Source: China National Defense News
来源:中国国防报-国防特刊
“Chinese “White Hat Hacker Corps” has become an important force in Chinese national cybersecurity”
◆ General Secretary Xi Jinping stressed that no network security is no national security, no information will be no modernization. Power network construction, China must have her own technology, excellent technology.
◆ Free security software “China model” to create a network security field, the “Chinese miracle.” The Chinese Dream…
◆ In the network security has risen to national security background, should consciously create a good development space for China’s own “white hat Legion” of hackers, while cautioning against a number of organizations or enterprises affected by outside forces controlled competition Chinese security market, and then to depth strategic goals of China’s core security.
After September 17, the US Senate Armed Services Committee issued a report called China network intrusion, causing great concern at home and abroad media.Chinese Foreign Ministry and the Defense Ministry spokesman, speaking one after another, the report noted that the United States is purely fabricated, deliberately fabricated entirely untenable. Defense Ministry spokesman Geng Yansheng solemnly pointed out that the Chinese government and armed forces have never engage in or support any network attacks and theft activities. China has always resolutely opposed and crack down on criminal activities related to network attacks. China faces a serious threat of cyber attacks is one of the world’s leading hacking victim. For network hacker attacks from abroad, we have sufficient evidence.
The United States is China’s largest Internet security threats
Geng Yansheng said that needs to be emphasized is that the “Prism” incident exposed more than a year, the United States should its foreign dignitaries, business, personal theft and network monitoring, monitoring the behavior of reflection to the Chinese side and the international community to make clear explanation . We urge the US to do more to contribute to peace and tranquility in cyberspace thing, rather than the opposite.
In fact, the attacks from the United States is China’s largest Internet security threats.
National Internet Emergency Center recently released “2013 China Internet Network Security Report” revealed that in 2013, China’s government websites frequently suffer outside hackers attacks, including national organized network attacks have increased significantly. China’s government websites, especially the local government website, is under attack “disastrous.”
According to monitoring, in 2013, our country has been tampered with the number of sites is 24,034, an increase of 46.7% compared with 2012, in which the number of government websites has been tampered with 2430, an increase of 34.9% compared with 2012; our territory to be implanted backdoors number of sites for the 76160, compared with 45.6% growth in 2012, has been tampered with and implanted in the back door of government websites, more than 90 per cent below the provincial and municipal local government Web site. Overseas hackers frequently attack government websites in China. In 2013, offshore “anonymous”, “Algerian hacker” and other hackers had attacked government websites in China. Among them, the “hacker anti-communist” organization more active, sustained launched against the territory of government agencies, universities, enterprises and institutions and well-known social organization site of the attack in 2013 on the organization of the territory of more than 120 government websites embodiment tampering. They use pre-implantation site vulnerability backdoor, then attacked the site after the implementation of control, at least the current invasion of the territory of more than 600 sites, an average of every three days publish tampering incident in their social networking sites.
In these networks from outside attacks, the national network of organized attacks increased significantly on China’s network security and information systems pose a serious threat and challenge. Since June 2013, Snowden exposure “Prism Plan” US National Security Agency and a number of network monitoring projects, the disclosure of US intelligence agencies in many countries and people in long-term implementation and monitor network penetration attacks, including multinational monitoring target politicians, diplomatic system, media networks, large enterprise networks and international organizations. Our focus on listening and belong to their targets, national security and Internet security is facing a serious threat to users’ privacy.
