Placeholder Image

字幕列表 影片播放

  • On this episode of China Uncensored,

  • the Chinese Communist Party has developed

  • a whole bunch of warfare tactics to use against the West,

  • in particular the United States.

  • And they've been developing them in Taiwan.

  • Hi, welcome back to China Uncensored.

  • I'm your host Chris Chappell.

  • The Chinese Communist Party is engaged in a campaign

  • of Unrestricted Warfare against the West.

  • Unrestricted Warfare aims to achieve the same goals of war,

  • without necessarily firing bullets.

  • And Cyber Espionage is one of the most powerful weapons.

  • The Chinese regime is one of the world's biggest cyber aggressors.

  • In 2015, the Chinese military was blamed for the hack

  • on the US Office of Personnel Management,

  • which affected over 21 million Americans.

  • But you don't test out your biggest weapons on the US.

  • You try them out on a smaller target first,

  • to see if they work.

  • And for the Chinese Communist Party,

  • that means Taiwan.

  • I sat down with cyber security expert Kitsch Liao

  • in Taipei to learn more.

  • Thank you very much for joining us.

  • My pleasure.

  • So, the Chinese Communist Party is one of the biggest

  • cyber aggressors in the world.

  • Is Taiwan a particular target?

  • I would say yes, because ultimately the goal of cyber

  • espionage or even cyber attack is to advance the political

  • aim of the Communist Party.

  • And, as you know, a lot of your

  • audience must know, Taiwan has been the particular focus

  • for the Chinese Communist Party for the past 40, 50 years.

  • It's the entire reason for the existence of the People's Liberation Army.

  • Mm-hmm-so, what's being targeted?

  • I would say basically when you're looking at what the Chinese

  • actually are sort of targeting,

  • they are mostly government infrastructures and military think tanks,

  • or research institutes, huge companies.

  • Basically, everything you can think of anywhere from

  • the President's office down to the most basic registry,

  • like population registration, the DMV.

  • Everything.

  • Mm-hmm -but since Taiwan is a part of China,

  • how do you hack yourself?

  • Well, the thing is, you know,

  • as much as the CCP likes to claim they're part of,

  • we are part of China, we still have different jurisdiction.

  • We have our own army.

  • We have our own elected government.

  • We have popular legitimacy, and if you ask most people,

  • they are like, well you know, I don't think China's part of us.

  • You know?

  • I need passport to go there.

  • Good point.

  • So, I know in the U.S.,

  • I've heard there are only two types of companies.

  • Companies that have been hacked and companies that

  • don't know they've been hacked.

  • Is that the situation in Taiwan?

  • Oh, yeah, of course, definitely.

  • Up until a few years ago, if one of the white-hat hackers,

  • which means they're hackers and they turn to fight for side of good,

  • if they were to basically bring a vulnerability,

  • a leak of a company with proof of concept,

  • Instead of fixing their vulnerabilities,

  • basically what they would do is they would charge

  • the white-hat that bring them the problem.

  • So, it's just made the problem worse?

  • Yes.

  • Or at least didn't fix the problem.

  • It's getting better.

  • It's getting better in the past few years.

  • And-

  • What changed?

  • Basically, awareness, I would say.

  • And also several significant incidents in the past few years.

  • Not the least of which was the hack on the hack on the Far Eastern Bank

  • that resulted in a almost few million losses.

  • But, fortunately our law enforcement officials were able

  • to capture them before they succeeded.

  • I'm curious, the Chinese Communist Party has said

  • for decades that they are going to invade Taiwan by force, if necessary.

  • Why do people not realize cyber espionage from

  • the Communist Party is a threat?

  • Well, the thing is for most people

  • they just want to get on with their lives,

  • and the internet penetration rate in Taiwan is one of

  • the highest known around the world.

  • But, also, because it's invisible.

  • You don't feel the effects.

  • Even if they stole everything from you,

  • all your personal information,

  • the effect is not going to be immediate unless you've

  • got a credit card stolen.

  • I have one example that I would like to provide that to

  • illustrate this kind of situation.

  • The Research Institute was acting on the government contract.

  • They were researching on behalf of the government,

  • and we were called in to basically to conduct a review of their system.

  • And, we found out, basically,

  • a lot of their computers are completely unprotected, and basically-

  • Unprotected?

  • Unprotected and there's a lot of trojan in it, and you know,

  • including ones that could be traced back to China.

  • But, of course, their concern was less about the security,

  • but more about the fact that

  • they needed to turn in their report on time.

  • I would say awareness is the first step, and that gets the people

  • in charge to understand what kind of consequences they are facing.

  • What created that awareness?

  • Was it that big hack?

  • What took?

  • It's a gradual process, but I would say, we've talked about espionage.

  • There's also the other side of that.

  • Because, once you actually get into a computer system,

  • there's a lot you can do.

  • The Chinese Communist Party,

  • in terms of the organization of the armed forces,

  • they do not make distinct differentiation between say,

  • cyber espionage and other kind of warfare.

  • That's according to The Science of Military Strategy, basically.

  • That's what they're saying.

  • All of this integrating, including psychological warfare,

  • intelligence, electronic warfare and of course, cyber warfare.

