Forgive me. I'm not really sure how to reach Mr. Gibson and Mr. Laporte with this. If there is a better way, please let me know.
Why is TikTok bad? To respect your time, I'll keep this as short as possible.
In the past few weeks, I've heard commentary regarding the US's policy regarding TikTok. The word "nonsense" has been repeatedly used. I would like to share some information that may may open your mind to a different perspective. Who am I? I am an DOD Security Specialist with a diverse set of experience and expertise. All information below is all open-source information and available to the public.
Up front... By definition, a threat is defined as an adversary who has the intent coupled with capability. Below is a my analysis that ties China together with TikTok as a threat.
I feel it important to note that in 2006 the Chinese adopted a strategy to become the cyber kings. This demonstrates a certain intent (Reference 1). Now, considering how many Pwn2Own competitions and Def Con conferences that were dominated by Chinese nationals. This demonstrates a certain capability. However, that's not really enough. What has China done to earn its reputation with the intelligence community? Big kudos to Wired.com's article. They did a nice job recapping some of the breaches attributed to China (Reference 2).
For many years, China has aggressively pursued US Government employee information. The information gathered in the OPM's Breach reveal who has what type of clearance in the US Government. These documents contain personal and sensitive information and reveal folks working in Cybersecurity for Naval Network Warfare Command, employees supporting our fighters and bombers, and staffers supporting the White House and Air Force One. During these investigations, employees must submit truthful answers regarding past criminal history, drug use, mental health, financial data, etc. If you wanted to find persons with embarrassing and exploitable information, this is a great place to start. Add the information from Experian, Anthem, and Marriott breaches. You have a solid foundation of individuals you may be interested in exploiting, who they are associated with, and where they travel to. As with any information, it ages and becomes less relevant over time.
China has a new tool available. TikTok gathers fresh data on anyone who chooses to allow it. If so desired by the Chines government this information can be aggregated with their existing troves of data. Considering past efforts, do you think China would pass at this opportunity?
As a reminder, TikTok is only one of China's shiny tools in their toolbox. There have been incidents that are classified that I cannot discuss. There have been some with public visibility, e.g.: The Thousand Talents Program (Reference 3) & The Sea Dragon Hack (Reference 4). Again, by aggregation, all of this information combined could reveal classified operations, programs, and exploitable personnel in key positions.
I'm not saying Facebook and other social media platforms have done no wrong. That's why I don't trust them. But, please ask yourself this: Does China and TikTok meet the definition of a Threat in the eyes of US Government Counter Intelligence professionals? If the answer is "yes", I recommend keeping TikTok off government phones.
Thank you for your time. I invite your thoughts.
D.T. CHRISTEY, SFPC, SAPPC, SPIPC, PSC
Information Security Program Manager, 412th Test Wing
AKA
Founder and Chain, The Security Jedi Council
References:
1) Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation 2009. Old arTikle. But, kind of scary.
2) China's Hacking Spree Will Have a Decades-Long Fallout 2020
3) Chines Thousand Talents Plan/Program.
4) Sea Dragon Hack. What Secretive Anti-Ship Missile Did China Hack From The U.S. Navy?
Why is TikTok bad? To respect your time, I'll keep this as short as possible.
In the past few weeks, I've heard commentary regarding the US's policy regarding TikTok. The word "nonsense" has been repeatedly used. I would like to share some information that may may open your mind to a different perspective. Who am I? I am an DOD Security Specialist with a diverse set of experience and expertise. All information below is all open-source information and available to the public.
Up front... By definition, a threat is defined as an adversary who has the intent coupled with capability. Below is a my analysis that ties China together with TikTok as a threat.
I feel it important to note that in 2006 the Chinese adopted a strategy to become the cyber kings. This demonstrates a certain intent (Reference 1). Now, considering how many Pwn2Own competitions and Def Con conferences that were dominated by Chinese nationals. This demonstrates a certain capability. However, that's not really enough. What has China done to earn its reputation with the intelligence community? Big kudos to Wired.com's article. They did a nice job recapping some of the breaches attributed to China (Reference 2).
For many years, China has aggressively pursued US Government employee information. The information gathered in the OPM's Breach reveal who has what type of clearance in the US Government. These documents contain personal and sensitive information and reveal folks working in Cybersecurity for Naval Network Warfare Command, employees supporting our fighters and bombers, and staffers supporting the White House and Air Force One. During these investigations, employees must submit truthful answers regarding past criminal history, drug use, mental health, financial data, etc. If you wanted to find persons with embarrassing and exploitable information, this is a great place to start. Add the information from Experian, Anthem, and Marriott breaches. You have a solid foundation of individuals you may be interested in exploiting, who they are associated with, and where they travel to. As with any information, it ages and becomes less relevant over time.
China has a new tool available. TikTok gathers fresh data on anyone who chooses to allow it. If so desired by the Chines government this information can be aggregated with their existing troves of data. Considering past efforts, do you think China would pass at this opportunity?
As a reminder, TikTok is only one of China's shiny tools in their toolbox. There have been incidents that are classified that I cannot discuss. There have been some with public visibility, e.g.: The Thousand Talents Program (Reference 3) & The Sea Dragon Hack (Reference 4). Again, by aggregation, all of this information combined could reveal classified operations, programs, and exploitable personnel in key positions.
I'm not saying Facebook and other social media platforms have done no wrong. That's why I don't trust them. But, please ask yourself this: Does China and TikTok meet the definition of a Threat in the eyes of US Government Counter Intelligence professionals? If the answer is "yes", I recommend keeping TikTok off government phones.
Thank you for your time. I invite your thoughts.
D.T. CHRISTEY, SFPC, SAPPC, SPIPC, PSC
Information Security Program Manager, 412th Test Wing
AKA
Founder and Chain, The Security Jedi Council
References:
1) Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation 2009. Old arTikle. But, kind of scary.
2) China's Hacking Spree Will Have a Decades-Long Fallout 2020
China's Hacking Spree Will Have a Decades-Long Fallout
Equifax. Anthem. Marriott. OPM. The data that China has amassed about US citizens will power its intelligence activities for a generation.
www.wired.com
3) Chines Thousand Talents Plan/Program.
Chinese Talent Plans | Federal Bureau of Investigation
Learn more about Chinese talent plans, how they work, and risks to U.S. businesses, universities, and laboratories—as well as to talent plan participants.
www.fbi.gov
4) Sea Dragon Hack. What Secretive Anti-Ship Missile Did China Hack From The U.S. Navy?
What Secretive Anti-Ship Missile Did China Hack From The U.S. Navy?
Details surrounding the Navy's Sea Dragon program remain scarce, but there are some distinct possibilities.
www.thedrive.com