047 Chinese Government Alters Threat Database Records

In episode 29 of this podcast we heard from Bill Ladd, Chief Data Scientist at Recorded Future, about the differences between the US and Chinese cyber threat vulnerability reporting systems. He pointed out the difference in speed-of-publishing between the two, with the Chinese generally being faster, as well as their conclusion that the Chinese National Vulnerability Database (CNNVD) is essentially a shell for the Chinese MSS, the Ministry of State Security. This being the case, there’s evidence that the Chinese evaluate high-threat vulnerabilities for their potential operational utility before releasing them for publication. Since then, researchers at Recorded Future have taken another look at the CNNVD and discovered the outright manipulation of publication dates of vulnerabilities. Priscilla Moriuchi is Director of Strategic Threat Development at Recorded Future, and along with Bill Ladd she’s coauthor of their research analysis, “Chinese Government Alters Threat Database Records.” She joins us to discuss their findings, and their broader implications.

Om Podcasten

The podcast that tells true stories about the people making and breaking our digital world. We take listeners into the world of cyber and intelligence without all the techie jargon. Every Tuesday and Friday, former NPR investigations correspondent Dina Temple-Raston and the team draw back the curtain on ransomware attacks, mysterious hackers, and the people who are trying to stop them.