THE CHINESE GOVERNMENT has taken action to ensure security researchers from the country to do not share their knowledge at cybersecurity events outside of China, particularly those in Western countries.
So says CyberScoop, which also reports that Chinese security services been accused by security researchers of vetting submissions to China's National Vulnerability Database (CNNVD) in order to cherry-pick the best ones for use in cyber espionage.
One of the events that will instantly be affected by this move is Pwn2Own, a hacking competition set to take place 14-16 March Vancouver, Canada.
Chinese security researchers were told that they could not attend and could not report vulnerabilities to third parties
"There have been regulatory changes in some countries that no longer allow participation in global exploit contests, such as Pwn2Own and Capture the Flag competitions," explained Brian Gorenc, director of Trend Micro's Zero Day Initiative, which manages the Pwn2Own event.
A Trend Micro spokesperson confirmed that Gorenc was referring to China specifically.
Pwn2Own may be hit harder than other events as Chinese teams have dominated the competition, in which the aim is to discover critical flaws in software products from major vendors, such as Google, Microsoft, Oracle and Mozilla.
Adam Segal, director of the digital and cyberspace policy programme at the Council for Foreign Relations told CyberScoop the restriction was recently introduced.
"People were told that they could not attend and could not report vulnerabilities to third parties, but could still report back/sell to vendors," Segal said.
"It will probably cut the income for a lot of white hats," he added.
The influence of the Chinese government may have spread to Chinese technology companies, who may stop their employees or convince independent contractors from attending conferences outside of China.
This was already apparent last year when Qihoo 360 CEO and co-founder Zhou Hongyi suggested that independent Chinese security researchers shouldn't travel to foreign conferences to share their findings and that any knowledge of undisclosed software vulnerabilities "should remain in China".
Governments are becoming increasingly wary about software exploits that can be used for cyber espionage or cyber-crime and are trying to find them to ensure that their region is safeguarded. However, some countries would prefer to keep the disclosures within their own boundaries.
Last year, the FBI arrested a Chinese national after he entered the US to attend a conference. The man was facing charges related to the malware used in the 2015 data theft from the Office of Personnel Management computer systems. µ
Slack, hack and crack
A flaw in the protocol affects iOS, macOS and Windows 10
Wig wearer has issue with non-wig-wearer