Recently Yahoo News on-line reported the following:
Behind the doors of a Chinese hacking company, a sordid
culture fueled by influence, alcohol and sex (3/3)
By Soo reported from Hong Kong. AP Technology Writer Frank
Bajak
Fri, March 8, 2024 at 1:30 a.m. PST
(continue)
LAX SECURITY, POOR PAY AMONG HACKING WORKERS
China’s booming hackers-for-hire industry has been hit by the country's recent economic downturn, leading to thin profits, low pay and an exodus of talent, the leaked documents show.
I-Soon lost money and struggled with cash flow issues, falling behind on payments to subcontractors. In the past few years, the pandemic hit China’s economy, causing police to pull back on spending that hurt I-Soon’s bottom line. “The government has no money,” I-Soon's COO wrote in 2020.
Staff are often poorly paid. In a salary document dated 2022, most staff on I-Soon’s safety evaluation and software development teams were paid just 5,600 yuan ($915) to 9,000 yuan ($1,267) a month, with only a handful receiving more than that. In the documents, I-Soon officials acknowledged the low pay and worried about the company's reputation.
Low salaries and pay disparities caused employees to complain, chat records show. Leaked employee lists show most I-Soon staff held a degree from a vocational training school, not an undergraduate degree, suggesting lower levels of education and training. Sales staff reported that clients were dissatisfied with the quality of I-Soon data, making it difficult to collect payments.
I-Soon is a fraction of China's hacking ecosystem. The country boasts world-class hackers, many employed by the Chinese military and other state institutions. But the company's troubles reflect broader issues in China's private hacking industry. The country's cratering economy, Beijing's tightening controls and the growing role of the state has led to an exodus of top hacking talent, four cybersecurity analysts and Chinese industry insiders told The Associated Press.
“China is no longer the country we used to know. A lot of highly skilled people have been leaving,” said one industry insider, declining to be named to speak on a sensitive topic. Under Xi, the person added, the growing role of the state in China’s technology industry has emphasized ideology over competence, impeded pay and made access to officials pivotal.
A major issue, people say, is that most Chinese officials lack the technical literacy to verify contractor claims. So hacking companies prioritize currying favor over delivering excellence.
In recent years, Beijing has heavily promoted China's tech industry and the use of technology in government, part of a broader strategy to facilitate the country's rise. But much of China’s data and cybersecurity work has been contracted out to smaller subcontractors with novice programmers, leading to poor digital practices and large leaks of data.
The documents do show that staff are screened for political reliability. One metric, for example, shows that I-Soon checks whether staff have any relatives overseas, while another shows that employees are classified according to whether they are members of China’s ruling Communist Party.
Still, Danowski, the cybersecurity analyst, says many standards in China are often “just for show." But at the end of the day, she added, it may not matter.
“It’s a little sloppy. The tools are not that impressive. But the Ministry of Public Security sees that you get the job done,” she said of I-Soon. “They will hire whoever can get the job done."
Translation
(繼續)
洩漏的文件顯示,中國蓬勃發展的僱用黑客產業受到了中國近期經濟衰退的打擊,導致利潤微薄、工資低和人才外流。
I-Soon 虧損並陷入現金流問題,未能及時向分包商付款。 過去幾年,疫情對中國經濟造成重創,導致警方削減支出,損害了 I-Soon 的年終公司盤數。I-Soon 的營運長在 2020 年寫道: 「政府沒有錢。」
員工的薪水往往很低。 在一份日期為2022
年的薪資文件中,I-Soon
安全評估和軟體開發團隊的大多數員工每月工資僅為5,600
元人民幣(915
美元)至9,000
元人民幣(1,267
美元),只有少數人的工資高於此。 在文件中,I-Soon 職員承認薪資較低,並對公司聲譽表示擔憂。
聊天記錄顯示,低薪和薪資差異導致員工抱怨。 洩漏的員工名單顯示,大多數I-Soon員工擁有職業培訓學校的學位,而不是大學學位,這表明教育和培訓水平較低。 銷售人員反映,客戶對 I-Soon 資料質素不滿意,導致收款困難。
I-Soon 是中國黑客生態系統的一部分。 該國擁有世界級的黑客,其中許多受僱於中國軍方和其他國家機構。 但該公司的麻煩反映了中國私人黑客產業的更廣泛問題。 四位網路安全分析師和中國業內人士告訴美聯社,中國經濟的低迷、北京方面收緊的控制以及國家角色的增強,導致頂級黑客人才大量外流。
一位因話題敏感而不願透露姓名的業內人士表示: 「中國不再是我們以前認識的那個國家了。 許多高技能人才已經離開」。 這位知情人士補充說,在習近平的領導下,國家在中國科技行業中的角色日益增強,強調意識形態而非能力,阻礙了薪酬,並使接觸官員變得至關重要。
人們說,一個主要問題是大多數中國官員缺乏技術素養去核實承包商所說某件事是真實的。 因此,黑客公司優先考慮的是討好而不是提供卓越服務。
近年來,北京大力推動中國科技產業和政府對科技的使用,作為促進國家崛起的更廣泛策略的一部分。 但中國的大部分數據和網路安全工作已外判給僱用無經驗程式設計師的小型分包商,導致數據行為不佳和大量資料外洩。
儘管 I-Soon 的工作具有秘密性質,但該公司的安全守則卻出乎意料地寬鬆。 例如,I-Soon 在成都的辦公室只有很低安全度,而且辦公室向公眾開放,儘管牆上貼有海報,提醒員工「保守國家和黨的秘密是每個公民的義務」。洩漏的文件顯示,I-Soon 層管理人員經常透過微信進行溝通,而微信缺乏點對點加密。
這些文件確實表明,工作人員都經過了政治可靠性篩選。 例如,一項指標顯示,I-Soon 檢查員工是否在海外有親屬,而另一項指標則顯示,根據員工是否是中國執政共產黨的黨員而進行分類。
儘管如此,網路安全分析師 Danowski 表示,中國的許多標準往往「只是為了展示給人看看」。但她補充說,歸根結底,這可能並不重要。
她談到 I-Soon 時說道: 「這是有點草率。 所用工具並不是那麼堂煌。 但公共安全部關注你完成了工作」; 「他們會僱用任何能完成工作的人」。
So,
although the existence of these hacking contractors is an open secret in China,
little was known about how they operate. This report uses the leaked documents
from a firm called I-Soon to reveal an industry where corners are cut, rules
are murky and poorly enforced in the quest to make money. Although they
are outside the government system, they help the authority get useful
information through hacking.
沒有留言:
張貼留言