cross-posted from: https://lemmy.sdf.org/post/37332256

Archived

On 14 May 2025 the Standing Committee of the National People’s Congress, China’s legislative body, published its 2025 work plan, including plans to deliberate draft amendment to the 2017 Cybersecurity Law proposed by the Cyberspace Administration of China (CAC). ARTICLE 19 warns that the proposed amendment doubles down on China’s repressive digital norms, further illustrating the human rights concerns inherent in China’s model of cybersecurity governance.

[...]

The most concerning changes proposed by the amendment involve significant increases in penalties, including greater liability for management personnel, and the reinforcement of censorship and surveillance as core elements of cybersecurity governance.

[...]

Revised Article 59 increases fines for network and CII operators’ non-compliance with varied cybersecurity duties. It doubles the maximum penalty for actions that impact local CII, or cause other vaguely worded consequences to network security, to 2 million yuan ($278,186 USD) and introduces a new penalty for causing CII to ‘lose its main function and other particularly serious consequences for cybersecurity’, with a maximum fine of 10 million yuan ($1,390,930 USD).

Directly responsible personnel will face stricter liability, arguably as a means of outsourcing tighter oversight. In the 2017 Law, the harshest penalty for responsible personnel is 200,000 yuan ($27,818 USD). The amendment introduces a new fine for responsible management personnel carrying a maximum penalty of 1 million yuan ($139,093 USD).

[...]

A newly proposed Article 64 expands on the enhanced penalties for network or CII operators who fail to prevent certain prohibited acts. This includes activities vaguely deemed to endanger cybersecurity, or providing software, other technical support, or expenses for prohibited activities. This could impact cybersecurity researchers and digital security practitioners, and –considering the emphasis on controlling information as part of China’s approach to cybersecurity – could be extended to those who provide VPNs and other circumvention tools, already effectively criminalised in China.

Because the law in China is often weaponised in service of the Chinese Communist Party (CCP), increased penalties signal that non-compliance with Party priorities in digital governance will be met with ever-harsher penalties.

[...]

Unsurprisingly, the draft explicitly reiterates requirements on preventing ‘prohibited’ information from outside of China – a reminder that the epitome of internet fragmentation, the Great Firewall of China, is synonymous with the Party’s approach to CII governance. This in turn raises serious concerns around the dissemination of China’s model for cybersecurity governance.

[...]

The draft goes on to outline that, should network operators fail to block ‘prohibited’ content leading to further unspecified ‘particularly serious’ impacts or consequences, they will be subjected to a maximum fine of 10 million yuan ($1,390,930 USD), and administrative penalties. Directly responsible personnel will be fined upwards of 1 million yuan.

Moreover, the draft combines the language in previous provisions into a new Article 71, further citing obligations of strict control over ‘permissible’ expression and data localisation requirements.

[...]

The operation of network and critical information infrastructure requires provisions to prevent and respond to cyber-attacks. At the same time, cybersecurity measures must not infringe on human rights, and information infrastructure security cannot be conflated with the surveillance and control of information. The draft amendment to the Cybersecurity Law, rather than addressing new and emerging cybersecurity vulnerabilities, doubles down on existing freedom of expression concerns in the 2017 Law. These concerns are only magnified by China’s own stated ambition to expand its cyber power through the development and dissemination of cybersecurity governance norms around the world.

[...]

cross-posted from: https://lemmy.sdf.org/post/37319322

Archived

Full report (pdf)

Key Takeaways:

• Over 1,000 actively infected nodes
• Targets are highly localized in the United States and Southeast Asia, particularly Japan, South Korea, Hong Kong, and Taiwan
• Victims in real estate, IT, networking, media and more
• LapDogs leverages a custom backdoor named “ShortLeash,” which establishes a foothold on compromised devices and enables the hackers to act covertly
• Small Office/Home Office (SOHO) devices are mainly targeted
• Campaign growth is deliberate, beginning September 2023 and expanding with methodical tasking
• LapDogs shares commonalities with some prolific China-Nexus ORB networks, most notably PolarEdge, while conclusively standing out as an independent ORB

cross-posted from: https://scribe.disroot.org/post/3248424

Archived version

Canada’s cybersecurity agency said Chinese-backed hackers were likely behind recent malicious activity targeting domestic telecommunications infrastructure, warning that three network devices registered to a Canadian company were compromised in the attacks.

