China discourages its top hackers from sharing exploits with the rest of the world
“If cybersecurity is a battlefield, then loopholes are munitions”
China’s hackers are renowned for their skills at international hacking competitions. But now they’re being told to stay home by the government because of national security concerns -- and experts say that could make everyone less secure.
Cybersecurity firm Beijing Chaitin Technology told the South China Morning Post that the government instructed it not to participate anymore, and to instead focus on building “a more secure cyberspace in China.”
The directive follows similar comments from the CEO of Chinese internet security company Qihoo 360 who said Chinese security researchers “should remain in China.”
Hacking competitions aren’t just about pride. They play a vital role in increasing cybersecurity. White hat hackers -- ethical hackers -- attend competitions to expose bugs and potential vulnerabilities in software.
Chinese teams swept the board at last year’s popular Pwn2Own event in Canada -- with the top five winners hailing from the country, and three of those from Tencent.
This year’s competition has no competitors from China. Instead, Chaitin says it will report any exploits to the government’s own National Vulnerability Database of Information Security.
The move has the potential to undermine security for everyone, Adam Segal from the Digital and Cyberspace Policy Program at the Council on Foreign Relations told the South China Morning Post.
“If it is long term, it would weaken global cybersecurity efforts and reinforce the sense that Chinese cyberspace is doing everything possible to cut itself off from the rest of the world.”
But one analyst based in China told the newspaper that it made sense for the country to keep sensitive information for itself.
MoreSec’s Wei Xingguo said “If cybersecurity is a battlefield, then loopholes are munitions.”