Friday Digest #13: China's Hacking Leak
Hi it’s Sam, back this week following Simon’s fascinating article detailing the WiFi vulnerabilities we recently discovered.
It’s been a hell of a week in the world of infosec. LockBit, the “world’s most harmful cyber crime group,” was compromised following an international effort spearheaded by the UK’s National Crime Agency.
The data acquired has already resulted in four people being arrested and authorities have vowed to further expose details of the group’s activity in the coming weeks.
Meanwhile, an anonymous leak has provided unique insights into the operations of cyber espionage firms in China.
Today, I want to focus on the I-SOON leak and explore what it does (and doesn’t) tell us about China’s hacking efforts.
As ever, please get in touch at samuel@top10vpn.com if you have any comments or suggestions for future editions.
At the end of last week, over 500 documents and chat logs from the Chinese cybersecurity company, I-SOON, were leaked on GitHub.
The repository, which has since been disabled on the platform, provides unprecedented access into the operations of a cybersecurity firm with close ties to the state.
However, with the files now only accessible via the WayBack Machine, analysis of the documents has become considerably more tricky unless you’ve already downloaded them.
The leak exposed a trove of sensitive information including product brochures, internal communication data, and information that appears to have been hacked from telecommunication companies, including call detail records (CDRs).
The most interesting products include malware capable of compromising devices on almost every operating system, an email monitoring service, and software designed to monitor and hack Twitter accounts.
Although these capabilities aren’t entirely surprising, it’s the first time they’ve been revealed in such detail. As Tom Uren and Catalin Cimpanu wrote for Risky Biz this week:
“This is a lot of fun for those of us who follow Chinese cyber activity closely and provides some fascinating insight into how at least some of the lower tier Chinese espionage contractors work. But it's not any sort of game changer and will not have the impact that the Snowden leaks had on Five Eyes operations.”
Looking into the company via their website (which has been removed but is still available on WayBack Machine) I noticed the inclusion of the French multinational Carrefour on the company’s list of official partners.
Although the company sold most of its China-based business to Suning in 2019, it retained a 20% stake and two seats on the company’s supervisory board, according to a press release from the company.
More recently, Carrefour’s chief financial officer Matthieu Malige told the Financial Times that Carrefour China “has been under the sole control and management of Suning” since 2019.
Details of the relationship — and whether it predates the sale of Carrefour China — remain unclear but its inclusion alongside universities in Xinjiang and state-owned businesses is likely to raise some eyebrows. And things are only made worse by the fact the leaked documents reveal the company had been bidding on contracts in Xinjiang.
It certainly wouldn’t be the first time we’ve seen Chinese surveillance firms working with Western companies.
In 2021, I published a report written by Valentin Weber and Vasilis Ververis that showed that at least 10 Chinese firms maintained relationships with US companies.
One of the companies identified in the report, Beijing Zhongke Fuxing Information Technology Co, still lists Microsoft, IBM, and Oracle as official partners on its website. The company has completed several projects in Xinjiang, including a digital monitoring system for the Xinjiang Construction Corps.
Perhaps with more leaks and greater transparency, these types of commercial relationships will face renewed scrutiny. However, for now it serves to show how interconnected Chinese companies still are with Western brands, however invasive their products may be.
In Other News
TechCrunch: Authorities disrupt operations of notorious LockBit ransomware gang
International law enforcement agencies collaborated to disrupt the operations of LockBit, a notorious ransomware gang. This takedown involved seizing LockBit's infrastructure, exposing their capabilities, and potentially aiding victims in regaining access to their data.
The Register: European Court of Human Rights declares backdoored encryption is illegal
The European Court of Human Rights ruled that laws requiring weakened encryption are illegal, potentially impacting similar proposals in Europe like Chat Control. The decision is likely to significantly strengthen privacy protections and hinder efforts by governments to scan private communications for illegal content.
Security Week: Apple Adds Post-Quantum Encryption to iMessage
Apple has introduced PQ3, a new post-quantum encryption protocol for iMessage, designed to protect communications even against future quantum computing attacks. This makes iMessage the only messaging app offering "Level 3" security, protecting past and future messages even if an encryption key is compromised. PQ3 will be rolled out with upcoming OS updates and automatically enabled for supported devices.
Lawfare: At Signal, A Revolution in Messaging
Signal has made phone numbers private by default and rolled out usernames, marking a significant step in protecting user privacy. You can still find others by entering their phone number, but they can also choose to hide their number from everyone, including new friends.
Iran International: Iran Regime Disrupts VPNs Amid Crackdown On Activists
Iran has further disrupted access to VPNs and arrested activists promoting them. The crackdown aligns with efforts to penalize the VPN industry, despite accusations of government profiting from such restrictions.
The Hacker News: Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices
Meta identified eight companies selling spyware targeting iOS, Android, and Windows devices. These companies also engaged in social engineering and phishing attacks on various platforms. Meta also removed accounts used for spreading misinformation and promoting specific political agendas.
EFF: Privacy Isn’t Dead. Far From It.
With our right to privacy constantly under attack, it can be hard to stay positive. But the fight is ongoing and, in many ways, making progress. Read more about the challenges that remain and the individuals that are working to improve our internet privacy in this primer from EFF.