[HN Gopher] macOS Zero-Day Used Against Hong-Kong Activists
___________________________________________________________________
macOS Zero-Day Used Against Hong-Kong Activists
Author : CapitalistCartr
Score : 182 points
Date : 2021-11-12 15:35 UTC (7 hours ago)
(HTM) web link (www.schneier.com)
(TXT) w3m dump (www.schneier.com)
| bink wrote:
| > In addition, the zero-day exploit used in this hacking campaign
| is "identical" to an exploit previously found by cybersecurity
| research group Pangu Lab, Huntley said. Pangu Lab's researchers
| presented the exploit at a security conference in China in April
| of this year, a few months before hackers used it against Hong
| Kong users.
|
| So it was "identical" to an exploit previously disclosed? So it
| wasn't new? How was it that this exploit was made public in
| April, re-discovered in August, and patched in September?
| [deleted]
| therein wrote:
| Yeah doesn't sound much like a zero-day then.
| pphysch wrote:
| Daily reminder that the identity of the victim or allegations of
| "state-actor" are _not_ reliable pieces of evidence when it comes
| to determining culpability of a cybercrime.
|
| From the article:
|
| > Wardle found that the software contained code strings in
| Chinese, such as An Zhuang Cheng Gong (Successful installation),
| and that the command and control server it connected to was
| located in Hong Kong.
|
| From the CIA:
|
| > In its release, WikiLeaks described the primary purpose of
| "Marble" as to insert foreign language text into the malware to
| mask viruses, trojans and hacking attacks, making it more
| difficult for them to be tracked to the CIA and to cause forensic
| investigators to falsely attribute code to the wrong nation. The
| source code revealed that Marble had examples in Chinese,
| Russian, Korean, Arabic and Persian. These were the languages of
| the US's main cyber-adversaries - China, Russia, North Korea, and
| Iran.
|
| https://en.wikipedia.org/wiki/Vault_7#Marble_framework
| emodendroket wrote:
| Yeah, I remember with DNC hacking stuff as well, the evidence
| was very uncompelling... like a state actor doesn't have the
| resources to figure out such basic stuff if they want to cover
| their tracks. Or the Sony one too.
| cronix wrote:
| The more compelling case for me was William Binney's point
| (former Technical Director of NSA) that the timestamps in the
| Gucifer leak showed that the data was transferred at about
| the same rate as a usb stick, which was quite a bit faster
| than the physical connection the email server had (at that
| time). Basically concluding it was locally copied rather than
| hacked due to physically being impossible to transfer over
| the internet connection the server was physically connected
| to at that time at that speed shown in the timestamps.
| emodendroket wrote:
| Yes, I agree. But the question has become too political for
| dispassionate consideration, I guess.
| the_why_of_y wrote:
| > which was quite a bit faster than the physical connection
| the email server had (at that time)
|
| What was the connection speed? I've never seen it stated
| anywhere, and in case the server was hosted in a data
| center the argument would collapse fairly quickly.
| mc32 wrote:
| Unfortunately looking in, politics blur things and we're
| likely never to know.
|
| Political tendencies will allow people to make attributions
| they agree with and then simultaneously question
| attributions they disagree with politically.
|
| USB sticks seem to be weird about transfer speeds and they
| look like they are size dependent. Bunch of small files
| take longer than one monolithic large file given a total
| size.
| jonas21 wrote:
| Just to make sure I understand correctly... the most
| compelling piece of evidence for you is the _timestamps_ on
| the files? Something that 's not only trivial to fake, but
| also would have been overwritten if the files were copied
| between systems between being stolen and being leaked.
| cronix wrote:
| more compelling != most compelling
| jasonlotito wrote:
| Context matters. If there are two cases, and one is more
| compelling than the other, then that one is also most
| compelling.
| emodendroket wrote:
| I would say that attribution is just extremely difficult
| to do at all, but there's not much money in giving that
| answer to your clients.
