MalaGIS

Sharing GIS Technologies, Resources and News.

Recently, a hot topic in the news is the accusation by China's National Security Agency that the United States breached China's National Time Service Center. I have read several news articles that generally introduce this event, but none mention the detailed process. Later, I found a detailed analysis in an official tweet by the National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT), titled "Technical Analysis Report on the Cyber Attack by the U.S. National Security Agency on the National Time Service Center". The content is very professional and provides detailed data, so experts can refer to this article.

I skimmed through it and found that although the introduction is detailed, the initial step of obtaining login credentials for the computer terminals is only briefly mentioned. How did the NSA obtain the login permissions for the computers at the Time Service Center? How was the first breach in the security defense opened?

Triangulation

According to the disclosure by CNCERT, the initial breach occurred between March 24, 2022, and April 11, 2023, when the NSA attacked and stole secrets from more than 10 devices at the Time Service Center through "Triangulation". In September 2022, the attacker obtained the login credentials for an office computer through a foreign-brand mobile phone used by a network administrator at the Time Service Center, and used these credentials to gain remote control of the office computer.

No further information was provided, so I searched for this Triangulation. This is not the triangulation in surveying, but rather a term first disclosed by the renowned Russian security firm Kaspersky. The original article is Operation Triangulation: The last (hardware) mystery. The core attack chain is shown in the figure below:

more >>

Following recent announcements from the Ministry of State Security and the service suspension of ArcGIS Pro basemaps, many users have suggested switching to QGIS. However, does using QGIS truly ensure security and compliance? After several days of research, this article attempts to explore this issue and welcomes further discussion.

more >>

Another major GIS company appears to have encountered security issues. The incident occurred on July 25th. While casually browsing the Spicy GIS group chat, our editor noticed a member sharing a link with the caption "XX got hacked." Initially, the editor didn't pay much attention, assuming it was just another prank like the "Crazy Thursday send me 50" meme. About a week later, on August 2nd, the editor accidentally clicked that link and was surprised to discover that the website genuinely seemed to have been compromised.

Admittedly, the initial discovery was shocking—this is one of China's top-tier GIS companies after all. It highlights that security concerns should be a priority for organizations regardless of size; even the largest companies can have critical oversights.

more >>

A colleague recently asked me about a well-known domestic GIS company. Having no direct experience, I inquired in the MalaGIS discussion group. While initial conversations focused on company benefits and salaries, someone discovered an unexpected issue when visiting the company's official website: a certain link led to inappropriate content.

Note: Screenshots would normally be included but cannot be shown for compliance reasons.

As a technical writer, I believe such issues deserve deeper analysis beyond mere observation.

more >>