News

Chinese authorities use Tianfu Cup as a source of exploits

The Chinese authorities use the country’s most important hacker competition, the Tianfu Cup, as a source of exploits to spy on its citizens and attack citizens and organizations in other countries.

Over the years, teams of security researchers from China have been consistent favorites in international hacking competitions like Pwn2Own. They won multimillion-dollar prizes and enjoyed great prestige, but in 2017 it was all over.

The founder and CEO of Chinese tech giant Qihoo 360, Zhou Hongyi, issued a surprise statement criticizing Chinese citizens participating in overseas hacking competitions.

As Zhou Hongyi told Sina, the high results shown by the Chinese participants in such competitions have only visible success. According to him, as soon as a competitor finds a vulnerability in popular software, it becomes useless, since the manufacturer closes it, depriving it of the possibility of its further exploitation.

The hackers and their knowledge should stay in China so that they could recognize the true importance and strategic value of the software vulnerabilities.Qihoo 360 head argues.

Beijing heeded Zhou Honggi’s words and banned Chinese researchers from participating in overseas hacking competitions. A few months later, China had its own competition.

The first Tianfu Cup competitions were held in November 2018. The grand prize of $ 200,000 was won by Qihoo 360 employee Qikun Zhao, who presented a powerful chain of exploits that allowed him to easily and reliably control an iPhone with all patches installed.

A few months later, in January 2019, Apple released a fix for this vulnerability, only briefly mentioning who discovered it. However, in August of that year, Google released an extraordinary report on a massive malware campaign against iPhone owners.

The researchers studied five different chains of exploits they discovered, among which was the one for which Qikun Zhao won the main prize at the Tianfu Cup. Further analysis showed that the chain of exploits was used by the Chinese government to spy on the Muslim Uyghur community.

Over the past seven years, China has committed human rights violations against Uighurs and other minority groups in western Xinjiang. Well-documented aspects of the campaign include detention camps, systematic forced sterilization, organized torture and rape, forced labor, and unprecedented surveillance efforts.the columnists of the MIT Technology Review remind.

Officials in Beijing say China is fighting “terrorism and extremism,” but the United States, among other countries, has labeled the move as genocide. These violations constitute an unprecedented high-tech campaign of oppression, including government hackers.

MIT Technology Review learned that cyber experts from the US government have discovered the Chaos exploit used against the Uyghurs. The researchers concluded that the Chinese were essentially following the “strategic value” plan outlined by Zhou Hongyi of Qihoo; that the Tianfu Cup was the cause of these attacks and essentially government crimes; and that the exploit was quickly passed on to Chinese intelligence, which then used it to spy on Uighurs.

Let me remind you that we also wrote that China officially legalized the “Social Credit System”.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button