According to monitoring found only in 2013, there are 31,000 foreign hosts through a back door to China 61000 Website implement remote control, which ranks first in the United States hosts a total of 6215 hosts in control of our 15,349 sites. Phishing attacks against China in terms of attack from the United States the same primacy. Trojan zombie network connection, our country hosts more than 1090 are outside the control server control, which is located in the United States control server control our country hosts 448.5 million, accounting for 41.1% of the total, ranking the first place ……
Original mandarin Chinese:
核心提示
◆习近平总书记强调指出,没有网络安全就没有国家安全,没有信息化就没有现代化。建设网络强国,要有自己的技术,有过硬的技术。
◆免费安全软件的“中国模式”创造了网络安全领域的“中国奇迹”。
◆在网络安全已经上升到国家安全的大背景下,应当有意识地为中国自己的“白帽子军团”创造良好的发展空间,同时警惕一些受境外势力控制的组织或企业争夺中国安全市场,进而达到深入我国核心安全领域的战略目的。
9月17日,美国参议院军事委员会发表所谓中国网络入侵报告后,引起海内外媒体的高度关注。中国外交部和国防部新闻发言人相继发言,指出美方报告纯属无中生有,蓄意捏造,完全是站不住脚的。国防部新闻发言人耿雁生严正指出,中国政府和军队从未从事或支持任何网络攻击和窃密活动。中方一贯坚决反对并依法打击网络攻击等相关犯罪活动。中国面临着网络攻击的严重威胁,是世界上最主要的黑客攻击受害国之一。对于来自境外的网络黑客攻击行为,我们掌握有充分证据。
美国是中国网络安全最大的威胁
耿雁生表示,需要强调的是,“棱镜门”事件曝光一年多了,美方应就其对外国政要、企业、个人进行网络窃密和监听、监控的行为进行反思,向中方和国际社会作出清楚解释。我们敦促美方多做有利于网络空间和平与安宁的事,而不是相反。
实际上,来自美国的网络攻击是中国网络安全最大的威胁。
国家互联网应急中心最新发布的《2013年中国互联网网络安全报告》披露,2013年,我国政府网站频繁遭受境外黑客组织的攻击,其中国家级有组织网络攻击行为显著增多。我国的政府网站,尤其是地方政府网站,是遭受攻击的“重灾区”。
据监测,2013年,我国境内被篡改网站数量为24034个,较2012年增长46.7%,其中政府网站被篡改数量为2430个,较2012年增长34.9%;我国境内被植入后门的网站数量为76160个,较2012年增长45.6%,在被篡改和植入后门的政府网站中,超过90%是省市级以下的地方政府网站。境外黑客组织频繁攻击我国政府网站。2013年,境外“匿名者”“阿尔及利亚黑客”等多个黑客组织曾对我国政府网站发起攻击。其中,“反共黑客”组织较为活跃,持续发起针对我国境内党政机关、高校、企事业单位以及知名社会组织网站的攻击,2013年该组织对我国境内120余个政府网站实施篡改。他们利用网站漏洞预先植入后门,对网站实施控制后遂发起攻击,目前至少入侵600余个境内网站,平均每3天在其社交网站发布一起篡改事件。
在这些来自境外的网络攻击中,国家级有组织网络攻击行为显著增多,对我国的网络安全和信息系统带来严重威胁和挑战。2013年6月以来,斯诺登曝光“棱镜计划”等多项美国家安全局网络监控项目,披露美国情报机构对多个国家和民众长期实施监听和网络渗透攻击,监控对象包括多国政要、外交系统、媒体网络、大型企业网络和国际组织等。我国属于其重点监听和攻击目标,国家安全和互联网用户隐私安全面临严重威胁。
据监测发现,仅在2013年,境外有3.1万台主机通过植入后门对我国6.1万个网站实施远程控制,其中位于美国的主机居首位,共有6215台主机控制着我国15349个网站。在针对中国的网络钓鱼攻击方面,来自美国的攻击同样居于首位。在网络木马僵尸方面,我国境内1090万余台主机被境外控制服务器控制,其中位于美国的控制服务器控制了我国境内448.5万余台主机,占总数的41.1%,仍居首位…
Who will guard China’s network security?
China ushered in the Internet age is the tide of reform and opening up.Chinese Internet users surf the initial means of the Internet, whether hardware or software, mostly imported from overseas to domestic.
