Chinese authorities use Tianfu Cup as a source of exploits
The Chinese authorities use the country’s most important hacker competition, the Tianfu Cup, as a source of exploits to spy on its citizens and attack citizens and organizations in other countries.
Over the years, teams of security researchers from China have been consistent favorites in international hacking competitions like Pwn2Own. They won multimillion-dollar prizes and enjoyed great prestige, but in 2017 it was all over.The founder and CEO of Chinese tech giant Qihoo 360, Zhou Hongyi, issued a surprise statement criticizing Chinese citizens participating in overseas hacking competitions.
As Zhou Hongyi told Sina, the high results shown by the Chinese participants in such competitions have only visible success. According to him, as soon as a competitor finds a vulnerability in popular software, it becomes useless, since the manufacturer closes it, depriving it of the possibility of its further exploitation.
Beijing heeded Zhou Honggi’s words and banned Chinese researchers from participating in overseas hacking competitions. A few months later, China had its own competition.
The first Tianfu Cup competitions were held in November 2018. The grand prize of $ 200,000 was won by Qihoo 360 employee Qikun Zhao, who presented a powerful chain of exploits that allowed him to easily and reliably control an iPhone with all patches installed.
A few months later, in January 2019, Apple released a fix for this vulnerability, only briefly mentioning who discovered it. However, in August of that year, Google released an extraordinary report on a massive malware campaign against iPhone owners.
The researchers studied five different chains of exploits they discovered, among which was the one for which Qikun Zhao won the main prize at the Tianfu Cup. Further analysis showed that the chain of exploits was used by the Chinese government to spy on the Muslim Uyghur community.
Officials in Beijing say China is fighting “terrorism and extremism,” but the United States, among other countries, has labeled the move as genocide. These violations constitute an unprecedented high-tech campaign of oppression, including government hackers.
MIT Technology Review learned that cyber experts from the US government have discovered the Chaos exploit used against the Uyghurs. The researchers concluded that the Chinese were essentially following the “strategic value” plan outlined by Zhou Hongyi of Qihoo; that the Tianfu Cup was the cause of these attacks and essentially government crimes; and that the exploit was quickly passed on to Chinese intelligence, which then used it to spy on Uighurs.
Let me remind you that we also wrote that China officially legalized the “Social Credit System”.