China

China

TLS attacks and anti-censorship hacks

Articles, Blog, Censorship, China, Cyber Security, cybersecurity, TLS
featured image

Despite safeguards in TLS 1.3, China is still censoring HTTPS communications, according to a new report. There are workarounds to this. Plus, how TLS can be used as an attack vector.

The Transport Layer Security (TLS) protocol emerged as a focal point of attention for the information security world during August as the Chinese government updated its censorship tool, the Great Firewall of China, to block HTTPS traffic with the latest TLS version. The topic got even more attention when security researchers offered workarounds to TLS-enabled censorship and demonstrated potential TLS-based attacks at DEF CON: Safe Mode.

TLS is a widely adopted protocol that enables privacy and data security for internet communications, mostly by encrypting communications between web applications and servers. TLS 1.3, the most recent version, was published in 2018. TLS is the foundation of the more familiar HTTPS technology and hides communications from uninvited third parties, even as it does not necessarily hide the identity of the users communicating.

TLS 1.3 introduced something called encrypted server name indication (ESNI), which makes it difficult for third parties, such as nation-states, to censor HTTPS communications. In early August, three organizations — iYouPort, the University of Maryland and the Great Firewall Report — issued a joint report about the apparent blocking of TLS connections with the ESNI extension in China.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Data security risks threaten approval of Chinese undersea cable plan

Articles, Blog, China, Cyber Security, cybersecurity, FCC, Law, News, Team Telecom
featured image

The US government’s “Team Telecom” wants to partially deny a proposed undersea cable connection between the US and Hong Kong over surveillance, data theft concerns.

On June 17, the intergovernmental group known as Team Telecom filed on behalf of the Executive Branch a recommendation to the Federal Communications Commission (FCC) to partially deny an undersea cable system application by a Chinese company called Pacific Light Cable Network (PLCN). Team Telecom (recently renamed as the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector) consists of the Department of Homeland Security )DOH) and the Department of Defense (DOD) led by the Department of Justice’s National Security Division, Foreign Investment Review Section. In its filing Team Telecom specifically urged the commission to reject that part of the application that involves a direct connection between the US and Hong Kong.

The rationale for the recommended rejection echoes similar recent moves by the Trump Administration to push Chinese technology out of the US telecommunications system and power grid supply chains. The White House, along with Team Telecom, has stepped up its arguments that China poses a digital and technology security threat, a contention that is occurring against a backdrop of soured trade negotiations and a politically deteriorating relationship between the US and China.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Senate subcommittee blasts FCC and Team Telecom approach to Chinese supply chain threats

Articles, Blog, China, Congress, Cyber Security, cybersecurity, Cybersecurity Legislation, News
featured image

A report claims that oversight of Chinese telecoms for security threats to the US communications supply chain is lacking and without adequate authority.

The Senate Permanent Subcommittee on Investigations released on Tuesday a report, “Threats to US Networks: Oversight of Chinese Government-owned Carriers.” The document slams the current government review process that oversees how Chinese telecom companies operate in the United States for not rigorously monitoring Chinese tech providers. It outlines a Senate investigation that began shortly after the Federal Communications Commission (FCC) in May 2019 denied a China Mobile USA application to provide international telecom services.

The subcommittee said it reviewed more than 6,400 pages of documents and conducted more than ten interviews, including interviews with representatives from the FCC, Department of Justice (DOJ), Department of Homeland Security (DHS), China Telecom Americas, China Unicom Americas, ComNet, AT&T, Verizon and CenturyLink. The subcommittee also said it met with researchers who analyzed the Chinese government’s use of telecommunications carriers to hijack communications.

The subcommittee’s investigation found that the FCC and “Team Telecom,” a formerly informal group composed of representatives from the DOJ, DHS and Department of Defense, have failed to adequately monitor three Chinese government-owned carriers, China Telecom Americas, China Unicom Americas, and ComNet since they began operating in the United States in the early 2000s.

[This article appeared in CSO Online. To read the rest of the article please visit here.]