Security

Indian defense chief admits China’s cyber-weapons would ‘disrupt large number of systems’ whenever Beijing presses the button

Working to improve 'cyberwalls', but for now swift recovery is main strategy


Video The highest-ranked officer in India’s armed forces has admitted that China has cyber-war capabilities that can overwhelm his nation’s defenses and suggested that only cross-forces collaboration will get India to parity with its giant neighbor.

General Bipin Rawat, a four-star general and since 2020 the first to hold a new role of chief of defense staff, offered that assessment yesterday in a talk hosted by Indian think tank the Vivekananda International Foundation.

Asked about capability gaps between India and China, general Rawat admitted India is behind China in several military fields, then added: “The biggest differential lies in the field of cyber.”

“We know that china is capable of launching cyber-attacks against us and disrupt a large number of systems.”

Australia, India, Japan, and USA create joint critical tech working group

READ MORE

The general said he thinks India can eventually match China if its Navy, Army, and Air Force collaborate. The Navy, he added, clearly possesses superior capability.

India’s armed forces have already created a joint cyber-defense agency, and Rawat said all teams’ focus is swift recovery from attacks, “to ensure that even if we come under a cyber-attack, the downtime and the effect of the attack does not last long.”

That position is appropriate, he said, because he believes China will defeat India’s current electronic defenses.

“We are quite sure [China] will be able to break through the firewalls,” he said. “But then what we are trying to do is how long will your system be down, and how will you be able to operate through that phase of cyber-attack. That is one thing we are looking at and addressing in a serious manner,” he said.

The general added that India has contacted allies around the world to help it marshal stronger defenses, and perhaps-ominously said peacetime is the perfect moment for such efforts.

He didn’t say what India considers a suitable recovery time objective, or when it expects to be at parity with China. Which leaves the Middle Kingdom’s leadership with some mysteries to solve even as a frenemy admitted it could be p0wned at a moment of Beijing’s choosing. ®

Send us news
14 Comments

Microsoft embraces Linux kernel's eBPF super-tool, extends it for Windows

This early-stage project is not a fork, Redmond insists

Microsoft on Monday launched an open source project to make a Linux kernel tool known as eBPF, short for Extended Berkeley Packet Filter, work on Windows.

Inspired by network packet filtering and capture software dubbed Berkeley Packet Filter, eBPF is a register-based virtual machine designed to run custom 64-bit RISC-like architecture via just-in-time compilation inside the Linux kernel. As such, eBPF programs are particularly well-situated for debugging and system analysis, such as tracing file system and registry calls.

eBPF's relationship with the Linux kernel has been likened to JavaScript's relationship with web pages – it allows Linux kernel behavior to be modified by loading an eBPF program that's executed, and without changing actual kernel source code or loading a kernel module.

Continue reading

Samsung reveals DDR5 memory module that’s ready for Compute Express Link

Suggests terabyte-packing servers that move data at astounding speed aren’t far off

Samsung has shown off a picture of what it says is the first DDR5 DRAM-based memory module that can talk the language of Compute Express Link (CXL).

As we noted when CXL 2.0 debuted in late 2020, the tech is all about moving data more quickly between processors and devices such as GPUs, SmartNICs and pools of memory.

By building memory that’s CXL-ready, Samsung reckons it’s brought us all a step closer to servers with wider memory channels, and therefore the ability to handle perhaps a terabyte of memory and move data into and out of it at speed. That all adds up to servers that are better-equipped to handle memory-loving applications like – you guessed it – artificial intelligence.

Continue reading

China’s digital currency adds support for AliPay – the Alibaba payment app with over 700 million users

And just like that, the Digital Yuan has its route into the mainstream

Alibaba’s controversial financial services arm, the Ant Group, has been welcomed into trials of China’s digital currency.

China’s state-controlled on Monday reported that the Alipay app has added a feature allowing transactions in the Digital Yuan. Alipay has over 700 million monthly active users in China alone.

State-backed journal China Securities Journal reports that functionality to link to a bank is currently limited, and that no merchants are listed. Nor has the feature been made available to all users. But the Journal reports that real-time, anonymous, transactions are possible.

Continue reading

Vietnam’s biggest industrial conglomerate quits smartphones and tellies biz, bets on electric cars

No breakthroughs left to make in electronics, says CEO as company eyes off IPO-by-SPAC

Vietnam's largest industry conglomerate, Vingroup, has announced it will no longer develop televisions and smartphones under its VinSmart brand and instead redirect resources toward its electric vehicle unit, VinFast.

“This is a strategic step to bring VinFast towards its goal of becoming one of the smartest and most convenient electric car manufacturers in the world,” said Vingroup in a canned statement.

The Vietnamese conglomerate said it won't trash its electronics division, will honor warranties, support products and keep its VinSmart factories operational until existing consumer electronics product life cycles end. At that point, they will outsource some of the factory to partners and shift other facilities to new products.

Continue reading

Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack

Another auto-exploit saw rPi push Telegram messages over CAN bus to brick a car

Black Hat Asia Researchers have used the Black Hat Asia conference to demonstrate the awesome power of the Raspberry Pi as a car-p0wning platform.

