this post was submitted on 04 May 2025

44 points (94.0% liked)

Cybersecurity

7789 readers

271 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

China is building a cyber army of hackers, report finds (www.firstpost.com)

submitted 2 months ago by randomname@scribe.disroot.org to c/cybersecurity@sh.itjust.works

24 comments fedilink hide all child comments

cross-posted from: https://scribe.disroot.org/post/2653687

Archived version

Hackathons are common, but Chinese hacking competitions are different.

...

In 2017, Zhou Hongyi, the founder of Chinese cybersecurity giant Qihoo 360, publicly criticised the practice of sharing vulnerability discoveries internationally, arguing that such strategic assets should stay within China. His sentiments, supported by the Chinese government, gave birth to the national hacking competition called the Tianfu Cup. The contest is focused on discovering vulnerabilities in global tech products like Apple iOS, Google’s Android, and Microsoft systems.

How is Tianfu Cup different?

A 2018 rule mandates participants of the Tianfu Cup to hand over their findings to the government, instead of the tech companies.

Dakota Cary, a China-focused consultant at the US cybersecurity company SentinelOne, said, “In practice, this meant vulnerabilities were passed to the state for use in operations.”

This approach effectively turned hacking competitions into a government pipeline for acquiring zero-day vulnerabilities — software flaws unknown to vendors and extremely valuable for cyber-espionage.

...

In recent years, China’s hacking competitions have increasingly shifted focus toward breaching domestic products, including Chinese-made electric vehicles, phones, and security software.

...

you are viewing a single comment's thread
view the rest of the comments

[–] Maeve@kbin.earth 6 points 2 months ago (3 children)

Honestly, every rich country.

[–] randomname@scribe.disroot.org 11 points 2 months ago (1 children)

... criticised the practice of sharing vulnerability discoveries internationally, arguing that such strategic assets should stay within China.

A 2018 rule mandates participants of the Tianfu Cup to hand over their findings to the government, instead of the tech companies.

Which countries do have something similar to a 'Tianfu Cup?'

[–] Maeve@kbin.earth -3 points 2 months ago (1 children)

And handing it to techbros for profit first is different how?

[–] randomname@scribe.disroot.org 11 points 2 months ago (1 children)

As I asked already in this thread: Why is it that whenever one posts something critical of China here on Lemmy, there is some commentary arguing that the US is doing the same? I don't understand that.

That's whataboutery back and forth.

[–] Maeve@kbin.earth -3 points 2 months ago (1 children)

Because if we're focused on other governments' misdeeds, we ignore our own, and our own is the more immediate treat, afaict

Eta unless that's the point

[–] randomname@scribe.disroot.org 9 points 2 months ago (1 children)

That's an absurdly bad take to justify whataboutism.

[–] Maeve@kbin.earth 2 points 2 months ago

You can and will obviously do what you like. My take is, neglecting our own business to focus too much on others' is precisely what got us here. The Red Scare is old tricks and we still refuse to learn from our own mistakes.

[–] Samskara@sh.itjust.works 3 points 2 months ago (1 children)

For some it's an ambition, but not a priority. Germany simply doesn't pay skilled people enough to serve as cyber soldier.

[–] Maeve@kbin.earth 1 points 2 months ago (1 children)

How does mandatory armed or civil service fit into this model?

[–] Samskara@sh.itjust.works 3 points 2 months ago (1 children)

It could help. Mandatory service typically gets you young people straight from school. That means you need to train them. To be good at cybersecurity and cyber warfare takes years though. Not something you can teach over the course of a year of service.

[–] Maeve@kbin.earth 0 points 2 months ago (1 children)

If they get them straight from Gymnasium, there's still time to pound the whole "love of country/fellow countrymen,” too. I don't know because current generations are leaning alarmingly right.

[–] Samskara@sh.itjust.works 1 points 2 months ago (1 children)

love of country/fellow countrymen

Germany is still far below the patriotism of France or Poland. Some adjustment towards their levels of patriotism is about time.

[–] Maeve@kbin.earth 1 points 2 months ago

Patriot is a fancy way of saying nationalist, nowadays. But there's no reason not to have a love of country/fellow citizens. Or global citizens. And that doesn't preclude defense.

[–] Samskara@sh.itjust.works 1 points 2 months ago

For some it's an ambition, but not a priority. Germany simply doesn't pay skilled people enough to serve as cyber soldier.