Hello dear readers of Tecnogalaxy, today we will talk about the tournaments that are becoming a tool for hacking and computer spying.

When Apple announced in a post that it had fixed a security vulnerability in its iOS operating system, the company tried to reassure its customers.

It has since emerged that the vulnerability in question was discovered during China’s premier hacking competition, the Tianfu Cup, where a professional hacker won an award for his discovery work. The normal protocol would be to inform Apple of the vulnerability. But it is alleged that, instead, the violation was kept secret, with the Chinese government acquiring it to spy on the country’s Muslim minority.

Hacking competitions are an established way for tech companies like Apple to identify and address vulnerabilities in their software’s cybersecurity. But with the rise of state-backed hacks, the suggestion that the Tianfu Cup is providing Beijing with new ways to perform surveillance is worrying, especially given that Chinese competitors have dominated international hacking competitions for years.

Computer hacking and spying competitions

Tech companies provide the cash prize, and cybersecurity researchers, or professional hackers, compete to win it by uncovering security weaknesses hidden in the world’s most widely used software. For example, in the Pwn2Own event in April, which is considered the best hacking competition in North America, the likes of Zoom and Microsoft Teams were successfully hacked.

Until 2017, Chinese hackers left with a high percentage of rewards offered on Pwn2Own. But after a Chinese billionaire argued that Chinese hackers should “stay in China” because of the strategic value of their work, Beijing responded by banning Chinese citizens from competing in hacking competitions overseas. The Chinese Tianfu Cup was established shortly after, in 2018.

In its first year, a hacker participating in the Tianfu Cup produced an award-winning hack he called “Chaos“. The hack could be used to remotely access even the most recent iPhones, the type of breach that could easily be used for surveillance purposes. Google and Apple both spotted the hack “in the wild” two months later, after it was used specifically against Uighur iPhone users.

Hacking competitions are designed to expose zero-day vulnerabilities, which are security weaknesses that software vendors have not identified or anticipated. Award-winning hackers should share the techniques they used so vendors can devise ways to patch them up. But keeping zero-day exploits private or passing them on to government institutions significantly increases the chances of them being used in state-backed zero-day attacks.

Zero-day attacks

We have already seen examples of such attacks. In early 2021, four zero-day vulnerabilities in the Microsoft Exchange server were used to launch widespread attacks against tens of thousands of organizations. The attack was linked with Hanium, a hacker group backed by the Chinese government.

A year earlier, the SolarWinds hack compromised the security of several US federal agencies, including the Department of Treasury and Commerce and the Department of Energy, which is responsible for the country’s nuclear stocks. The hack has been linked to APT29, also known as “Cozy Bear“, which is the hacking arm of Russia’s foreign intelligence service, the SVR. The same group was reportedly involved in an attempt to hack organizations with information about COVID-19 vaccines in July 2020.

At least in Russia and China, evidence suggests that cybercriminal gangs are working closely, and sometimes interchangeably, with state-sponsored hacker groups. With the advent of the Tianfu Cup, China appears to have access to a new talent pool of skilled hackers, motivated by the competition prize money to produce potentially malicious hacks that Beijing may be willing to use both at home and abroad. abroad.

This is all about the evolution of cyber espionage, in a future article.

Read also:

Was this article helpful to you? Help this site to keep the various expenses with a donation to your liking by clicking on this link. Thank you!

Follow us also on Telegram by clicking on this link to stay updated on the latest articles and news about the site.

If you want to ask questions or talk about technology you can join our Telegram group by clicking on this link.

© Tecnogalaxy.org - It is forbidden to reproduce the content of this article.