Category Archives: country cyber law

Guidelines 04/2022 on the calculation of administrative fines under the GDPR (16 May 2022)

What is the definition of data mishandling in the digital world, it is difficult to define a scope. There may be gaps in definition in different situations. Whether a different angle of justice occurs depends on the undefined element.
The European Data Protection Board welcomes comments on the Guidelines 04/2022 on the calculation of administrative fines under the GDPR. For more information on this, see the link – https://edpb.europa.eu/our-work-tools/documents/public-consultations/2022/guidelines-042022-calculation-administrative_en

A rapid development of China Cyber Security Law

Preface: Data allows organizations to more effectively determine the cause of problems. Data allows organizations to visualize relationships between what is happening in different locations, departments, and systems.

Background: Perhaps of the Big Data powerful functions. On July 3, 2020, the Standing Committee of the National People’s Congress (NPC) published the draft Data Security Law (Draft Law) for public comment through August 16, 2020.

Reference: Data Security Law of the People’s Republic of China (Draft) 中华人民共和国数据安全法(草案) http://www.ahwx.gov.cn/zcfg/gfxwj/202007/t20200708_4629245.html

Even though the public comment period has passed. But let’s review the history of development: The Cyber security Law of the People’s Republic of China (中华人民共和国网络安全法) was adopted at the 24th meeting of the Standing Committee of the 12th National People’s Congress of the People’s Republic of China on November 7, 2016, and is hereby promulgated as of June 1, 2017 Implement.

Reference: The Cyber security Law of the People’s Republic of China (中华人民共和国网络安全法) http://www.cac.gov.cn/2016-11/07/c_1119867116_3.htm

In accordance with the “National Security Law of the People’s Republic of China (中华人民共和国国家安全法)” and the “Network Security Law of the People’s Republic of China (中华人民共和国网络安全法)”, formulate cyber security review measures. The new cyber security review measures will take effect on June 1, 2020. The “Network Product and Service Security Review Measures (Trial) (网络产品和服务安全审查办法(试行))” was repealed simultaneously. If you want to learn more about the “China Cybersecurity Review Measures (网络安全审查办法)”. Please read the following URL:

http://www.cac.gov.cn/2020-04/27/c_1589535450769077.htm

The Network Security Law of the People’s Republic of China has been implemented for more than two years. Maybe you have query? Refer to attached diagram. As far as we know, the National Security Law and Cyber security Law has defined its own review system. In the moment, Data Security Law of the People’s Republic of China (Draft) looks that do not have relevant information provided. Do you think Data Security Law will be integrated into the existing review structure?

New order in the Asia-Pacific region – Cyber security Law 2019

China Cracks Down on Foreign Firms Over Cyber Security, FT Says – two foreign companies that deal with consumer data in China had been under official investigation for several months.For details about the News, please refer below link:
https://www.ft.com/content/b84cc734-76ca-11e9-bbad-7c18c0ea0201

Supplement:
https://www.bloomberg.com/news/articles/2019-05-16/china-cracks-down-on-foreign-firms-over-cyber-security-ft-says

Synopsis: Information technology personnel are familiar with MPLS. But do they understand China’s MLPS (multi-level protection scheme)?

Background: Since the launch of the legislative process of China’s Cyber Security Law in 2015, the National Information Security Standardization Technical Committee (TC260) has issued nearly 300 standards for network security. Based on 8 factors that have the most important influence on the industry. Whereby implement new order.

  1. Network security review of network products and services – 是网络产品和服务的网络安全审查
  2. Certification and evaluation of network key equipment and network security special products – 是网络密钥设备和网络安全专用产品的认证和评估
  3. Safe and controllable products and services – 是安全和可控的产品及服务。
  4. Multi-level protection scheme (MLPS) – 是多层次的保护方案(MLPS)
  5. Critical information infrastructure (CII) network security protection – 是关键信息基础设施(CII)网络安全保护。
  6. Cross-border data transfer – 是跨境数据转移
  7. Personal data and data protection – 是个人数据和数据保护
  8. Is encrypted data – 是加密数据

Understand New implemented China Cyber Law – 2019

Aim to security:
The new regulations on China’s Cybersecurity Law on November 2018 grant China cyber security agencies (the legal authority) to conduct remote testing of any Internet-related business operating in China.
Their authority is possible to copy and share any data that government officials find on the system being inspected.

