Experts at a private Taiwanese security company decided to pull out of a security conference in Las Vegas after coming under what was described as pressure from Chinese and Taiwanese agencies.
Wayne Huang, chief technology officer and founder of Taiwanese security vendor Armorize Technologies, and Jack Yu, a researcher at the company, were scheduled to give a talk on Chinese cyber warfare capabilities at the Black Hat USA 2010 security conference, which will be held in Las Vegas on Wednesday and Thursday next week.
They said they decided to pull out last week after coming under pressure from several Chinese and Taiwanese agencies.
“The Chinese Cyber Army: An Archaeological Study from 2001 to 2010,” derived from information gathered from intelligence groups across Asia, had been advertised as an in-depth analysis of government-backed Chinese cyber espionage.
“Using facts, we will reconstruct the face of the Cyber Army, including who they are, where they are, who they target, what they want, what they do, their funding, objectives, organization, processes, active hours, tools and techniques,” the Black Hat Web site quoted the presenters as saying.
On Wednesday last week, Armorize chief executive officer Caleb Sima wrote on Twitter that the talk had been pulled because the “Taiwanese [government] is prohibiting it due to sensitive materials.”
Black Hat conference organizers yesterday confirmed to the Taipei Times that the talk had been cancelled, but refused to discuss the reasons why. IDG News, an IT news service, broke the story last week.
During a telephone interview with the Taipei Times yesterday, Huang said the decision to drop out of the conference came after he sought to vet his talk with the intelligence agencies on whose information the report was based.
“It was our choice to pull out. We felt that Black Hat wasn’t the best way to share that information,” he said, adding that other, more official “windows” were more appropriate.
“We didn’t want to draw too much attention by disclosing that information at such a prestigious venue,” he said, adding that Armorize wanted to keep good relations with the agencies involved and continue to be part of the community, something that could have been jeopardized had the information been publicized at Black Hat.
On whether the apprehensions expressed by the various agencies stemmed from concerns over what the talk would reveal about the level of Chinese cyber espionage or the company’s sources and means of collection, Huang said “both.”
He said that from the perspective of the private sector, it was difficult to tell whether the Ma Ying-jeou (馬英九) administration’s efforts to foster closer ties with Beijing had resulted in more pressure to pull the talk.
Asked to confirm if the agencies were governmental, he said the report drew from “multiple sources,” including military, security, intelligence, law enforcement and the private sector.
“We can’t really say who owns the intelligence,” Huang said. “It’s not the raw data that matters, it’s how you spend time analyzing the raw data over 10 years to draw conclusions.”
Santa Clara, California-based Armorize was incorporated in 2006. The company’s R&D center is located in the Nangang Software Park in Taipei.
Although talks have been pulled from the Black Hat conference before, it usually resulted from pressure by the private sector threatening to sue the presenters.
Huang, who used to work as a senior consultant at the Taiwan Information Security Center and a research engineer at the Institute of Information Science at Academia Sinica, gave a version of the talk at a small conference in Taipei in 2007.
As the world’s top security conference, Black Hat would have brought the message to a far larger audience, especially as attendees would have been allowed to record it, something that was prohibited in Taiwan.
A former National Security Council official last week told the Taipei Times that Taiwan served as a “testing ground” for professional Chinese hackers, adding that only after an attack had successfully penetrated Taiwanese systems would China use the same techniques to try to infiltrate other targets.
Taiwan has developed a unique expertise in protecting against and identifying Chinese cyber attacks, skills that have been recognized by several countries, the official said.
The official said Taiwanese intelligence had established that China had about 300,000 professional hackers employed by the government, focusing on an estimated 10,000 “priority” targets in Taiwan, which include both government agencies and the private sector.
Commenting on Huang’s talk in 2007, White Hat Security chief technology officer Jeremiah Grossman said Taiwan’s cyber crime environment was “way more serious than anything I’ve ever been exposed to in the US or elsewhere,” IDG wrote.
Source: Taipei Times - 2010/07/21