Chinese efforts to spy on the Dutch are intensifying, with the focus on semiconductors, Dutch Defence Minister Ruben Brekelmans said on Saturday.
“The semiconductor industry, which we are technologically leading, or technology advanced, of course, to get that intellectual property - that’s interesting to China,” Brekelmans said in an interview on the sidelines of the Shangri-La Dialogue security meeting in Singapore.
[…]
When asked if the spying had stopped, Brekelmans said: “It’s continuing. In our newest intelligence reports, our intelligence agency said that the biggest cyber threat is coming from China, and that we do see most cyber activity when it comes to us being as from China. That was the case last year, but that’s still the case. So we only see this intensifying.”
[…]
Dutch intelligence agencies first publicly attributed cyber espionage to China last year, when they said state-backed cyber spies had gained access to a Dutch military network in 2023.
Brekelmans said security is becoming increasingly important for the Netherlands as China is “using their economic position for geopolitical purposes and also to pressure us”.
[…]
The minister said the Netherlands has introduced instruments to protect key industries and vital interests but the country and region also need to reduce their dependency on China for critical raw materials.
“Both on the European Union level, but also on the national level, we need to make bigger steps in order to reduce those dependencies.”
Im shocked by the amount of cyber attacks in the western world, I thought that by now attacks would have subsided because of cyber security
A while back I read an article on Chinese hackers, who seem to be organised very different to western hackers. Basically hacking in China is only illegal if it is against ‘national interest’, so governments (even local cities) hire hackers to find out information on local criminals (I guess also on anyone who disagrees with the state, but that aside). So there is much more financial incentive to hack individuals, there is more people doing it.
Hacking these individuals is basically only possible because of vulnerabilities in non-chinese software (since Chinese software and online services don’t need to be hacked since the government already has a backdoor anyway). These firms share these vulnerabilities among each other as in I give you mine if you give me yours. So there a bunch of people in the know about these vulnerabilities even more so because there is a law you have to report these vulnerabilities to the state (because otherwise you are against the ‘national interest’).
The article was about these Chinese firms, not about the cyber safety of non-chinese citizens but I guess knowledge of these vulnerabilities could also be sold to Russians, Iranian and North-Koreans who have their own reasons to attack European, Israeli and US companies.
Tldr, more knowledge of vulnerabilities leads to more abuse of these vulnerabilities. Securing against this abuse is a cat and mouse game and neither is dead yet.
Over the decades, we’ve been kind of casual about computer security, when you consider that we’ve connected up a lot of the world’s computers and put a lot of pretty vital information on those networks.
I mean, we have unmaintained devices sitting on networks. It’s hard for most users to pick up on a compromised system; IDSes aren’t typically deployed on home networks. Most software running on personal computers doesn’t run isolated; if you execute code, it has access to all your data and can reconfigure your environment. There are credentials floating around all over the place. A lot of weight is placed on keeping someone from getting into a LAN/WAN, but the larger the network, the more potential holes. There are very big supply chains that have a lot of potential attack vectors.
The other day I was commenting on how many pieces of software I’ve purchased in Steam. Those aren’t even open-source, and one way one might get more revenue out of a game that is no longer selling many copies is to sell it to another publisher (which also tends to happen if a publisher goes under). Such a product isn’t just a game, but access to be able to install software on anyone’s computer who has the game installed. Some people have isolated Steam (with some level of compatibility issues) using flatpak on Linux, but individual games aren’t isolated, and I doubt that most people have even that level of isolation.
And then there’s all the IoT devices out there that aren’t necessarily maintained or where random company out there can push updates to said devices and where their ability to push updates is something that might have commercial value.
Not to mention the question of how well all of these companies have secured their own networks and supply chains.
A lot of hard-to-solve problems there, I think.