MPS (The Ministry of Public Security (MPS) ) is able to execute the following authorities:

  1. Conduct on-site or remote inspection of network security defenses taken by companies operating in China.
  2. Check for prohibited content in China.
  3. Record the safety response plan during the on-site inspection.
  4. Copy any user information found on the system being inspected during a live or remote inspection.
  5. Perform a penetration test to check for vulnerabilities.
  6. Perform a remote check without notifying the company.
  7. Share any collected data with other state agencies.
  8. During the on-site inspection, two members of the PAP (Chinese People’s Armed Police Force) had the right to enforce the procedure.

Original:
對在中國運營的公司採取的網絡安全防禦進行現場或遠程檢查。
檢查中國境內禁止的“禁止內容”。
在現場檢查期間記錄安全響應計劃。
在現場或遠程檢查期間複製在被檢查系統上找到的任何用戶信息。
執行滲透測試以檢查漏洞。
在不通知公司的情況下執行遠程檢查。
與其他州政府機構共享任何收集的數據。
在現場視察期間有兩名人民武裝警察(PAP)成員執行程序的權利。

Russian regulator moves to ban messaging app Telegram – 2018

The Fall of the Berlin Wall on November 9, 1989. A physical wall who goal to isolate the culture and humanity looks never appears in the world again. However we are living in the modern of ages. We unintend to transform our culture and daily life to a digital world. Furthermore the operation of the world also under digital mainbrain custodian. If you looking around, seems Berlin has not falling down. Don’t be childish! Perhaps Berlin wall disappeared, but another wall has been established around the world!

We are focusing censorship policy especially the China great firewall ban VPN and external parties communications. May be we overlook Russia! Russia’s Supreme Court orders telegram to hand over keys this month. Should you have interested of the headline news, please refer below url for reference.

Financial Times – Russian regulator moves to ban messaging app Telegram

https://www.ft.com/content/66062614-397c-11e8-8b98-2f31af407cc8

Will China block access to all personal VPN services by Feb 2018?

IT guys busy all the time even though at home and therefore sometimes they might forget somethings. There are 2 big things being happen at the end of this month. Heads up that PCI-DSS version 3.1 will be obsolete at the end of the month (31st Jan 2018). The version 3.2 will be effective on 1st Feb 2018.For more details, please refer below url for reference.

PCI DSS 3.2 – Important January 31, 2018 Deadline & Clarifications

https://www.chosenpayments.com/pci-dss-3-2-important-january-31-2018-deadline-clarifications/

On the other hand, an official announcement on 2017 told that China moves to block internet VPNs from 2018. Will China block access to all personal VPN services by Feb 2018? For more details, please refer below url for reference.

Article Claims China Will Block VPNs This Week, Causing Confusion

https://www.goldenfrog.com/blog/article-claims-china-block-vpns-causing-confusion

 

About DHS Malware Analysis Report (MAR) – 10135536-B

Preface:

There are books of which the backs and covers are by far the best parts!

― Charles Dickens, Oliver Twist

Discussion details:

Heard that the North Korean government suspected state sponsor of Lazarus Group cyber attack activities. A nick name to Lazarus group dubbed Hidden Cobra exposed to the world mid this year. The US homeland security claimed that they are the suspects of the cyber attack to Sony picture and behind the WannaCry (ransomware) cyber attack. By far we known US homeland security department with high priority to keep track their activities.

