Why is TikTok a Threat

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

DTChristey

Member
Oct 8, 2020
6
4
Edwards Air Force Base
Forgive me. I'm not really sure how to reach Mr. Gibson and Mr. Laporte with this. If there is a better way, please let me know.

Why is TikTok bad? To respect your time, I'll keep this as short as possible.

In the past few weeks, I've heard commentary regarding the US's policy regarding TikTok. The word "nonsense" has been repeatedly used. I would like to share some information that may may open your mind to a different perspective. Who am I? I am an DOD Security Specialist with a diverse set of experience and expertise. All information below is all open-source information and available to the public.

Up front... By definition, a threat is defined as an adversary who has the intent coupled with capability. Below is a my analysis that ties China together with TikTok as a threat.

I feel it important to note that in 2006 the Chinese adopted a strategy to become the cyber kings. This demonstrates a certain intent (Reference 1). Now, considering how many Pwn2Own competitions and Def Con conferences that were dominated by Chinese nationals. This demonstrates a certain capability. However, that's not really enough. What has China done to earn its reputation with the intelligence community? Big kudos to Wired.com's article. They did a nice job recapping some of the breaches attributed to China (Reference 2).

For many years, China has aggressively pursued US Government employee information. The information gathered in the OPM's Breach reveal who has what type of clearance in the US Government. These documents contain personal and sensitive information and reveal folks working in Cybersecurity for Naval Network Warfare Command, employees supporting our fighters and bombers, and staffers supporting the White House and Air Force One. During these investigations, employees must submit truthful answers regarding past criminal history, drug use, mental health, financial data, etc. If you wanted to find persons with embarrassing and exploitable information, this is a great place to start. Add the information from Experian, Anthem, and Marriott breaches. You have a solid foundation of individuals you may be interested in exploiting, who they are associated with, and where they travel to. As with any information, it ages and becomes less relevant over time.

China has a new tool available. TikTok gathers fresh data on anyone who chooses to allow it. If so desired by the Chines government this information can be aggregated with their existing troves of data. Considering past efforts, do you think China would pass at this opportunity?

As a reminder, TikTok is only one of China's shiny tools in their toolbox. There have been incidents that are classified that I cannot discuss. There have been some with public visibility, e.g.: The Thousand Talents Program (Reference 3) & The Sea Dragon Hack (Reference 4). Again, by aggregation, all of this information combined could reveal classified operations, programs, and exploitable personnel in key positions.

I'm not saying Facebook and other social media platforms have done no wrong. That's why I don't trust them. But, please ask yourself this: Does China and TikTok meet the definition of a Threat in the eyes of US Government Counter Intelligence professionals? If the answer is "yes", I recommend keeping TikTok off government phones.

Thank you for your time. I invite your thoughts.


D.T. CHRISTEY, SFPC, SAPPC, SPIPC, PSC
Information Security Program Manager, 412th Test Wing
AKA
Founder and Chain, The Security Jedi Council



References:
1) Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation 2009. Old arTikle. But, kind of scary.

2) China's Hacking Spree Will Have a Decades-Long Fallout 2020

3) Chines Thousand Talents Plan/Program.

4) Sea Dragon Hack. What Secretive Anti-Ship Missile Did China Hack From The U.S. Navy?
 
  • Like
Reactions: rfrazier
@DTChristey If you wanted to contact @Steve privately, you can do so through email letter icon at the top of the forum. Click that, then click start new conversation. Type steve in the to field and wait a second. It should show a list of steve(s) on the system. It will show a thumbnail of each if available. Mr. Gibson is just "steve" in the list. He's a busy guy, and it might take him a while to reply. I know he reads some of the public messages, but I don't know if he reads them all. I kind of doubt that he reads them all. I don't know if Leo is on this forum.

I'm glad you posted this in public though. It's well written and documented. Thanks for the references. I think many people don't realize just what a threat China is and how talented and determined they are to act against us, while not letting us know it, and preserving trade that's beneficial to them. I don't have any doubts that Tik Tok is a threat. It's an intelligence officer and spy's dream, having millions of your enemy's citizens, some of whom are important targets, having their very own spy station in their pocket. It's much easier than sending actual spies to snoop on people. So, thanks for the post.