Chinese web giant Tencent's Blade Team, a security research group, showed they could circumvent payment schemes used at electric vehicle charging stations. Their exploits also changed the charging voltage and current, an act that could damage the EV.

“The construction of charging stations is accelerating all over the world, but there is little research on the security of electric vehicle infrastructure,” said TenCent Blade Team senior security researcher Wu HuiYu.

Continue reading

Indian government says 5G doesn’t cause COVID-19. Also points out India has no 5G networks

But won’t reveal who it wants banned from social media over less obvious disinformation

As COVID-19 continues to ravage India, the nation’s government has told it populace that 5G signals have nothing to do with the spread of the virus – if only because no 5G networks operate in India.

A statement from the nation’s Department of Telecommunications states: “several misleading messages are being circulated on various social media platforms claiming that the second wave of coronavirus has been caused by the testing of the 5G mobile towers.”

After pointing out that the very notion is a nonsense, the Department points out that India approved 5G trials on May 4th and they won’t start for months.

Continue reading

Trend Micro hosted email service is down, inboxes still stuck in cloudy limbo

Blames spam filters for brownout, warns fix could be 'disruptive'

Trend Micro’s hosted email security product is experiencing a global brownout.

The security company’s Japanese support pages say the incident started on Monday afternoon at 1515 UTC, or a quarter past midnight in Tokyo, and has not been resolved at the time of writing more than ten hours later.

Trend’s sparse notification says the company is “aware of some email delivery delays in Hosted Email Security and Pre-filter products affecting customers in all regions. We are currently addressing the issue and hope to have it resolved as soon as possible.”

Continue reading

Amazon says it destroyed two million knockoffs in 2020, a fraction of the amount it ships

Internet souk said it only approved 6% of new sellers

Amazon's latest brand protection report states it destroyed more than two million pieces of counterfeit goods last year and denied most would-be sellers from setting up shop in its online souk.

"In 2020, Amazon invested over $700m and employed more than 10,000 people to protect our store from fraud and abuse," said Dharmesh Mehta, veep of worldwide customer trust and partner support at Amazon, in the report [PDF], released this week. "As a result, the vast majority of our customers continued to only find authentic products in our store."

For what it's worth, Amazon ships billions of packages a year, and made $21.3bn in pure profit [PDF] in 2020. Having spent a fraction of that on tackling fraud – about three per cent – Bezos & Co say they made significant inroads into thwarting the scourge of knockoffs. In addition to intercepting and binning millions of phony goods, Amazon has set up a Counterfeit Crimes Unit to go after those trying to scam buyers.

Continue reading

NASA's first asteroid sample on its way to Earth after OSIRIS-REx boosts for home

Boffins will have to wait until September 2023 to get their hands on the goodies

OSIRIS-REx, the spacecraft carrying NASA’s first-ever asteroid sample, has started its two-year journey back to Earth, the space agency confirmed on Monday.

On Friday, ground control sent the commands directing the 2,110 kg (4,650 lb) vehicle to fire its main thrusters to get out of asteroid Bennu’s orbit and return to our planet. The team erupted in cheers on Monday after it received confirmation that OSIRIS-REx had successfully fired its engines at 2016 UTC, and was on its way.

"Mission navigation has received confirmation of burn cutoff. OSIRIS-REx is headed home with a souvenir of rocks and dusts from a 4.5-billion-year-old asteroid," the NASA team said.

Continue reading

LibreBMC project to open source baseboard management controllers with security as a priority

Freely available to use, from the hardware schematics to RISC-V cores on an FPGA, to the firmware on top

The OpenPOWER Foundation, formed to promote IBM's open-source POWER instruction set architecture (ISA), on Monday said it is putting together a new working group to develop LibreBMC, claimed to be the first baseboard management controller (BMC) designed with open source software and hardware.

"The LibreBMC project came out of a desire to both utilize and showcase the fully open POWER cores, and apply software driven development to hardware design," said James Kulina, executive director of the OpenPOWER Foundation, in an email to The Register. "We determined the lowly BMC controller – something that the broader industry doesn’t think too much about – is a great use case that if successful will have a real positive impact."

BMCs monitor and manage devices in data centers. They collect sensor data like temperature, humidity, fan speed, power supply voltage, and provide administrative functions like remote access.

Continue reading

Kubecon 2021: A largely dry and corporate affair where the best bits involved a spot of Kubernetes-hacking roleplay

But we heard the message loud and clear – it's pretty much the standard runtime platform now

Kubecon A session on how to hack into a Kubernetes cluster was among the highlights of a Kubecon where the main events were generally bland and corporate affairs, perhaps indicative of the technology now being a de facto infrastructure standard among enterprises.

Kubecon Europe took place online last week with more than 27,000 attendees, according to Chris Aniszczyk, CTO of the Cloud Native Computing Foundation (CNCF), which hosts the Kubernetes project among many others.

That is a substantial increase on the reported 13,000 or so at last year's event, which was also virtual. Kubernetes is huge, and if there was an underlying theme at the event it was that Kubernetes is becoming the standard runtime platform.

Continue reading