DHS malware report (10135536-B) technical findings

There are total 7 items of Portable Executable (PE) files shown on report. We make our discussion in layman terms, say that PE is a executable file. The PE checksum and details shown as below:

  1. PE file name checksum (MD5): C74E289AD927E81D2A1A56BC73E394AB

Antivirus vendor capable to detect checklist

  • K7 – Trojan ( 700000041 )
  • Cyren – W32/Heuristic-KPP!Eldorado
  • VirusBlokAda – BScope.Trojan.Agent

2. PE file name checksum (MD5): FC9E40100D8DFAE2DF0F30A3414F50EC

Antivirus vendor capable to detect checklist

  • Cyren – W32/Heuristic-KPP!Eldorado
  • VirusBlokAda – BScope.Trojan.Agent
3. PE file name checksum (MD5): 0137F688436C468D43B3E50878EC1A1F 
Antivirus vendor capable to detect checklist
  • F-secure – Gen:Trojan.Heur.LP.Tu4@aqf3yp
  • BitDefender – Gen:Trojan.Heur.LP.Tu4@aqf3yp
  • Emsisoft – Gen:Trojan.Heur.LP.Tu4@aqf3yp (B)
4.  PE file name checksum (MD5): 114D8DB4843748D79861B49343C8B7CA
Antivirus vendor capable to detect checklist
  • F-secure – Gen:Variant.Graftor.373993
  • Cyren – W32/Heuristic-KPP!Eldorado
  • VirusBlokAda  – BScope.Trojan.Agent
  • BitDefender – Gen:Variant.Graftor.373993
  • Emsisoft – Gen:Variant.Graftor.373993 (B)

5. PE file name checksum (MD5) 9E4D9EDB07C348B10863D89B6BB08141

Antivirus vendor capable to detect checklist
  • F-secure – Gen:Trojan.Heur.LP.hu4@aKqgOsli
  • BitDefender – Gen:Trojan.Heur.LP.hu4@aKqgOsli
  • Emsisoft – Gen:Trojan.Heur.LP.hu4@aKqgOsli (B)
6. PE file name checksum (MD5)
2950E3741D7AF69E0CA0C5013ABC4209
Antivirus vendor capable to detect checklist
  • F-secure – Trojan.Inject.RO
  • VirusBlokAda – BScope.Trojan.Agent
  • Ahnlab – Trojan/Win32.Akdoor
7.  PE file name checksum (MD5)
964B291AD9BAFA471DA3F80FB262DBE7
Antivirus vendor capable to detect checklist
  • nProtect – Trojan/W64.Agent.95232
  • McAfee – Trojan-FLDA!964B291AD9BA
  • ClamAV – Win.Trojan.Agent-6319549-0
  • Ahnlab – Trojan/Win64.Dllbot
  • Quick Heal – Trojan.Generic
My observation:
It was strange and surprise to me that the total checksum provided by homeland security malware report only 1 item can find the record on virustotal database. It was not usual from technical stand point. The item 7 PE checksum can found on virustotal database. The earlier malware detected period fall back to 2014.  Apart from that  PE file checksum item from 1 to 5 only acknowledge by few antivirus vendor.
As we know, Kapersky pay an important role of APT cyber attack investigation analysis so far. But this time it did shown on report. We understand that there is a lawsuit in between US government and Kapersky.  May be this is the reason. However we couldn’t find any details on virustotal repository. It is very rare! It looks that  F-secure virus vendor done well in this matter since their detection rate is 3 out of 7. On the other hand, the body guard for South Korea government (AhnLab) is the antivirus detect the attack earlier in 2014. However the overall detection performance only maintain on 2 out of 7.
From general point of view, no matter Lazarus Group or Hidden Cobra their design goal looks is their natural enemy if the attack was engaged by North Korean government. However it looks that the major cyber attacks given by Hidden Cobra went to cross bother countries especially USA or European countries. The virus vendor F-Secure hometown in Finland. Their business market coverage in APAC country looks significant reduce in PC market recently. But they are aggressive in mobile phone devices. Perhaps the alert given by Homeland security malware attack target machines are on windows base. And therefore it such away bypass their focus.
It looks confused with managed security services vendor especially APAC country of this cyber alert!
The report given by US homeland security awaken our general opinion for antivirus vendor. Apart of my favor Kapersky  there are potential antivirus contain powerful capability to  detect and quarantine the unknown APT activities and malware. For example on the report we seen the brand name of K7,  Cyren, VirusBlokAda, Emsisoft  and BitDefender.
Anyway  I still have hesitation or hiccups of this report since some information not disclose in normal way. For example, I could not found the history record on virustotal repository. But place safe that following the recommendation provide by DHS is the best practice (Yara rule shown as below):