This “borrowed boat” mode, while promoting the development of China’s high-speed network, but also to China’s network security left a great security risk. We use the Internet browser is someone else’s, you’ve seen what page, others see that; our search engine to find the problem is someone else’s, for what you are interested in something, it will be automatically recorded in a database outside in ……
We use the operating system as others in the system hidden “back door” through overseas. After the United States, according to media reports, the world’s largest user coverage Microsoft “Windows” operating system, found loopholes in the system, it will first notify the US intelligence agencies, will then inform the user, provide patches fix vulnerabilities. This means that, in someone else’s “window”, we almost “transparent”. Even more serious is that Microsoft in order to protect its own commercial interests, has designed a mandatory upgrade marketing strategy.For example, in order to promote Win8 operating system, on April 8 to forcibly stop the official service XP system, the millions of Chinese users directly discarded in molar sucking blood before hackers. Domestic media pointed out in a review of Microsoft XP stop taking event, which is an important event once the impact of China’s Internet security. This is not only related to the large number of individual users, but also is related to the key sectors involved in the national economy. Network security system, China must rely on its own security vendors innovation and action.
Network security experts pointed out that China’s current network security system is set up in technology research and development on the basis of the United States, not to mention technology, cloud security technology in the field of key technologies such as a CPU, communications and data transmission encryption and decryption system in the field art networking technology and so on. If you play a very appropriate analogy, just as the Chinese network security gate, he stood an American security.
Network security is a core protection capability of the modern state in cyberspace, the party and state leaders highly concerned about network security issues. February 27, the central network security and information technology leading group was established. CPC Central Committee General Secretary and State President and CMC Chairman Xi Jinping himself as a centralized network security and information technology group leader, he delivered an important speech at the first meeting of the leading group, pointed out that China has become a big country network, network security and information technology is a matter of national security and national development, major strategic issues related to the broad masses of working life, starting from the domestic and international trend, the overall layout of the parties to co-ordinate, innovation and development, and strive to build China into a powerful network.
General Secretary Xi Jinping stressed that no network security is no national security, no information will be no modernization. Power network construction, have their own technology, excellent technology.
General Secretary earnest expectation, explicit requirements for China’s domestic network security vendors, it is the direction of future efforts.
Original Mandarin Chinese:
谁来守护中国的网络安全?
中国是在改革开放大潮中迎来网络时代的。中国网民最初冲浪国际互联网的手段,无论是硬件还是软件,大多是从海外进口到国内的。
这种“借船出海”的模式,在促进中国网络高速发展的同时,也给中国的网络安全留下了极大的安全隐患。我们上网用的浏览器是别人的,你看过什么网页,别人一看就知道;我们查找问题的搜索引擎是别人的,你对什么东西感兴趣,会被自动记录在境外的数据库里……
我们用的操作系统也是别人的,系统中暗藏的“后门”直通海外。据美国媒体披露,全球覆盖用户最多的微软“视窗”操作系统,发现系统漏洞后,会首先通知美国的情报部门,而后才会告知用户,提供修补漏洞的补丁。这就意味着,在别人的“视窗”里,我们几乎是“透明”的。更为严重的是,微软为了保护自身的商业利益,设计了一套强制升级的营销战略。例如为了促销Win8操作系统,于4月8日强行停止XP系统的官方服务,把无数中国用户直接丢弃在磨牙吮血的黑客面前。国内媒体在评论微软XP停服事件时指出,这是一次影响中国网络安全的重要事件。这不仅关系到为数众多的个人用户,更是关系到涉及国计民生的关键行业。网络系统的安全保障,必须依靠中国自己的安全厂商的创新与行动。
网络安全专家指出,我国当前的网络安全体系,是在美国研发的技术基础上建立起来的,更不要说CPU等核心关键技术,通信数据传输方面的加密和解密系统领域技术,云安全技术领域和物联网技术领域技术等等。如果打一个不太恰当的比喻,就如同中国网络安全的大门前,站了一个美国保安。
网络安全是现代国家网络空间的核心防护能力,党和国家领导人高度关注网络安全问题。2月27日,中央网络安全和信息化领导小组成立。中共中央总书记、国家主席、中央军委主席习近平亲自担任中央网络安全和信息化领导小组组长,他在领导小组第一次会议上发表重要讲话,指出中国已成为网络大国,网络安全和信息化是事关国家安全和国家发展、事关广大人民群众工作生活的重大战略问题,要从国际国内大势出发,总体布局,统筹各方,创新发展,努力把我国建设成为网络强国。
习近平总书记强调指出,没有网络安全就没有国家安全,没有信息化就没有现代化。建设网络强国,要有自己的技术,有过硬的技术。
总书记的殷殷期望,是对中国本土网络安全厂商的明确要求,更是未来努力的方向。
“China model” to create a “China miracle”
Rivers and lakes of the network can be divided into decent and Xiepai.Commonly known as “black hat” hackers manufactured by Trojan, the use of computers, mobile phone operating system vulnerabilities to attack, steal private data, illegally obtained personal interests. The guardian of network security “white hat” on the contrary, they take the initiative to find a computer, mobile phone operating system vulnerabilities, provide technical repair programs, research and development of security software and hardware products, build a firewall against hackers, for individuals, society and the country’s network security add a layer of protective cover, active in the first line of network security guard.