  • So, really this is an aspect of war?

  • Yes, definitely.

  • They treat this as seriously as any warfare.

  • This is a prelude to warfare.

  • I would say that.

  • All this election-related, all this fake news,

  • disinformation that you saw, people are starting to catch up,

  • because you saw some unfamiliar use of phrases,

  • people started thinking wait,

  • how much of this is actually coming from China.

  • When you say fake news,

  • are you talking about what happened in the U.S. or here in Taiwan?

  • Here in Taiwan.

  • Really?

  • That was problem here, too?

  • Yeah.

  • And in fact, that's actually one of the most serious concerns

  • of our National Security Establishment these days.

  • So, the Chinese Communist Party's trying to

  • interfere with elections in Taiwan?

  • When we say election interference we gotta specify which part

  • we're actually talking about.

  • So, in terms of the actual voting process,

  • because Taiwan's voting process

  • is conducted by people, actual paper.

  • You have a paper ballot, and they put that in the ballot boxes.

  • And then when it's time to actually count the results-

  • The U.S. should try that.

  • Yes.

  • We result, we track all of that.

  • So, it's actually harder to hack that, so to speak.

  • But, during the campaign there were stories.

  • There will be polls, actually.

  • There will be all sorts of information that is open to

  • manipulation on the internet.

  • I hear what the Chinese Communist Party is doing

  • in terms of interfering with the election process

  • in Taiwan is sort of like a staging ground for tactics

  • they are going to use around the world.

  • Can you speak to any of that?

  • In terms of staging ground,

  • it's less of an election thing, influence operations.

  • It's more about cyber espionage.

  • So basically, that means the tools,

  • the malwares they would use in other countries.

  • And, a lot of the times,

  • this is actually according to American firms,

  • that they would test on Taiwan first.

  • They would use Taiwan as a testing ground to see

  • whether we're onto them or not.

  • How good our detection are.

  • How good our protections are,

  • our security operation centers are.

  • Whether we are onto them or not before actually moving on.

  • This is pretty common.

  • You want to use your best weapons on the hottest opponent.

  • So, you want to test on Taiwan first before say

  • going for more harder targets like America, for example.

  • Mm-hmm -so Taiwan is really on the front lines

  • of the cyber warfare with China?

  • Oh, without a doubt.

  • And how do you tell if it's a Chinese State actor,

  • or an individual actor within China?

  • That goes to how we actually hunt the cyber actors.

  • So, one of the first thing when we receive, for example,

  • an NSA report is that you know, most of the time,

  • you know what they're after, what they're targeting,

  • which institution, which companies they're targeting.

  • And, then you are able ascertain, at least,

  • some sort of motive.

  • Why do they want this?

  • For example, if the hack was against

  • a military research institution,

  • then there's very little doubt that government agencies,

  • or for example, mercenaries would be interested

  • in selling this information.

  • Then you trace back to see what kind of tools they're using,

  • what kind of procedures they're using.

  • Does this match any of the previous attacks that we're familiar with?

  • And then when you see a pattern,

  • you start comparing the tools to see how much this tool actually cost.

  • You can estimate how much this is going to cost,

  • how much the entire operation is going to cost,

  • and what kind of resources they have to devote to this.

  • State-backed actors obviously have access to more resources.

  • Yes.

  • Okay.

  • In terms of actual cyber attack you could effectively

  • they have unlimited resources because it's cheap.

  • Most of these attacks, unfortunately

  • Compared to like a tank?

  • Yes.

  • Okay.

  • I know the United States provides

  • a lot of military support to Taiwan.

  • Are they are also providing like cyber...

  • what's the term I'm looking for...

  • cyber equipment, cyber-

  • Cooperation

  • Super-human samurai.

  • Oh, yeah.

  • Cyber-squads.

  • Yeah.

  • Well, the thing is,

  • if we're talking about general cooperation,

  • because we have to clarify.

  • In terms of a cyber threat posed to people,

  • there are generally two kinds.

  • This is the most rough classification.

  • You have cyber espionage, and you have cyber crime.

  • Basically they're doing the same thing, but one is motivated

  • by financial gains.

  • The other is motivated by others.

  • State interest.

  • In terms of financial crime, cyber crime,

  • everybody's actually aware this is a huge problem, right now.

  • Hell, even China is part of the cooperation in this.

  • But, in terms of cyber crime cooperation, our law enforcement

  • and intelligence community is actually very active with our partners

  • in the States and as well as Europe.

  • And, they have regular conferences.

  • They have exchange of intelligence.

  • The case I just mentioned, the Far Eastern case,

  • they actually enlisted the help of Interpol as well.

  • But, in terms of the more serious State interest concerns,

  • cyber espionage and cyber welfare, the thing is,

  • even if there is cooperation that would stay behind doors

  • because of the sensitive nature.

  • Naturally.

  • And, what about the risk

  • from Chinese telecommunication company,

  • like Huawei or ZTE?

  • Is that something that Taiwan is on guard about?

  • Oh yeah, definitely.

  • I would like to take this opportunity

  • to point out, we were actually one of the first in the world

  • to point that out.

