The leak of Shanghai Anxun’s data is suspected to involve the sale of hacked information at home and abroad

9 months ago 6
ARTICLE AD BOX
The leak of Shanghai Anxun’s data is suspected to involve the sale of hacked information at home and abroad

Recently, Shanghai Anxun Information Company (I-SOON), which cooperates with Chinese government departments, is suspected of leaking data and information stolen by cyber hackers. The picture shows the front desk of Anxun Information Company in Chengdu, Sichuan on February 20, 2024.

Recently, Shanghai Anxun Information Company (I-SOON), which cooperates with Chinese government departments, is suspected of leaking data and information stolen by cyber hackers. Some scholars believe that the relevant content details the methods used by Chinese authorities to monitor overseas dissidents, hack into other countries, and promote pro-Beijing narratives on social media.

The police use ID cards to obtain chat records from a large database to gain information on the entire population
Investigative report: "Chinese characteristics" of data leakage of one billion people in Shanghai
Hackers invaded Alibaba Cloud police database, leaked information of one billion people and billions of warnings
The New York Times reveals that China collects a large amount of citizens’ personal information and DNA to ensure authoritarian rule
Recently, on the international code sharing platform GitHub, an anonymous person uploaded a large amount of suspected internal information of Shanghai Anxun Information Company (I-SOON), involving sales contracts, quotations, sales targets, employee WeChat conversations, etc. Among them, the relevant documents also include a list of cooperation with more than 50 Chinese public security departments and other police enterprises, and more than 30 Chinese government agencies and state-owned enterprises. In several excel files, the relevant information also lists the targets that Anxun is suspected to have attacked in the past and the data it has stolen from dozens of countries, hundreds of government departments, military and political intelligence units, telecommunications providers, airlines, universities, etc. document.

On GitHub, you can see "Insider information of Shanghai An Xun", "Shanghai An Xun information is unreliable and cheats national government agencies", "The truth behind An Xun", "An Xun deceives national security agencies", "An Xun infiltrates overseas governments" Departments include India, Thailand, Vietnam, South Korea, NATO" and other content.

As of now, this station is unable to independently verify the authenticity of the above information.

In an interview with Radio Free Asia, Jiang Yaqi, chairman of Taiwan’s Legal Technology Association and professor at the School of Law and Politics at Ocean University, pointed out that leaked documents show the Chinese government’s infiltration of Western democracies and surrounding countries through hacking companies: “Including infiltration Countries, units, and methods of infiltration or attack prove that the Chinese government has long used private companies to carry out operations to infiltrate and attack other countries. Information security is a war without smoke. Even if the system has been implanted with Trojans or spyware, if it has not started yet If an attack is launched, the attacked unit may not be able to detect it. Taiwan should realize the importance of information security and prevention."

An Xun is suspected of leaking the WeChat conversations of national security agency employees

Clicking on the topic "An Xun deceived the national security agencies" in GitHub shows that screenshots of WeChat conversations between An Xun employees are suspected to have leaked some daily operations and information acquisition and trading conditions. Among them, the Chinese public security department is a major partner, and the time is between November 2020 and January 2022. The above-mentioned leaked information also contains conversations about sales and confidentiality periods for related information.

In addition, "Hong Kong" is also a keyword mentioned in WeChat conversations. In employee conversations, "Xinjiang" is the focus of buying and selling intelligence.

According to China's "Qichacha" website, Anxun Information is a technology company focused on information security, providing services such as risk assessment, code audit, security reinforcement, security operation and maintenance, emergency response, penetration testing and APT attack protection. .

However, Taiwanese information security worker Wu Yiting pointed out in an interview with Radio Free Asia that An Xun’s attributes do not seem simple.

