Tuesday, March 31, 2015

Yahoo Leaves, Apple's Watch Copied, and GitHub Attacked: Assorted China Tech Links

In addition to other topics, I plan a return to some China tech-related themes here. For a starter, I'll share assorted excerpts of four recent pieces sans commentary by me. Much more can be found by clicking the related links.

1. Yahoo closing its office in China received a lot of media attention. Michael Smith, an ex-Yahoo employee, provided some useful perspective:
China was really just one of the last remote engineering orgs to go. Brazil gone. Indonesia gone. The centralization plan was back on target. Build in HQ – launch everywhere. Like a lot of big internet companies really.

So yes – they closed China. I don’t think it has any connection to a pull back in China since Yahoo is already gone from China. Now the engineers are too.

Big deal. Not.
2. Even before Apple's new smart watch was publicly available, you could buy an imitation of it in China. Peter Ford reported one person's account of the processes used in China's electronics copying business:
If there are product details he is unsure of, he says, “I wait for the product to come out, or ideally see if I can get it earlier than the release date.” Since so many electronic goods are made in China, where factories “are leaky, very leaky,” he adds, “people will straight up offer that stuff to you.”

Nor does a manufacturer of what the source calls “facsimiles” need to resort only to the black market to see engineering ahead of time. “Companies like Apple buy things from other providers and put them together in a pretty package,” he says. “I don’t even need to ‘pirate’ their stuff; I just buy it from the same guys who sell it to them [ie Apple].”
3. Github, an online site used by many developers worldwide for coding, has been the target of a remarkable attack. Eva Dou explains the attack and why it appears that not only is the source based in China but the Chinese government is behind it:
Mikko Hyponen, the chief research officer of cybersecurity firm F-Secure, said the attack was likely to have involved Chinese authorities because the hackers were able to manipulate Web traffic at a high level of China’s Internet infrastructure. It appeared to be a new type for China, he added. “It had to be someone who had the ability to tamper with all the Internet traffic coming into China.” he said.
4. Erik Hjelmvik at NETRESEC provides an intriguing and in-depth look at how the GitHug attack works:
We have looked closer at this attack, and can conclude that China is using their active and passive network infrastructure in order to perform a man-on-the-side attack against GitHub. See our "TTL analysis" at the end of this blog post to see how we know this is a Man-on-the-side attack.

In short, this is how this Man-on-the-Side attack is carried out:

  1. An innocent user is browsing the internet from outside China.
  2. One website the user visits loads a javascript from a server in China, for example the Badiu Analytics script that often is used by web admins to track visitor statistics (much like Google Analytics).
  3. The web browser's request for the Baidu javascript is detected by the Chinese passive infrastructure as it enters China.
  4. A fake response is sent out from within China instead of the actual Baidu Analytics script. This fake response is a malicious javascript that tells the user's browser to continuously reload two specific pages on
That's all for now, folks.

No comments:

Post a Comment