The Canadian Centre for Cyber Security and the US Federal Bureau of Investigation urged Canadian organizations to take steps to harden their networks against the threat posed by Salt Typhoon, a group linked to the Chinese government, in a bulletin issued late on Friday.

“The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies,” the center said. “The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon,” it said, referring to the People’s Republic of China.

Separate investigations that revealed overlaps with malicious indicators consistent with Salt Typhoon suggest the cyber campaign “is broader than just the telecommunications sector,” it said.

The hackers will “almost certainly” continue efforts to infiltrate Canadian organizations — especially telecom providers — over the next two years, the agency said.

...

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

cross-posted from: https://lemmy.sdf.org/post/37220836

Archvied

In December 2024, evidence came to light that “foreign actors” had mounted a coordinated TikTok campaign during Romania’s presidential election to garner support for pro-Russian candidate, Calin Georgescu. As a result, the European Commission opened formal proceedings against TikTok and a Romanian court annulled the first round of the election.

Although the investigation postponed Romania’s vote until spring 2025—and moderate candidate, Nicusor Dan, ended up the victor—this development illustrates that Russian backing is allowing populist parties to exploit TikTok algorithms in favour of their own agenda in Europe. But such interference is not confined only to the continent’s east: during Germany’s February 2025 federal election, fact-checking organisations in the country reported at least 200 cases of false political statements being made on the platform. Evidence also shows that, in the recent presidential election in Poland (which returned the right-wing candidate Karol Nawrocki) the TikTok algorithm heavily favoured right-wing content over other political themes.

Indeed, according to a recent German study, Germany’s TikTok users are particularly receptive to Russian and Chinese disinformation, and far more likely to believe anti-Western and pro-authoritarian narratives that overlap with the messages of populist parties. In Germany, TikTok’s most active and dominant political party is the far-right Alternative for Germany (AfD), with the populist Sahra Wagenknecht Alliance (BSW) gaining ground. Given that TikTok is primarily used by young people in Germany (around 70% of 16 to 29-year-olds), this demographic is most at risk from nefarious actors utilising TikTok’s algorithm to gain political and social advantages, and push populist parties more aligned with their agendas.

But, for the actors behind the campaigns, capturing a young audience is just the beginning. For those propagating disinformation, their aim is to polarise societies, undermine trust in democratic institutions and strengthen political actors sympathetic to their agendas.

[...]

Chinese ownership of the tech giant ByteDance, the parent company of TikTok, poses a different but still serious security risk. Private messages on TikTok are not end-to-end encrypted and, even if an app store has checked and approved its installation, future app updates may contain malware. Since Chinese companies such as ByteDance are under the influence of the Chinese Communist Party (CCP) (and the corporation collects vast amounts of user data, which it must make available to the Chinese authorities on request) the access to user information on ByteDance’s apps like TikTok more easily enables Beijing to actively gather data on the US and European citizens. In this respect, TikTok enabling access to information such as mobile location tracking data could offer China broader strategic geopolitical advantages.

[...]

Europe needs to take proactive steps to safeguard its digital ecosystem. A TikTok ban is a last resort, but the risks posed by disinformation, algorithmic manipulation and foreign surveillance are too great to ignore. Better coordination between EU institutions and national authorities is required, as well as significant increases in the resources of enforcement agencies and regular training for staff handling digital regulation.

After a series of minor releases, the Stegano project reaches a new milestone with a great new feature.

Notable changes

Hide and reveal messages in PCM encoded .wav files. Your secrets now have a soundtrack!