 

rule Unauthorized_Proxy_Server_RAT

{

meta:

Author="US-CERT Code Analysis Team"

Incident="10135536"

MD5_1 = "C74E289AD927E81D2A1A56BC73E394AB"

MD5_2 = "2950E3741D7AF69E0CA0C5013ABC4209"

Info="Detects Proxy Server RAT"

super_rule = 1

strings:

$s0 = {8A043132C288043125FF00000003C299F73D40404900A14440490003D0413BCF72DE5E5FC3}

$s1 = {8A04318844241432C28804318B44241425FF00000003C299F73D40404900A14440490003D0413BCF72D65E5FC3}

$s2 = {8A04318844241432C28804318B44241425FF00000003C299F73D5C394100A16039410003D0413BCF72D65E5FC3}

$s3 = {8A043132C288043125FF00000003C299F73D5C394100A16039410003D0413BCF72DE5E5FC3}

$s4 = {B91A7900008A140780F29A8810404975F4}

$s5 = {399FE192769F839DCE9F2A9D2C9EAD9CEB9F

D19CA59F7E9F539CEF9F

029F969C6C9E5C9D949FC99F}

$s6 = {8A04318844241432C28804318B44241425FF00000003C299F73D40600910A14460091003D0413BCF72D65E5FC3}



$s7 = {3C5C75208A41014184C074183C72740C3C7474083C6274043C2275088A41014184C075DC}

$s8 = {8B063D9534120077353D59341200722E668B4604663DE8037F24}

$s9 = {8BC88B74241CC1E1052BC88B7C2418C1E1048B5C241403C88D04888B4C242083F9018944240C7523}

$s10 = {8B063D9034120077353D59341200722E668B4604663DE8037F246685C0}

$s11 = {30110FB60148FFC102C20FBEC09941F7F94103D249FFC875E7}

$s12 = {448BE8B84FEC

C44E41F7EDC1FA038BCAC1E91F03D16BD21A442BEA4183C541}

$s13 = {8A0A80F9627C2380F9797F1E80F9647C

0A80F96D7F0580C10BEB

0D80F96F7C0A80F9787F05}

condition:

any of them

}

Reference: The article provided by US Homeland security (see below)
https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDF

Summary:

In the meantime, I wish you Merry X’mas and Happy New year. Stay tuned!

China IPv6 implementation Road map. Will it be burden on current surveillance task?

A tough new cyber security law has been in placed in China on June 2017. The United States submitted document to WTO Services Council, said if China’s new rules enter into full force in their current form, as expected by the end of 2018, they could impact cross-border services supplied through a commercial presence abroad. A IP V6 road map announcement by General Office of the State Council of the PRC on 26th Nov 2017. The road map driven whole network, application and computer prioritize IPV6 connectivity.We known that RFC 4941 defining “privacy extensions for IPv6” autoconfiguration. This standard defines a mechanism where a device generates a random host address and uses that instead of the device’s MAC address. As a result it is better to avoid surveillance and tracking. The surveillance program in China has difference comparing with other country. Since monitoring network behavior or so called surveillance is the China government policy. See whether RFC 4941 will be a burden in coming future.

What’s happen on next?

More regulations has been implemented in China. Hey CIO,CTO and CISO any doubt?

Preface

The policies enforcement trend in China eager to enhance existing cyber security and governance in China. Perhaps our focus of this discussion pure on IT operation and information security and therefore any other background we are not going to surmise.

Censorship People’s Republic of China on behalf of Legal basis and regulations

As usual, different country maintain their regulations and view point in order to enhance their governance in their country. It looks that there is no way to refuse since you are entitle to enjoys the social benefits of their country includes environment and culture. And therefore a obligation to the individual able to follow the Law and regulations.