Anxun’s attributes and operations are questionable

The list of "An Xun's penetration of overseas government departments" disclosed on the GitHub platform includes the Indian government's presidential palace, Ministry of Interior, immigration data tables, basic fixed-line account information, etc.; Malaysia's Ministry of Foreign Affairs, Ministry of Interior, and Military Network, in addition Information from governments, enterprises, and academic institutions in Mongolia, Afghanistan, Pakistan, Kyrgyzstan, Thailand, Turkey, Hong Kong, and Taiwan.

Wu Yiting judged that the above-mentioned information suspected of being leaked by An Xun is relatively authentic. For example, it mentioned medical information from National Taiwan University Hospital, Taiwanese telecommunications company Vibo, and Malaysian government departments. These units have been reported to have been hacked in the past, and the relevant information now shows "no permissions", "loss of permissions", and "unknown permissions", which means that the vulnerability may have been fixed.

Wu Yiting said: "What's special is that An Xun should have bought some information from foreign hackers that other hacking units may have invaded, or collected some hacker information that was publicly leaked on the Internet through various methods."

Wu Yiting believes that the focus of the above-mentioned information is on the national security department or important intelligence and control units, and the value of the school is low. It seems that the mentality of the industry is "search it if you can". It can be seen that the needs of customers are mainly intelligence data, and the industry will order according to the customer. Prepare these information. China's national security and public security "buy information" from private businesses and hacker organizations, so that if the incident comes to light, they can be cleared of responsibility.

Experts: Internet mercenaries, hacking companies, intermediary information

Tsang Yi-shuo, an associate researcher at Taiwan's National Defense and Security Research Institute, said in an interview with Radio Free Asia that Shanghai Anxun Company is like a "mercenary of the Internet", hacking into Chinese-made equipment they are familiar with, such as public infrastructure, road systems, and communication information networks. Facilities are relatively easy.

As for the question of whether China's national security, public security and other departments use this to purchase intelligence from the private sector, Zeng Yishuo said, "The experts are among the private sector, and they will outsource it to outside hackers to sign contracts with each other. You may have to bid for a tender. It all belongs to the Internet. Mercenaries. If those hacked state departments use China’s network surveillance systems and hospital information management systems, such as purchasing Huawei infrastructure, without changing passwords, cyber mercenaries will have the opportunity to easily crack and unimpeded, and then steal The data is sent back.”

Zeng Yishuo analyzed that relevant Chinese companies may be entrusted by the government and the Ministry of Public Security to monitor and infiltrate into other countries, possibly with the intention of monitoring overseas dissidents. If the Ministry of National Security asks them to infiltrate government departments of other countries, they may need to understand information about other countries' political figures, the direction of other countries' security policies, internal interests, other business secrets, and business intelligence. Different departments have different needs and open different cases. I hope they can What kind of information will be retrieved? These Internet mercenaries mainly care about money and contractual relationships, and have no moral integrity to be loyal to the country. The stolen information is sold at a high price. Chinese businesses are less likely to sell information to other countries because they are highly monitored by the government and being found to have leaked information would be extremely detrimental to their personal safety.


United States - A cyber attack hinders the work of pharmacies

Fox News reported that pharmacies across the United States are facing delays in filling prescriptions due to a cyberattack on one of the country's largest healthcare technology companies.
Change Healthcare, which manages orders and payments from patients across the United States, said in a statement that it was experiencing "a network outage related to a cybersecurity issue and our experts are working to address it."

She stressed, "As soon as we learned of the external threat, and in order to protect our partners and patients, we took immediate measures to disconnect our systems to prevent further impact. We will provide updates as more information becomes available."

Pharmacies across the country have posted alerts that a cyberattack on Change Healthcare is causing problems in their ability to handle patient orders, according to a Fox News report.

U.S.-China AI competition official: U.S. policy is "fast but not hasty"

As the strategic competition between the United States and China escalates, artificial intelligence has become one of the areas where the two countries both compete and call for mutual cooperation. In this regard, how does the United States view and handle such a relationship?