| vmception wrote:
| As well as non-state actors.
|
| I thought it was hilarious back in 2016-2017 how people took
| partisans sides on BOTH wrong answers!
|
| "It was Russia! The President is ignoring intelligence
| agencies! Disagreeing with me makes you a far right
| extremist!"
|
| Meanwhile kid in basement in rural Ohio: "top kek"
| paulryanrogers wrote:
| Still, would the CIA burn such valuable exploits for HK
| activists?
|
| HK activists don't appear to be of much strategic interest to
| the USA. And where they are I imagine they would just reach out
| to them directly.
| pphysch wrote:
| > HK activists don't appear to be of much strategic interest
| to the USA. And where they are I imagine they would just
| reach out to them directly.
|
| What? The USG has put a ton of resources into backing HK
| protestors, through the NED, BRL, and satellite orgs like
| Amnesty (look at the saga of Kong Tsung-gan/Brian Kern).
|
| As for why the CIA might burn a 0day only to generate
| articles like this: NatSec threat inflation is a trillion-
| dollar industry in Washington.
|
| But it just as well might have been a local crime syndicate
| trying to scrape personal information for financial fraud.
|
| Point is, the article provides virtually zero evidence to
| determine who is at fault.
| [deleted]
| azinman2 wrote:
| In fact, it's the opposite. Their success is strategic
| interest.
| paulryanrogers wrote:
| Then why covertly hack them? Why not supply anti-hacking
| tools and expertise?
| xxpor wrote:
| Not saying it's likely or anything, but I think the
| theory would be a false flag for propaganda purposes.
| yabones wrote:
| What makes you think the CIA is the only one developing such
| tools? I would see it as any group's goal to avoid
| attribution.
| iforgotpassword wrote:
| >> In its release, WikiLeaks described the primary purpose of
| "Marble" as to insert foreign language text into the malware to
| mask viruses
|
| This reminds me of Sasser (iirc), which was initially
| attributed to Russia, as it contained Cyrillic. Turned out it
| was a German teen and he and his friends put it in there for
| shits ans giggles and laughed their asses off when "security
| experts" actually took the bait.
| calibas wrote:
| Glad you reminded me that allegations of "state-actor" are
| _not_ reliable, or I might think you 're implying that the CIA
| is responsible. Also, framing someone else is an ancient part
| of espionage, not something the CIA recently invented. They're
| far from the only people who use that tactic.
|
| I'm not going to hold my breath about any party coming clean
| about who's actually responsible. Until then we can just make
| guesses about it based on the evidence we have, the targets,
| the code itself, and the location of the server. It certainly
| points to a state-actor.
| justicezyx wrote:
| Information security is more and more becoming an essential part
| of human economy.
|
| I wonder when will a giant rival today's google msft apple
| appears whose main business is information security.
| NoImmatureAdHom wrote:
| Poor Hong Kong :-(
| smoldesu wrote:
| Remind me why Apple continues to work with a country that is
| responsible for some of the most egregious, disgusting human
| rights abuses again?
| vmception wrote:
| Because history has shown
|
| 1) it doesnt matter.
|
| 2) government contracts are lucrative. a government that seizes
| the means of production simply means they have the means to pay
| even more for contracts willy nilly. (a reference to companies
| that government pursue contracts not apple's private sector
| dealings in manufacturing hubs. and finally this distinction is
| almost not possible in china, but the local chinese companies
| do operate independently with the party as a major shareholder)
|
| 3) you don't really know what the party/regime will do. just
| contract with them all. you dont get an invite from the head of
| state and then say "waaait a minute, are you guys far
| right/left/ideological extremists", you're like "hey! New local
| strongman that wants my company ok lets talk!"
