Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why China Wants Your Sensitive Data
Threaded  |  Newest First  |  Oldest First
smb2015
100%
0%
smb2015,
User Rank: Apprentice
6/24/2015 | 1:16:18 PM
Have you considered....
That a reason China is collecting medical data is to be 1st to market with potential Pharma drugs. The Pharma industry is huge as we all know. China can compete better in this space if they can predict through data analytics what kinds of medical treatments and medicines are going to be in need for US citizens. The amount of data they have collected can easily show trends. The data can also provide China with insight into what Pharma's are doing in the US to treat illnesses (conventional and test treatments). This would given China a bit of a leap in its research efforts.
Kevin Runners
100%
0%
Kevin Runners,
User Rank: Apprentice
6/25/2015 | 8:36:59 AM
Re: Have you considered....
smb2015 is totally right in my opinion. China always wanted to be first to market with Pharma drugs.
Adam Meyers
100%
0%
Adam Meyers,
User Rank: Apprentice
6/25/2015 | 3:59:31 PM
Re: Have you considered....
Absolutely - in fact the Chinese agenda for healthcare is well documented in the 12th Five Year Plan. The Chinese have interest in not just pharmaceutical drugs, but also medical technology ranging from advanced diagnostics to simple stints and tubing. As China continues to mature they are increasingly facing a huge issue in terms of preventable and treatable disease.  In the current 5 yearplan, they also outline the need to improve domestic hostpital systems, and other medical related infrastructure. First to market is one possible outcome, however, there is also a huge potential market domestically in China that can be served through Chinese enterprises. First to market may not be as important as fullfilling the domestic market.

One must also consider multiple intelligence requirements being filled by targeting health insurance companies. This could faciliate future targeting of pharma and medical victims, it could provide insight into how the US Healthcare System works to aid Chinese healthcare systems, and it could be used to facilitate and corroborate information on specific individuals for human intelligence collection. I imagine the answer is all that and more, the Chinese have a lot of work to do as the endeavor to increase their position on the world stage.

 
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
6/26/2015 | 9:31:47 AM
Re: Have you considered....
It makes sense. In US we have been already experiencing those types of analytics driven targeting individuals. That is what Google, Facebook, Amazon, ... and other social media networks are all bout. Knowing what you do, what you buy and target you based on the knowledge gain from it. This includes medications and other health related products.
Blog Voyage
50%
50%
Blog Voyage,
User Rank: Strategist
7/3/2015 | 9:10:15 AM
Re: Have you considered....
Big Brother is watching us. We should speak louder !
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
6/29/2015 | 11:54:00 PM
Re: Have you considered....
This reminds me of how I like to play Civilization II... use spies to steal technology until I'm the most advanced civilization in the world.

Of course, by that point, the rest of the world hates me and distrusts me, but who cares; I have way better military technology than they do and my spies can subvert their cities.  :p
jries921
50%
50%
jries921,
User Rank: Ninja
6/30/2015 | 1:42:29 PM
Re: Have you considered....
Subversion is a lot easier if people don't have any reason to mistrust you, if there is lots of discontent, and if the system you're trying to subvert is unpopular to begin with; ergo, if you're trying to subvert your neighbors, then your public image matters a lot.

 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/26/2015 | 9:23:08 AM
Re: Have you considered....
I hear you. Or the reason as simple as if you know more information about the public you can adjust, control and do better in sating in power. It may be as simple as that.  :--))
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
6/29/2015 | 11:59:05 PM
Re: Have you considered....
@Dr.T: Good point.  In this sense, it's really no different than a major company's customer analytics endeavors.  ;)
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
6/29/2015 | 11:55:26 PM
Re: Have you considered....
Nationalism aside, I wonder what a world where China dominated the pharma market would look like.

Of course, there is tons of international cooperation and collaboration between companies today as it is, but that still largely benefits the West.
jries921
50%
50%
jries921,
User Rank: Ninja
6/25/2015 | 3:44:53 PM
That follows my own thinking as well
But it could and probably will be used to recruit agents of influence as well as spies; and I'm guessing that it will also be used to dig up dirt on or otherwise punish persons deemed to be enemies residing in the US.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/26/2015 | 9:26:02 AM
Re: That follows my own thinking as well
Interesting... There is always some type of related undercover operation when we think China, they are just doing what all other countries have been doing for long time. :--))
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
6/29/2015 | 11:57:21 PM
Re: That follows my own thinking as well
...not to mention arrest journalists and other people in the public eye as they are traveling in China, on trumped up charges, and indefinitely detain them.

Scary stuff.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/26/2015 | 9:20:55 AM
intelligence-driven security
I agree with the article. We are going beyond protecting ourselves from malware or DDOS attacks to your network infrastructure or systems. It is becoming more about protecting overall business and customer and employee private information. As recent attacks, such as Sonny Pictures and Federal Employees, show it is becoming very costly to lose any employees' personal information.
Enrico Fontan
50%
50%
Enrico Fontan,
User Rank: Strategist
6/27/2015 | 5:51:12 AM
Define the boundaries
I agree, Intelligence needs to be properly "tuned" to focus on business relevant data.

It's nearly impossible to look at everything, companies have to protect their critical data and feed attackers with public or "bogus" information.

To reach this goal SOCs needs a direct connection to the Board to define the proper boundaries.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
6/29/2015 | 11:58:17 PM
Re: Define the boundaries
Of course, you can't just feed your attackers ONLY bogus or public info.  SOME of it has to be good, on a token level...Otherwise, they will learn to distrust this data and keep digging.
JessMoony
50%
50%
JessMoony,
User Rank: Apprentice
7/2/2015 | 4:34:50 AM
data encryption
Internal networks data of health care organizations is not encrypted - the safety operations should start within their own networks.
XavierA893
50%
50%
XavierA893,
User Rank: Apprentice
10/30/2015 | 12:39:04 PM
Facebook for human intelligence and social engineering
What is described in terms of Facebook for human intelligence seems quite similar to an APT attack ("We have already witnessed major compromises in healthcare, the US government, the Bundestag, and media being attacked by sophisticated adversaries, in most cases, roaming freely on networks for months at a time.") and also to the way of stealing data through a core target and its peripheral contacts and relatives ("Using stolen healthcare data, these human collectors can identify someone with access to sensitive information who unfortunately has a sick relative. As the healthcare bills pile up and they become increasingly despondent to help their sick relative get the medical treatment they need, an opening begins to emerge".).

It seems that the Facebook for human intelligence has become a contemporary and sophisticated extension of the social engineering process.

Best regards,

Xavier Alfonsi

Analyst in naval and naval aviation affairs and in cyberdefense in Asia-Pacific from original sources in Chinese


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17185
PUBLISHED: 2019-12-09
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-12424
PUBLISHED: 2019-12-09
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-18380
PUBLISHED: 2019-12-09
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.
CVE-2019-19687
PUBLISHED: 2019-12-09
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, whic...
CVE-2019-19682
PUBLISHED: 2019-12-09
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the ...