web

Cloud Computing in China Can Allways Be Intercepted By The Government

Posted by

0

The following EMail will give you a view on chinese Internet SSL/TLS Security and cloud computing in china. The Source of this EMAil is an Stratfor called “Professional hacker” with an own “internet security company that consultswith companies globally including China”. Cloud Computing is one of the most common services providers deliver these days to their users/employees also for companies and agencys in china. but there is still a high risk in china if the websites are hosted in the country. It is way easy for the chinese government to intercept your SSL/TLS connection in china because they have root certificates in their browsers – “can still intercept and see SSL/TLS encrypted traffic because “Chinese
governments can still intercept and see SSL/TLS encrypted traffic because they have root certificates in the browser.” and there is nothing a private person or a company can do against this. The source claims that this is “especially true if they manage the infrastructure and don’t just provide hosting.”

you can see the whole EMail follows here:

INSIGHT – CHINA – Cloud Computing – CN64

Date 2011-02-15 20:51:29
From michael.wilson@stratfor.com
To analysts@stratfor.com
Others Listname: mailto:analysts@stratfor.com
MessageId:
InReplyTo: 4D5ACE22.2000406@stratfor.com

Text
**In response to what we just wrote on the CSM

SOURCE: CN64
ATTRIBUTION: Professional hacker
SOURCE DESCRIPTION: Owns his own internet security company that consults
with companies globally including China
PUBLICATION: Yes
SOURCE RELIABILITY: A
ITEM CREDIBILITY: 1
DISTRIBUTION: Analysts
SPECIAL HANDLING: None
SOURCE HANDLER: Jen

In concept this article is factually correct that it is possible (although
the word “clouds” is probably not ideal – “cloud network” is better).
Some might say things like “Well we only use SSL/TLS connections to the
machines, and we have XYZ security in place to prevent direct tampering.”
The problem is if the site is located within China, the Chinese
governments can still intercept and see SSL/TLS encrypted traffic because
they have root certificates in the browser. Once something is in the
physical hands of the enemy there is virtually nothing that the end
company can do. That is especially true if they manage the infrastructure
and don’t just provide hosting. Overall I think it’s a bad idea for
everyone but China. But I’m sure they’d say the same regarding the NSA’s
spying activities, https://www.eff.org/nsa/hepting So it’s a bit like the
pot calling the kettle black.


Jennifer Richmond
China Director
Director of International Projects
richmond@stratfor.com
(512) 744-4324
http://www.stratfor.com

Related Links:
http://wikileaks.org/gifiles/docs/1126742_insight-china-cloud-computing-cn64-.html

WikiLeaks Forum:
http://www.wikileaks-forum.com/index.php/topic,17764.0.html