|
| 4) dirty laundry is only aired if your client government gets
| invaded by two coalitions of countries at the same time. it
| just rarely happens and the only effect is that some idealist
| college kids notice that you were involved, once every
| generation
|
| so there's your reminder
| n8cpdx wrote:
| Another way of putting it:
|
| On top of all the challenges imposed by government, why should
| Chinese people get the benefit of best-in-class performance, 5+
| years of software updates, and relative security in a high-
| quality phone? Shouldn't the west punish the people of china by
| withholding their best technology products?
|
| Personally, I think Apple should probably serve its customers
| as best it can while following local law and customs.
| gjsman-1000 wrote:
| Not just Apple - Microsoft made a Chinese Government edition of
| Windows 10. Google manufactures their phones with Foxconn just
| like Apple. Sony made the PS4 at Foxconn.
|
| Apple is just one of all.
| traceroute66 wrote:
| I'm not sure what Apple have to do with it, and in any event
| "working with" is not a fair description.
|
| Apple, like many other companies are a multi-national
| manufacturer. In that situation you have to do two things:
| 1. You have to manufacture your products in volume somewhere
| 2. You have to sell your products in volume somewhere
|
| Try as you might, it is simply not feasible to eradicate China
| from either 1 or 2.
|
| For the manufacturing, even _if_ you were to manage to stop
| direct manufacturing in China, it is largely impossible to stop
| indirect manufacturing in China, there will always be all sorts
| of OEM components in your supply chain that are made in whole
| or in part China.
|
| For the sales, well you _could_ ignore the Chinese market. But
| that is ignoring 1.4 billion people, 18% of the world 's
| population. Plus countless business customers on top of that.
| As a large multi-national company, can you really do that ?
| Especially if you operate in the tech sector ?
|
| As for how Apple (or any other Western company) operates in
| China, you might well find they have little choice under
| domestic legislation. Just because they are a US (or other)
| company, doesn't mean they can ignore local laws.
|
| I'm not defending China here, I'm just saying put yourself in
| Apple (or any other multinational) shoes for a second and think
| about it objectively.
| paulryanrogers wrote:
| Objectively apathy is destructive. Apple may not be willing
| to turn on a dime, but they can start steering their
| manufacturing and market choices elsewhere. Obviously leaving
| a rich and growing market will hurt. So what path causes the
| least harm?
| traceroute66 wrote:
| How about you actually read what I took the time to write ?
|
| To repeat myself in different words: 1.
| Manufacturing: Sure, Tim Cook *could* declare tomorrow
| that Apple will manufacture all devices in the US (or
| Europe or wherever). But *AND IT IS A BIG BUT* would that
| be the truth ? As I quite clearly said above. It is
| *IMPOSSIBLE* to eradicate all indirect Chinese
| manufacturing. You cannot possibly declare that 100% of
| components in an iPhone (or whatever) are not made in whole
| or in part China. There will always be some semiconductor,
| some resistor ... something ! 2. "Steer their
| market choices elsewhere". As I said China is 18% of the
| world's population (plus innumerable business customers).
| Is it really a sensible commercial decision to turn your
| back on such an enormous market ? And what about the
| Chinese who live, work and travel abroad ? Are you going to
| ban them from buying Apple devices internationally too ?
| paulryanrogers wrote:
| Conflict free sourcing is certainly a problem with Cobalt
| and diamonds. Yet I don't hear many voices demanding
| perfectly audited supply chains overnight. Rather, people
| are starting to expect more from producers whose worth is
| in the trillions.
|
| > Is it really a sensible commercial decision to turn
| your back on such an enormous market ?
|
| Business and profit don't exist in a vacuum. There are
| externalities, context, and humans in control. So it's
| entirely sensible to call out, boycott, or even legally
| regulate companies with an outsized impact (even
| indirectly) supporting oppressive regimes.
| HatchedLake721 wrote:
| I don't know if you're being serious or trolling.
|
| Nice way to move blame. Let's use your logic further.
|
| Why is every house in the US filled with stuff imported from
| China, a country that is responsible for some of the most
| egregious, disgusting human rights abuses again?