China’s domestic network security vendors are on their market growth and competition from foreign giants up security. Rely on a strong sense of social responsibility and familiarity with national conditions, China’s network security vendors gradually grow from a little foreign magnates recapture market, has won vitality. Many users still remember those familiar names: Kingsoft, Rising, Jiangmin ……
China’s network security vendors not only by virtue of their own efforts to win the market, but also creatively launched the network security field, “China model” completely rewritten the pattern of China’s network security industry.Traditional network security software are used charging mode, charge more than $ 200 a year on average. Because of the higher price threshold, resulting in many who do not want to use security software. The absence of security software, also led to the Trojan virus on the network as a scourge, such as CIH, panda, etc., hundreds of millions of infected computers, sensational news events.
Introduced in 2005, 360 free security software, once the user uses the threshold down to zero. Along with other local network security vendors follow-up, only less than 10 years, Chinese security software PC penetration rate has risen to 99%. In 2013, Microsoft released a security report, the Chinese computer malware infection index of 0.6 per thousand, the global average is only 1/10 of the world’s countries with the lowest infection rates of malware. In 2014, Microsoft re-released a report, a detailed summary of the data in the world’s more than 100 countries and regions, more than 10 million computers after malware statistics pointed out that China is the world’s lowest 4.4, far below the world average of 18.
360 free security software model, Wall Street interpreted as “Chinese model”: the core layer on the basis of free goods and services, to build browser applications open platform and two basic platforms, and refine the site navigation, buy navigation, navigation games, search, open platform and mobile open platform and other services, these services through advertising and internet value-added services realized profits. Such an innovative “China model” will not only China’s network security software penetration is significantly improved, and the R & D investment by increasing safety, security personnel and gather technical team, making China’s network security technology continues to improve and is widely used by foreign counterparts and learn from the followers of the world’s security technology security technology leader, but also created the Eastern Hemisphere strongest Chinese “white hat Legion.”
In this sense, the free security software “China model” to create a network security field, “Chinese miracle.”
Original Mandarin Chinese:
“中国模式”创造“中国奇迹”
网络的江湖中也分正派和邪派。俗称“黑帽子”的网络黑客靠制造木马病毒、利用电脑、手机操作系统漏洞等进行攻击,窃取隐私、数据,非法获得个人利益。而守护网络安全的“白帽子”正好相反,他们主动发现电脑、手机操作系统的漏洞,提供技术修补方案,研发安全软件硬件产品,对黑客的攻击建立防火墙,为个人、社会乃至国家的网络安全加上一层防护罩,活跃在守护网络安全的第一线。
中国本土的网络安全厂商,是在自己的市场上与国外安全巨头的竞争中成长起来的。依靠强烈的社会责任感和对国情的熟悉,中国网络安全厂商逐步发展壮大,从外国巨头手中一点点夺回市场,赢得了生机。很多网民都还记得那些熟悉的名字:金山、瑞星、江民……
中国的网络安全厂商不但凭借自己的努力赢得了市场,还创造性地推出网络安全领域的“中国模式”,彻底改写了中国网络安全行业的格局。传统的网络安全软件都采用收费模式,平均一年收费超过200元。由于较高的价格门槛,导致很多用者不愿使用安全软件。安全软件的缺位,也导致了网络上的木马病毒像洪水猛兽,如CIH、熊猫烧香等,动辄感染上千万台电脑,成为轰动一时的新闻事件。
2005年推出的360免费安全软件,一下子把用户使用门槛降到了零。随着其他本土网络安全厂商的跟进,只用了不到10年的时间,中国个人电脑的安全软件普及率已经上升至99%。2013年,微软发布安全报告称,中国电脑的恶意软件感染率指标为千分之零点六,仅是全球平均水平的1/10,是全球恶意软件感染率最低的国家。2014年,微软再度发布报告,在汇总了全球100余个国家和地区10亿余台计算机的详尽数据后,指出中国恶意软件统计数据为世界最低的4.4,远低于世界平均水平的18。
360的免费安全软件模式,被华尔街解读为“中国模式”:在核心免费产品服务层基础上,构建浏览器平台与应用开放两大基础平台,然后细化为网址导航、团购导航、游戏导航、搜索、应用开放平台和移动开放平台等服务,将这些服务通过广告与互联网增值服务变现实现盈利。这样一个创新的“中国模式”不但将中国的网络安全软件普及率大幅提高,而且通过不断增加安全研发投入,集聚安全人才和技术团队,使得中国网络安全技术不断提升,被国外同行所广泛应用和借鉴,从安全技术的追随者成为世界安全技术的领先者,也造就了东半球最强的中国“白帽子军团”。
从这个意义上说,免费安全软件的“中国模式”创造了网络安全领域的“中国奇迹”。
Chinese “White Hat Hacker Corps” has become an important force in Chinese national cybersecurity
