During the 16-17 October weekend, China hosted the Tianfu Cup competition in the southwestern city of Chengdu in Sichuan province. The annual summit focuses on issues of cybersecurity and according to the Tianfu Cup official website, “Renowned experts and professionals are invited to share their opinions on the challenges this digital world is facing and what we should do to ensure its safety from the aspect of cybersecurity.”
Interestingly, the Tianfu Cup also organised a hackathon challenge for ethical hackers to break into some of the most commonly used operating systems, platforms, and software tools including Apple’s latest iOS 15. There were a total of 15 target products which the hackers were challenged to break into.
All but 3 of the 15 target products were breached by Chinese hackers including Windows 10, iOS 15, Google Chrome, Microsoft Exchange server among others. The total prize money available for participants was nearly $2 million (approx. Rs. 15,000 crores).
The contest rules were simple, teams were allowed three separate attempts to hack a device using an ‘original vulnerability or exploit’ within five minutes. They had to demonstrate the exploit, gain access to the device and crack the operating system.
The Tianfu Cup is a significant summit as Chinese hackers do not participate in similar hackathon contests in other countries. The largest and most renowned hackathon Pwn2Own is due to take place in Austin, Texas from November 2 to November 5. Zhou Hongyi, the founder of Chinese cybersecurity firm Qihoo 360, had back in 2017 publicly criticised Chinese nationals who traveled overseas for hackathons. Speaking to the Chinese media he had said that vulnerability discoveries by Chinese cyber experts should remain in China.
Furthermore, Apple’s latest iPhone 13 Pro, running a fully patched version of iOS 15.0.2 was breached not once but twice. Other target products that were successfully breached were Adobe PDF, the Asus AX56U router, Docker CE, Parallels VM, QEMA VM, Ubuntu 20, VMware ESXi, and Workstation.
Cybersecurity analysts warn that the choice of targets, the vast majority of which were non- Chinese western companies, also looked like a deliberate attempt at muscle flexing and show of force by the communist nation. Matan Rudis, head of threat intelligence at Silicon Valley based cybersecurity firm SentinelOne, told Bloomberg, “It’s really a way to demonstrate power. It shows you that they have the human capital to do those things.”
Back in mid June when Indian and Chinese troops clashed in Galwan valley that left several soldiers dead on both sides, Mumbai the financial hub of India was hit by a severe power blackout that affected everything from train operations to stock markets, even hospitals had to switch to emergency generators to keep ventilators working.
It was later revealed through several studies that the two events may indeed have been connected. It was a part of a broader Chinese cyber campaign against India’s power grid. It was timed in order to send a clear message to India that if you pressed your claims too hard on the border the power could go out across the country.