|
| Why do US consumers (I'm sure you including) continue to buy
| items manufactured in China, a country that is responsible for
| some of the most egregious, disgusting human rights abuses
| again?
|
| Why US has China as its top trading partner, a country that is
| responsible for some of the most egregious, disgusting human
| rights abuses again?
|
| This list can carry on forever...
|
| After few hundred billions worth of trade between US and China,
| suddenly the problem starts with Apple?
| fsflover wrote:
| All questions look reasonable to me. It doesn't mean that you
| should abruptly stop doing _any_ business with China, but
| that you (and Apple!) should at least start thinking how to
| change that.
| HatchedLake721 wrote:
| > but that you (and Apple!) should at least start thinking
| how to change that
|
| Since when me, you or Apple are world police on how
| countries, people and different cultures should live their
| lives?
|
| If we want to change the world, we should start with
| ourselves, our own homes and lead by example.
|
| Last time I remembered, Guantanamo, known for detention
| without trial, torture and major human right abuses is
| still open to this day.
|
| Wouldn't it be better for us to focus and fix our problems
| first (the same problems we accuse others being guilty of),
| rather than expect Apple or any other business to suddenly
| have a duty to teach morals to a country 5x the population
| and 7,000 miles away?
| paulryanrogers wrote:
| Why not both? Let's push to close Guantanamo and reduce
| reliance regimes that oppress the rights of millions
| more.
| chrischen wrote:
| You can't really do both if you aren't doing one of the
| things.
| paulryanrogers wrote:
| Plenty of us are trying, even if only by voting for
| candidates who claim they will and personally boycotting.
| AussieWog93 wrote:
| >It doesn't mean that you should abruptly stop doing any
| business with China, but that you (and Apple!) should at
| least start thinking how to change that.
|
| Honestly, the CCP are doing a damn fine job of that
| themselves - scaring away foreign investors and businesses
| and dragging their own country's reputation through the
| mud.
|
| I rely on China for sourcing goods for my business, and I
| would genuinely switch away from them in a heartbeat if the
| same industry existed anywhere else (not just for moral
| reasons; I'm genuinely worried about some idiotic
| government intervention or international sanctions).
|
| Vietnam, please hurry up!
| emptysongglass wrote:
| Isn't Vietnam set up with an equally stacked regime that
| given power and international influence stands to look a
| lot like yet another autocracy?
|
| If you don't think so, I'd appreciate an analysis why
| not.
| IncRnd wrote:
| I don't know if you're being serious or trolling, but those
| are reasonable questions.
| sircastor wrote:
| Their argument is that they can't effect change if they're not
| there. It doesn't seem like they're making much of an effort
| though. I do think they've had a passive effect on worker
| treatment.
| amarshall wrote:
| Cynically: Money. Lots and lots of money.
|
| Practically: It's likely difficult to shirk them if you
| manufacture most of your products there.
|
| Optimistically: By being there they try to push privacy etc.
| further than other companies, even if it's weak compared to
| elsewhere.
|
| For more, see e.g.
| https://www.nytimes.com/2021/05/17/technology/apple-china-ce...
| curiousgal wrote:
| Because it's an American company and the U.S. itself has not
| been that innocent of a country?
| fsflover wrote:
| Whataboutism?
| AussieWog93 wrote:
| > Whataboutism?
|
| I know he was downvoted, but it's a legitimate retort.
| Every time China's problems get brought up, someone
| attempts to deflect the issues by making a comparison to
| America's problems (which are frankly nowhere near as
| dystopian).
| gjsman-1000 wrote:
| @smoldesu you have a history of trying to start flamewars
| around Apple on unrelated topics. I'd suggest you drop it
| because it is against HN posting rules.
| ngcc_hk wrote:
| One of the few that still in there making money without giving
| IP. Not sure it is good or bad.
___________________________________________________________________
(page generated 2021-11-12 23:01 UTC)