  • Back in 2013, we were the first ones to actually prevent

  • any Chinese company from participating in bids involving our core network,

  • you know, pay stations, servers within government agencies.

  • And...that's, for the establishment of the 4G network.

  • And now, when it comes to 5G, the NCC,

  • the National Communication Commission,

  • which is in charge of all the telecommunication equipment in Taiwan,

  • actually announced that the rules won't change for the 5G.

  • So, Huawei and ZTE, they're still out.

  • But, in terms of personal equipment, you know cell phones,

  • your internet card and everything.

  • Unfortunately, they're actually pretty prevalent in Taiwan these days.

  • Really?

  • What about Chinese apps, like WeChat?

  • WeChat and QQ, I'm sure a lot of people have heard they're dangerous,

  • you should not be using them.

  • But, people don't understand why they're dangerous.

  • Now, there are many, many, many reasons not to use them.

  • Just purely from whether the product is secure or not.

  • In terms, because this is a Chinese software,

  • so there's the added problem, issue,

  • of Chinese State censorship,

  • and also what they can do with these apps.

  • So, for example, there were reports during the Hong Kong protest

  • that the Chinese of Industry of State Security is actually

  • sending remote access trojans through WhatsApp in order to basically,

  • you know, sneak a peak at what's going on in your phone.

  • What these trojans allows a lot of times is a complete access

  • and administrator access off your entire phone.

  • So, it doesn't matter what kind of encryption you use

  • for your other messaging apps.

  • You could be using Signal, Telegram, whatever,

  • they will still have access to all of your personal information,

  • if they wish to.

  • So apps like WeChat are basically providing a backdoor

  • for the Chinese Communist Party to get into your phone?

  • If they so wish, yes.

  • what can an individual do?

  • Ultimately speaking,

  • I know this is going to sound really old fashioned,

  • but everybody's responsible for,

  • not only their own security,

  • but everybody around them.

  • Because, if you don't care about what kind of breach,

  • or what kind of access you're providing to potential hackers,

  • potential actors, then you are just,

  • you are just a jumping board for attackers to attack

  • everybody around you.

  • That means everybody around you have to defend against you.

  • So, update your password every three month or so.

  • Because even if you don't leak your password,

  • the people who has your password is going to leak them.

  • Yeah.

  • Use encryption and you know,

  • for every software you want to install,

  • I know there's End User Agreement,

  • and it's really exhausting to read through all of them,

  • but they will usually require access to some of your personal stuff.

  • Personal information.

  • So, read through them,

  • and if it's not absolutely necessary,

  • do not agree to share your information.

  • That's the best that you can do on a daily basis.

  • Of course, for Gmail, because almost everybody have Gmail,

  • activate your two-step verification.

  • Because, the goal of security is to make it harder,

  • collectively, for the bad guys to do things.

  • Mm-hmm (affirmative)-what about,

  • I'm curious about Chinese mobile phone games.

  • Is that something people want to watch out for?

  • Well, basically mobile games are just like any other software.

  • They're prone to all sorts of malware inserts.

  • Now, basically, mobile games,

  • I would say like the larger concern these days are data collection,

  • and also the censorship nature.

  • Because, there actually has been reports studying,

  • you know, kind of censorship going on in Chinese mobile games.

  • So, that's another aspect that's unrelated with this.

  • So, what is the Taiwanese Government doing about any of this?

  • Basically, the Taiwanese Government has been aware of this threat

  • for a long time and they've been gradually building of this capacity

  • on a government level to encounter the cyber threat posed by

  • all the threat actors.

  • But, specifically, China.

  • Now, in terms of securing our infrastructure,

  • what they do is much like what we have for dealing with any natural disaster.

  • We identify the critical infrastructure.

  • But, in this case, it's called the critical information infrastructure.

  • Basically, we have all these agencies reporting what kind of

  • vulnerabilities they would encounter.

  • Whether they would be able to continue operation if any one of them

  • was being paralyzed by any cyber attacks.

  • So, this kind of exercise has been going on on an annual basis.

  • And, also like in any government agencies and offices now,

  • we have security operation centers set up with people on-site

  • to monitor the entire cyber security situation of any given agency.

  • And, proper access rules, error gaps,

  • all three different firewalls...internal firewalls

  • that's all have been set up.

  • I would say, we have actually improved a lot.

  • Considering a disproportionate amount of threat Taiwan's under,

  • we are actually doing a pretty good job.

  • Great.

  • One final question.

  • The Chinese Communist Party,

  • if you had to pick,

  • would be what Star Trek villain?

  • Wow.

  • That would be really hard.

  • Oh, of course, it's easy.

  • It's the Borg.

  • Yep.

  • Correct.

  • You win the interview.

  • Congratulations.

  • Thank you.

  • Thanks for joining us, Kitsch.

  • It was wonderful to have you.

  • My pleasure.

On this episode of China Uncensored,

字幕與單字

單字即點即查 點擊單字可以查詢單字解釋

B1 中級 美國腔

中國對西方戰爭的試驗場(China's Testing Ground for War on the West | China Uncensored)

  • 5 0
    zijun su 發佈於 2021 年 07 月 15 日
影片單字