An official announcement of new regulations bring misgiving to business industries especially technology units.

Since cryptographic techniques implement to all business industries nowadays especially banking financial, publisher, pharmaceutical and manufacturing. In order to fulfill their company costs saving plan, The IPsec site-to-site VPN tunnel deployment is in high demand. Since it is easy to setup once Firewall and Internet are ready in your company. However this method not compliance to China regulation so far. Perhaps last few years China government not proactive enforce the regulation. And such away lets the world believe that this is the appropriate data communications method for cross border environment solution in China.

Internet Security Law of the People ‘s Republic of China let foreign country IT department in hover !

The new cyber security law has been ennounced on 1st June 2017. The Article 5 looks with powerful privileges which causes solicitor, data privacy expert headache! Let take a closer look of Article 5 (see below)

Article 5 The state shall take measures to monitor, defend against and deal with cybersecurity risks and threats from both inside and outside the territory of the People’s Republic of China, protect critical information infrastructure from attack, intrusion, interference and damage, punish illegal criminal activities on the network in accordance with the law, and maintain cyberspace security and order.

Techincal view point: In the sense that even though your web hosting not located in Greater China area once there is one endpoint located in Greater China the computer owner require to follow the new law.

What’s the status today?

Since popular personal VPN client services provider was all blocked. The government objective is avoid a Chinese language term (翻牆). The English language term that is pass through firewall wall. As of today whatsapp messenger is not able to use in China. The expertise speculated that a major communist party gathering next month and therefore China government now tighten the censorship activities. it looks that the speculation make sense! The next action is to block internet unauthorized VPNs from 2018.

Let’s review the implementation time table

 

Hints! Provide short cut information to CIO, CTO and CISO

As of today, there are total three communication vendor are authorizes to run the internet private circuit in China (see below). The definition of internet private circuit is MPLS instead of IPSec VPN.

  • China telecom
  • China Unicom
  • China Mobile

For data encryption product, there is no solid guideline since the approved product list looks not shown up yet.

Summary:

Since China has launched 14-month nationwide campaign against unauthorized internet connection includes VPN services (IPSec site-to-site and VPN client) to bypass the China country firewall (Great Firewall). The “cleanup” activities will be end until March 2018. As such, it is hard to drawn into summary at the moment.

Reference:

China ban VPN connectivity – current status Aug 2017

Greater China – New version of cyber security law with effective 1st June 2017

China ban VPN connectivity – current status Aug 2017

 

Preface:

The objective of China government ban VPN connectivity goal to control over its national internet, free from undue foreign influence.

Schedules (Milestone)

Action 1 – China Government Seeks Public Comments on the Cryptography Law (May 2017)

Action 2 – Telecommunication services providers includes China Mobile, China Unicom and China Telecom, to bar people from using personal VPN with effective Feb 2018. This is a mandatory action.

Action 3 – An official announcement of New cybersecurity regulation especially on Virtual Private Network connectivity (see below for reference) with effective on 1 June 2017.

Act:  The state shall take measures to monitor, defend against and deal with cybersecurity risks and threats from both inside and outside the territory of the People’s Republic of China, protect critical information infrastructure from attack, intrusion, interference and damage, punish illegal criminal activities on the network in accordance with the law, and maintain cyberspace security and order.

Action 4 – Green VPN, a China-based VPN service mainly employed by native Chinese users to bypass the Great Firewall, has been shut down on Jul 2017.

Action 5 – Apple has removed VPN apps from China’s App Store

Action 6 – China moves to block internet VPNs from 2018

Current VPN activities in China

The latest crackdown is focused on individuals, which means companies and other organizations will still have the ability to access VPNs or VPN-like services as long as they are registered.

Great wall (China Firewall) responsibility

Denied internet connectivity to Facebook, Twitter, YouTube, and Instagram. The new blocked sources include the New York Times and the Wall Street Journal, along with sites such as Google Scholar.