June 2013, “Prism” incident broke out. Former National Security Agency employee Edward Snowden would disclose secret documents US intelligence agencies monitor the project to the media, in one fell swoop depth reflection triggered a global information security issues. April 2014, suffered more than the major global Internet exploits of attacks: Open SSL “heart bleeding loophole”, IE browser’s “zero-day vulnerabilities”, Struts vulnerability, Flash vulnerability, Linux kernel vulnerability, Synaptics Touchpad Driver Vulnerability and other important vulnerabilities have been found to be. An attacker can exploit to achieve complete control of the target computer, steal confidential information.
The current world, hacking has become the most important network security threats, and network security threats has become a major threat to social security, national security. Cyber attacks not only can disrupt the normal operation of enterprises and social institutions, but also can easily destroy a country’s operational command system and livelihood facilities, network security has become an important part of a national security defense system.
The current network security situation simmering, a turbulent, especially the “prism door” incident has exposed a series of deep-seated problems, showing security threats overseas hostile forces in the formation of China’s network security is growing. After the “Prism” incident, security products and related overseas smartphone products through the back door to steal the core data set of events repeatedly been exposed, and other international security software giant Symantec is also exposed the existence of a backdoor, domestic users lose confidence, exclusion in addition to government procurement list.
At these foreign security software lose confidence forced to withdraw from the Chinese market, the Chinese “white hat Legion” With long-term accumulation of technology and product innovation, and take up more than 600 million Internet users security guard duties. China’s domestic network security vendors have become a priority in government procurement national security products. Information security person in charge of a large state-owned enterprises, said they not only many major projects builders, but also the construction of a number of the world’s top-class large-scale projects. For such a large state-owned enterprises, each security flaw is thrilling security risks. Select the security products must be cautious, not only in respect of corporate security, national interests even more solidarity and public safety. In this context, they would prefer to secure key, handed the hands of their own people.
The rapid development of the network economy, so China’s network security is facing new challenges. The grim reality requires Chinese “white hat Corps” must quick response, China’s network security as a good “gatekeeper.”
The current domestic network ecosystem is very complex, a lot of important Internet companies have the background of foreign capital, which also makes the competitive Internet market, often there will be some market factors outside.Recently, for example, 360 to prosecute the “Daily Economic News” reported a case of alleged false in Shanghai Xuhui District People’s Court formally sentenced.Commenting on the domestic public opinion at the time of the court, and not just limited to commercial disputes, but through the appearance of the event, focusing on national cybersecurity issues. Many network security field and legal experts pointed out that, in the network security has risen to national security background, should be conscious of China’s own “white hat Corps” to create a good development space, while cautioning against a number of foreign forces in control of the organizations or enterprises for China’s security market, thus achieving further core areas of our strategic security purposes.