The command line interface has been updated to let you use this new feature directly from your shell. It's quite convenient if you install Stegano using pipx.

Other minor changes

• Improved type annotations.
• Updated dependencies.

Stegano is a pure Python steganography library designed to make hiding messages in plain sight easy and educational. Whether you’re experimenting or building something more serious.

Check it out or contribute: https://github.com/cedricbonhomme/Stegano

Documentation: https://stegano.readthedocs.io/

Install from Pypi: https://pypi.org/project/stegano

Thank you to all contributors who helped make this happen!

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

This post contains a canary message that's cryptographically signed by the official BusKill PGP release key

The BusKill project just published their Warrant Canary #010

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Status: All good
Release: 2025-06-16
Period: 2025-06-01 to 2026-05-31
Expiry: 2026-06-30

Statements
==========

The BusKill Team who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is July 16, 2025.

2. The current BusKill Signing Key (2020.07) is

   E0AF FF57 DC00 FBE0 5635  8761 4AE2 1E19 36CE 786A

3. We positively confirm, to the best of our knowledge, that the 
   integrity of our systems are sound: all our infrastructure is in our 
   control, we have not been compromised or suffered a data breach, we 
   have not disclosed any private keys, we have not introduced any 
   backdoors, and we have not been forced to modify our system to allow 
   access or information leakage to a third party in any way.

4. We plan to publish the next of these canary statements before the
   Expiry date listed above. Special note should be taken if no new
   canary is published by that time or if the list of statements changes
   without plausible explanation.

Special announcements
=====================

1. We are changing from twice-yearly to once-yearly canaries

Disclaimers and notes
=====================

This canary scheme is not infallible. Although signing the 
declaration makes it very difficult for a third party to produce 
arbitrary declarations, it does not prevent them from using force or 
other means, like blackmail or compromising the signers' laptops, to 
coerce us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to 
demonstrate that this canary could not have been created prior to the 
date stated. It shows that a series of canaries was not created in 
advance.

This declaration is merely a best effort and is provided without any 
guarantee or warranty. It is not legally binding in any way to 
anybody. None of the signers should be ever held legally responsible 
for any of the statements made here.

Proof of freshness
==================

16 Jun 25 19:17:39 UTC

Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
"Teacher Li": Catching Up with the Most Effective Chinese Regime Opponent
Firing at the Desperate: Palestinians Killed as They Gather to Receive Relief Supplies

Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
Live Updates: Israel Strikes Iranian State TV as It Expands Targets in Tehran
With No Clear Off-Ramp, Israel’s War With Iran May Last Weeks, Not Days

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
No further damage seen at Iran nuclear sites, global watchdog says
'Nowhere feels safe': Iranians on life under Israeli attacks

Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash)
00000000000000000000f2c3a15949aac2f6d7bc153330a4fca496f68c8c4b21

Footnotes
=========

[1] https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmhQbsQACgkQaLi8sMUC
OQW6Ng//aVnkEMdWFTbwBkDD5k7i1+sdoX1XwigV/hYHoTBJqeIATbw3uvdqiQfx
/VY8sCJUFyLjAqSmEb7rXMjvVy0PFWP7zS4BJgGimEkNoIYRQBfY7txK9uD7ZJ1n
02ybYu7VwEoBJPtwmP4rp6Vpb5rVXmN//ezXDHteLvLEGTKSJ6X/O7tEPtUNbJmR
37KvkKPLY4txkm0z/3ChGVCicQPO9R7d+Xh2TUo9xXPyVneYTRhjSjWfwpcg0Z58
xW5KTGDbB09HMdrmWkl2aOQrf0GgHjPUapOXy1CB3NBR84j6Nsr2Pod3dOuS7moQ
VKnokMS6/dTTvoUbjUpSizDZu+Te2RYanV2I3gt5CHKDNhyFUh4EYOMPqje1dy8j
bf5I4p0qsZkRN12IvIQzDVKKq4guD7zQuagpWvi0d7OtNldT2lu7G2uWQ55WLej0
4QbFn7WCeEWyMXhQHYVYjY8QZPSIHTLHUBTm59+/CGEXYB9WeVi3g2sbD9Aasgod
Te7pm3SC4Sg+F8v7SCoPbxY9VXdCUREOsxPybYrtbFgkdnZwsb2YlN7UDJ9Lqz7i
GYMqX7JNpt7R+Zbp4TQCy1yQY4gNR4H2E1Z2o+3cRTygbUHV58/L0IJc+lO6oHJY
Sa4k/6pswal3CYJSu+imbRmhoFnpv1pFZ1ch2b8k8K/1q727NkU=
=1XvB
-----END PGP SIGNATURE-----