Next Step

1. All internet users in China go online using services run by the state-owned carriers.

2. Forcing companies to store information within the mainland.

3. The government has ordered China’s three telecommunications companies to completely block access to virtual private networks, or VPNs, by February 2018. For those who requires VPN function, it require to apply the registration license.

Highlight – Major objective of new cyber security regulation

Forcing companies to store information within the mainland.

The electronic certification service vendor (approved by China government) list displayed below:

电子认证服务使用密码许可单位名录
  
(许可证有效期5年)

序号
单位名称
所在地区
许可证号
发证日期
1
山东省数字证书认证管理有限公司
山东
0001
2015/5/1
2
上海市数字证书认证中心有限公司
上海
0002
2015/7/1
3
陕西省数字证书认证中心股份有限公司
陕西
0003
2015/6/1
4
浙江省数字安全证书管理有限公司
浙江
0004
2015/8/20
5
江西省数字证书有限公司
江西
0005
2015/9/25
6
河南省数字证书有限责任公司
河南
0006
2015/5/1
7
吉林省安信电子认证服务有限公司
吉林
0007
2016/4/19
8
中金金融认证中心有限公司
北京
0008
2015/3/1
9
西部安全认证中心有限责任公司
宁夏
0009
2015/9/25
10
北京天威诚信电子商务服务有限公司
北京
0010
2015/3/1
11
福建省数字安全证书管理有限公司
福建
0011
2015/11/16
12
东方中讯数字证书认证有限公司
重庆
0012
2015/3/1
13
广东省电子商务认证有限公司
广东
0013
2015/3/1
14
数安时代科技股份有限公司
广东
0014
2016/6/11
15
湖北省数字证书认证管理中心有限公司
湖北
0015
2015/7/1
16
辽宁数字证书认证管理有限公司
辽宁
0016
2015/3/1
17
北京数字认证股份有限公司
北京
0017
2016/12/9
18
江苏省电子商务服务中心有限责任公司
江苏
0018
2012/5/24
19
颐信科技有限公司
北京
0019
2015/3/1
20
新疆数字证书认证中心(有限公司)
新疆
0020
2015/4/1
21
河北省电子认证有限公司
河北
0021
2012/3/16
22
山西省数字证书认证中心(有限公司)
山西
0023
2015/4/1
23
北京国富安电子商务安全认证有限公司
北京
0024
2015/3/1
24
安徽省电子认证管理中心有限责任公司
安徽
0025
2015/3/1
25
深圳市电子商务安全证书管理有限公司
广东
0026
2015/5/1
26
中网威信电子安全服务有限公司
北京
0028
2015/11/15
27
北京中认环宇信息安全技术有限公司
北京
0029
2016/8/1
28
湖南省数字认证服务中心有限公司
湖南
0030
2015/3/1
29
中铁信弘远(北京)软件科技有限责任公司
北京
0031
2015/3/1
30
卓望数码技术(深圳)有限公司
广东
0032
2015/7/10
31
河南省信息化发展有限公司
河南
0033
2016/5/4
32
东方新诚信数字认证中心有限公司
湖南
0034
2012/2/23
33
广西壮族自治区数字证书认证中心有限公司
广西
0035
2013/3/7
34
沃通电子认证服务有限公司
广东
0036
2015/4/1
35
北京世纪速码信息科技有限公司
北京
0037
2014/12/2
36
云南省数字证书认证中心有限公司
云南
0038
2013/2/20
37
贵州省电子证书有限公司
贵州
0039
2013/2/20
38
山东云海安全认证服务有限公司
山东
0040
2015/6/12
39
内蒙古网信电子认证有限责任公司
内蒙古
0041
2015/9/6
40
苏博云科数字认证有限公司
湖南
0042
2016/10/12
41
黑龙江省数字证书认证有限公司
黑龙江
0043
2016/4/13
42
四川省数字证书认证管理中心有限公司
四川
0044
2016/5/1
43
天津市滨海数字认证有限公司
天津
0045
2016/5/16
44
泰尔认证中心
北京
0046
2016/7/19
45
重庆程远未来电子商务服务有限公司
重庆
0047
2016/10/26
(截止2016年12月15日