China’s network security depends on our own. This is not just a question of national pride, not just a confidence issue, but a matter of extreme cases, if there are areas of our security problems backdoor planted by hostile forces.Therefore, we should focus on in recent years in areas such as security, foreign hostile forces controlled by Chinese companies through the acquisition of M & I and other ways to penetrate the security field behavior.
Original Mandarin Chinese:
中国“白帽子军团”成为国家网络安全的重要力量
2013年6月,“棱镜门”事件爆发。美国国家安全局前雇员爱德华·斯诺登将美国情报机构监听项目的秘密文档披露给了媒体,一举引发了全球对于信息安全问题的深度反思。2014年4月,全球互联网遭遇多起重大漏洞攻击事件袭击:Open SSL的“心脏出血漏洞”、IE浏览器的“零日漏洞”、Struts漏洞、Flash漏洞、Linux内核漏洞、Synaptics触摸板驱动漏洞等重要漏洞被相继发现。攻击者利用漏洞可实现对目标计算机的完全控制,窃取机密信息。
当前世界范围内,黑客攻击已经成为最主要的网络安全威胁,而网络安全威胁成为社会安全、国防安全的重要威胁。网络攻击不仅能够破坏企业和社会机构的正常运行,还能够轻易地摧毁一个国家的作战指挥系统和民生设施,网络安全已经成为一个国家安全防御体系的重要组成部分。
当前网络安全形势暗流涌动、波谲云诡,尤其是“棱镜门”事件暴露出的一系列深层次问题,显示境外敌对势力在网络安全领域对中国形成的安全威胁越来越大。“棱镜门”事件之后,境外相关安全产品和智能手机类产品通过设置后门窃取核心数据的事件屡屡被曝光,赛门铁克等国际安全软件巨头也被曝光存在后门,失去国内用户信任,被排斥在政府采购名单之外。
就在这些国外的安全软件失去信任被迫退出中国市场之际,中国的“白帽子军团”凭借长期技术积累和产品创新,担负起守护6亿多网民安全的职责。中国本土网络安全厂商也成为国家政府采购安全产品的优先考虑。一家大型国有企业的信息安全负责人表示,他们不但是国内许多重大工程的建设者,还承建了世界上多个顶尖级大型工程项目。对于这样的大型国有企业来说,每个安全漏洞都是惊心动魄的安全隐患。选择安全产品必须慎之又慎,这不但关乎企业的安全,更与公共安全甚至国家利益休戚相关。在这种背景下,他们更希望把安全的钥匙,交到自己人手上。
网络经济的飞速发展,使中国网络安全面临着全新的挑战。严峻的现实要求中国“白帽子军团”必须快速反应,为中国的网络安全当好“守门人”。
当前国内的网络生态十分复杂,很多重要的互联网企业都有境外资金的背景,这也使得网络市场的竞争中,往往会出现一些市场之外的因素。例如近日360起诉《每日经济新闻》涉嫌虚假报道一案在上海徐汇区人民法院正式宣判。国内舆论在评论这次法院判决的时候,并不仅仅局限于商业纠纷,而是透过事件的表象,关注国家网络安全的问题。多位网络安全领域的专家和法律专家指出,在网络安全已经上升到国家安全的大背景下,应当有意识地为中国自己的“白帽子军团”创造良好的发展空间,同时警惕一些受境外势力控制的组织或企业争夺中国安全市场,进而达到深入我国核心安全领域的战略目的。
中国的网络安全要靠我们自己。这不仅仅是一个民族气节问题,也不仅仅是一个信心问题,而是一个关乎极端情况下,我们的安全领域是否存在敌对势力安插的后门问题。因此,应重点关注近年来在安全等领域,敌对势力通过外资控制中国公司,通过收购并购等方式向我安全领域渗透的行为。
Original Source URL