I believe almost all apps are dangerous from a privacy point of view. Whether by accident (IE programmer just used a "common" library which spies on you, or by design with malicious intent). I consider almost every app to be dangerous. I have a few, but I keep them to a minimum. Sometimes, I force an app to shut down after using it if I don't think it needs to be in the background. I don't allow anything to access camera, microphone, wifi, or contacts that doesn't need it. Of course, Tik Tok does need it, so it's hard to reign in something like that and still use it.

I don't know how to do it or where to look, but I understand there is a huge and very lucrative industry selling people's private lives to other people. That data has to come from somewhere. I think @Steve and Leo have long had a blind spot toward privacy issues. Although I thoroughly appreciate all the good info they've shared over the years, many of which I follow. I always say, if the app (say heavily advertised game on TV) is free, you are the product. To be fair, @Steve and Leo have said similar things from time to time.

So, I agree with your assertions about the risk. I think this topic needs more air time, especially in places like this forum.

FYI, there's another thread that's been talking about Tik Tok recently. I don't know if you were aware of it.


May your bits be stable and your interfaces be fast. :cool: Ron
 
@DTChristey If you wanted to contact @Steve privately, you can do so through email letter icon at the top of the forum. Click that, then click start new conversation. Type steve in the to field and wait a second. It should show a list of steve(s) on the system. It will show a thumbnail of each if available. Mr. Gibson is just "steve" in the list. He's a busy guy, and it might take him a while to reply. I know he reads some of the public messages, but I don't know if he reads them all. I kind of doubt that he reads them all. I don't know if Leo is on this forum.

I'm glad you posted this in public though. It's well written and documented. Thanks for the references. I think many people don't realize just what a threat China is and how talented and determined they are to act against us, while not letting us know it, and preserving trade that's beneficial to them. I don't have any doubts that Tik Tok is a threat. It's an intelligence officer and spy's dream, having millions of your enemy's citizens, some of whom are important targets, having their very own spy station in their pocket. It's much easier than sending actual spies to snoop on people. So, thanks for the post.

I believe almost all apps are dangerous from a privacy point of view. Whether by accident (IE programmer just used a "common" library which spies on you, or by design with malicious intent). I consider almost every app to be dangerous. I have a few, but I keep them to a minimum. Sometimes, I force an app to shut down after using it if I don't think it needs to be in the background. I don't allow anything to access camera, microphone, wifi, or contacts that doesn't need it. Of course, Tik Tok does need it, so it's hard to reign in something like that and still use it.

I don't know how to do it or where to look, but I understand there is a huge and very lucrative industry selling people's private lives to other people. That data has to come from somewhere. I think @Steve and Leo have long had a blind spot toward privacy issues. Although I thoroughly appreciate all the good info they've shared over the years, many of which I follow. I always say, if the app (say heavily advertised game on TV) is free, you are the product. To be fair, @Steve and Leo have said similar things from time to time.

So, I agree with your assertions about the risk. I think this topic needs more air time, especially in places like this forum.

FYI, there's another thread that's been talking about Tik Tok recently. I don't know if you were aware of it.


May your bits be stable and your interfaces be fast. :cool: Ron
Ron. Nicely said. I appreciate your thoughts.

Like you, I only use apps that are completely necessary. Hell, I've lost my veteran's discount at Home Depot because they require me to download an app to get it.

I am very fond of Mr. Gibson and Mr. Laporte and their efforts to educate users. Security Now and GRC has an amazing community of geeks who get it. But, much of what Mr. Gibson says is over the average user's head. That's why Mr. Laporte's efforts have been so valuable.

What really scares me is the number of US Government employees who are clueless and careless of the threats that are actively targeting them. But, that has been much of my career, "protecting the willingly vulnerable". Hmm. I think I have a topic for next month's Security Jedi Council meeting. Thanks. :)

For the record, I am at your and this community's service.
dc
 
  • Like
Reactions: rfrazier
I recently read a story where Russia claimed an attack aimed at part of their forces was made possible due to their soldier's cell phone signals being located. It seems a reasonable possibility. Something similar happened some time ago where signals coming from the middle of nowhere in a desert gave away a military base's location. I am also very careful about installing apps without good reason. I've refused quite a few based on the permissions they ask for.
 
  • Like
Reactions: rfrazier