by ANY of these countries: NO