What is a Warrant Canary?

The BusKill team publishes cryptographically signed warrant canaries on an annual basis.

Although security is one of our top priorities, we might not be able to inform you of of a breach if served with a State-issued, secret subpoena (gag order).

The purpose of publishing these canary statements is to indicate to our users the integrity of our systems.

For more information about BusKill canaries, see:

• https://buskill.in/canary

To view all past canaries, see:

• https://www.buskill.in/category/Canary/

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

Archived version

Across the world, phone networks carry billions of passwords and login codes on a daily basis. Tech companies need to keep their subscribers logged in to their apps and accounts with maximum efficiency, wherever they might be. So these security codes need to get from Silicon Valley to everywhere, as quickly (and as cheaply) as possible. For most people they are a necessary annoyance, until they are breached with damaging consequences.

Companies, including banks and Big Tech, don’t send login codes to their customers directly. This would be costly and inefficient. Instead they rely on a sprawling and opaque network of contractors and subcontractors, each of which promises to shave off a part of the sending cost in return for market share. This is what the industry calls “lowest cost routing”. The catch is that any of these middleman companies can see everything transmitted. The codes that come saying “Do not share with anyone” might in fact already have been shared with more or less anyone.

...

Lighthouse obtained a cache of almost 100 million data packets from a phone industry source. The data gave a unique insight into telecom traffic passing through the network of a controversial Swiss outfit. Millions of these packets contained “A2P” (application-to-person) SMS messages. We analysed these to identify senders, recipients and type of message content.

We found millions of sensitive security codes and logins getting sent via Fink Telecom Services. The logins related to services from some of the world’s largest tech companies – including Google, Meta and Amazon; banks and crypto exchanges; dating sites and online marketplaces; and messaging apps including WhatsApp, Viber and Signal. Overall we identified over 1000 companies sending logins to their customers via the network run by maverick telecom entrepreneur Andreas Fink. The text messages we were looking at often told us the account names as well as the login codes and phone numbers.

...

cross-posted from: https://lemmy.sdf.org/post/36828953

Archived

The Apple and Google app stores continue to offer private browsing apps that are surreptitiously owned by Chinese companies, more than six weeks after they were identified in a Tech Transparency Project report. Apple and Google may also be profiting from these apps, which put Americans’ privacy and U.S. national security at risk, TTP found.

[...]

After the Financial Times asked Apple for comment on these findings, two of the apps linked to Qihoo 360—Thunder VPN and Snap VPN—were pulled from its app store. When TTP checked again in early May, another Qihoo 360-connected app called Signal Secure VPN had been quietly removed. But two other apps linked to Qihoo 360—Turbo VPN and VPN Proxy Master—remained available in the U.S. Apple App Store, along with 11 other Chinese-owned apps identified in TTP’s report.

The Google Play Store, meanwhile, offered four Qihoo 360-connected apps—Turbo VPN, VPN Proxy Master, Snap VPN, and Signal Secure VPN—as well as seven other Chinese-owned VPNs identified in TTP’s initial report.

The linked article lists several China-owned VPN apps identified by the Tech Transparency Project (TTP).

[...]

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!