back to article Giant leak reveals Chinese infosec vendor I-Soon is one of Beijing's cyber-attackers for hire

A cache of stolen documents posted to GitHub appears to reveal how a Chinese infosec vendor named I-Soon offers rent-a-hacker services for Beijing. The trove appeared on GitHub last week and contains hundreds of documents documenting I-Soon's activities. Analysis of the docs by infosec vendor SentinelOne characterizes I-Soon …

  1. Anonymous Coward
    Anonymous Coward

    I'm concerned that with all this talk about cyber, Congress is going to take it's eye off the ball, and lose interest in closing the balloon gap.

  2. An_Old_Dog Silver badge

    Compromised USB Battery

    From TFA: a poisoned power bank that uploads data into victims' machines.

    Uploads data. In other words, plants false evidence against (possibly-perceived) enemies of bureaucrats and leaders within the Chinese government.

    I'm thinking of making a USB-to-USB connector which simply does not include the data lines. I suppose I could get a cheap Chinese "charging-only" USB cord to do the same thing ... (*snerk*)

    1. Graham Cobb Silver badge

      Re: Compromised USB Battery

      People (used to) sell little connectors which did that. I still have one in my travel 'bag of wires' and I always used it when charging in places like airports. Unfortunately they are pretty useless now as I think you need the data lines in order to negotiate for the power supply to send any decent amount of current.

      Although, now, you can get power bricks which can be charged offline and then be unplugged and charge the device at a fairly high current. Bigger and more weight than the old connectors (and still potentially compromisable as the power brick has processors itself - although I have never heard of that happening).

    2. Frank Bitterlich

      Re: Compromised USB Battery

      That "data" uploaded is most probably just an exploit to install a backdoor.

  3. Mike 137 Silver badge

    Realistic threats

    This is a much more realistic threat model that that Huawei supposedly built snooping functionality into their appliances. Quite apart from the consistent failure to find any such functionality, a 'service' such as that ostensibly provided by I-Soon can be much better focused on targets of real interest. The essence of effective espionage is concentration on what is likely to be important rather than the building of random haystacks, so commissioned attack of selected targets is a better proposition than merely placing listening devices all over the place.

    1. An_Old_Dog Silver badge

      Re: Realistic threats

      You focus your espionage attention to relevant targets, yes, but you also build in and distribute your remote access hardware/software widely (a) so that access will more-likely to be there when you need it in the future, e.g., when Joe Q. Sixpack turns into an interesting target due to his newly-acquired familial connections to someone "important", and, (b) because it is so cheap -- and getting cheaper every day -- to do so, governments and businesses will see no reason to not do so.

    2. david 12 Silver badge

      Re: Realistic threats

      Quite apart from the consistent failure to find any such functionality,

      You've got that the wrong way around -- they didn't fail to find snooping software after focusing on Huawai; they focused on Huawai after finding snooping software. Not in handsets, in systems. Delivered in a software update.

      Huawai wouldn't be the first company to have their software compromised by a third party, so perhaps it wasn't their fault, but that's what destroyed trust.

    3. Anonymous Coward
      Anonymous Coward

      The key word here is threats

      Xi's cheerleader squad flood spams any post about Hua's gear with pointless statements about how they haven't been conclusively caught yet.

      That is manifestly the wrong standard. The concern isn't that they are shipping a known backdoor. It's that they can surreptitiously push one at any time to devices that have shipped, and there isn't a system in place to stop it at scale. So the answer is to ban their gear in any place you can't afford to be owned at any moment for the life of the device, or you have to air gap it and only feed it validated firmware.

      Option 2 kills any feature or price/performance edge, and Option 1 isn't viable for most applications. So why bother with it? The gear isn't good enough or cheap enough to justify the risk.

      That said the Chinese are largely justified in applying the same standards to kit from western companies like Cisco.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like