Microsoft will ban hackers from China, Russia, Iran and North Korea who use its AI tools
Research finds: China is suspected of using artificial intelligence for foreign propaganda
Taiwanese group analyzes overseas election information: China uses AI to "generate" rumors
2022 is a year of rapid advancement in artificial intelligence (AI) technology. Generative AI can not only create new content, but also be used to solve problems, making it an area that developing countries want to participate in and catch up with. A 2023 poll conducted by Google in the United States in 17 countries around the world showed that people in emerging countries are about 30% more optimistic about artificial intelligence than developed countries in Europe and the United States.

How to ensure the safety of artificial intelligence without hindering innovation has become a major challenge for governments around the world. On Thursday, Seth Center, the U.S. State Department’s special envoy for critical and emerging technologies, said at a symposium held by Foreign Policy magazine that the U.S. government’s policy on artificial intelligence can be informed by the famous basketball coach John Wooden. ) to describe it: "be quick but not hurry". 

Senter said that "quick but not hasty" is also reflected in the "Bletchley Declaration" issued by the Group of Seven Major Industrial Countries and more than 20 countries including the United Kingdom last year on international codes of conduct for artificial intelligence system organizations and how to cooperate to manage risks. But these regulatory elements are mostly seen as major obstacles by emerging countries: "So the United States and its partners are having conversations around the world to explain our considerations in establishing a framework to manage the negative risks of artificial intelligence, which can indeed support artificial intelligence innovation, and also It can help solve some of the challenges facing sustainable development and benefit companies and countries around the world."

The Chinese government has stated that it will lead the world in technology by 2030 and has invested billions of yuan in promoting the development of artificial intelligence. In mid-February this year, OpenAI, a company heavily invested by Microsoft, released the Sora text generation video model. This system can convert simple descriptive text into high-definition videos. This move not only shocked China's film and television industry, but was also required by the competent authorities to "pay close attention to tracking".

Special Envoy of the U.S. State Department Sent said that in the face of China's active development of artificial intelligence and its possible application in military strategy, the United States not only needs to ensure that relevant chips do not flow into the hands of the Chinese government, but also cooperates with the international community, including China, to establish common guidelines to manage related risk.

Joe Wang, a former director of the U.S. National Security Council, said that whether the United States can lead the development of artificial intelligence is indeed challenged, but the cooperation between the United States and its allies is still a major advantage: "No country has built such a huge artificial intelligence system like the United States in the past 80 years. alliance network. The United States can establish such trusting relationships with its allies and partners, which is worth remembering."

In 2023, the United States and India launched the "Critical and Emerging Technologies" partnership and launched the first round of "Critical Emerging Technologies Dialogue" with Singapore and South Korea respectively. According to the executive order issued by U.S. President Biden in October 2023, and subsequent follow-up measures at the end of January 2024, technology companies that develop artificial intelligence must report "vital" information to the U.S. Department of Commerce to ensure security and privacy. It is guaranteed that it will not be abused by foreign government units; the U.S. Department of Health and Human Services will also formulate policies to promote artificial intelligence innovation in the health care field. In addition, U.S. federal government departments will also recruit artificial intelligence experts on a large scale and expand funding for education in artificial intelligence.

Nicholas Bramble, who is in charge of Google's economic and trade policy, said that artificial intelligence can be applied to predict floods, earthquakes and other livelihood purposes, and its economic benefits can also contribute to the global GDP of trillions of dollars: "Artificial intelligence is essentially a We do need to work with allies to manage AI as a cross-border technology, but we also need to actively use these opportunities to work together to figure out how to make AI address major public challenges."

Bonnie Glick, former deputy administrator of the US Agency for International Development and current senior researcher at the non-profit organization Foundation for Defense of Democracies, reminded that artificial intelligence must not be abused by authoritarian governments such as China and Russia. : “We cannot ignore the use of artificial intelligence by authoritarian regimes to silence dissent and spread misinformation and disinformation to their adversaries, I also think we should be wary of evil geniuses trying to steal our public resources. " 
Read Entire Article