news

[Global Times reporter Guo Yuandan] On the 4th, the Ministry of State Security issued an urgent reminder on its WeChat official account, saying that some office "black technologies" including "file transfer assistants" may have the risk of leaking secrets. Network security experts interviewed by the Global Times reporter said that groups engaged in sensitive work must always adhere to the rigid system and regulations that do not go online for confidential information and do not go online for confidential information.

The news released by the Ministry of National Security shows that in recent years, cases of leakage of secrets caused by the use of online office programs have occurred repeatedly, exposing a series of risks and hidden dangers. The cases of leakage of secrets in office black technology named include cloud assistants leaking confidential documents, image and text recognition applet leaking confidential originals, AI writing leaking confidential content, and work groups leaking confidential information. The news said that in recent years, AI writing has flourished. When some confidential personnel drafted confidential materials, in order to save working time, they illegally entered confidential materials and confidential file contents into AI writing applet to generate articles, and thought that they were just intercepting file fragments and would not cause leakage. Little do they know that AI applet will automatically collect the information content entered by users for self-learning, and the relevant data can be easily stolen by foreign spy intelligence agencies, resulting in the leakage of state secrets. The news said that it is strictly forbidden to upload confidential documents to the Internet after taking pictures and extracting them. When using text recognition, AI writing and other functions, you should avoid entering confidential files to prevent the convenience of work but the leakage of secrets.

The message stressed that while the public is enjoying the convenience that technology brings to their daily work and life, they must also firmly tighten their guard against confidentiality and be wary of the conspiracies and tricks of foreign spy intelligence agencies to use the Internet to steal our country's secrets.

In this regard, Li Baisong, deputy director of the Technical Committee of Antiy Technology Group, said in an interview with the Global Times on the 4th that there are risks of channel leakage and cloud leakage in daily operations.

The first is the risk of channel leakage. Internet infrastructure is not a simple communication system, but has become a "battlefield" for traffic business operations. Some commercial organizations have built some traffic retention analysis mechanisms on the network side to perform operations including accurate user profiling, including intrusions from black and gray industries. "Among them, foreign intelligence agencies have always focused on invading our operator systems. For example, the Quantum Hand system of the NSA in the United States is a mechanism based on invading operators and network equipment in other countries to achieve traffic acquisition and precise penetration. At the same time, although the information of commonly used chat tools is encrypted, in order to reduce resource usage, many attachments are not encrypted. This makes the files of some tools transmitted in plain text on the network side, which leads to risks as long as the traffic side is obtained and restored."

The second is the risk of cloud leaks. The relevant files are transferred through the services of Internet service providers, so the relevant data is visible to Internet service providers at the logical level. On the one hand, this raises concerns about whether service providers will use relevant data to strengthen user profiling capabilities and ultimately train large models. On the other hand, it also provides more resources for insiders in service providers to spy on them, and once the service providers are hacked, they may suffer greater losses.

In addition, regarding why the "File Transfer Assistant" that everyone is using generally can lead to information leakage, Li Baisong explained that this move has increased the number of accessible entrances to information. After the relevant files are placed in a similar sharing mechanism, the original file access permission conditions that were only accessible to the user's work and home hosts have been transferred, which has become similar to the previous situation where the user loses his mobile phone or the IM login is cracked, bringing a greater risk of information leakage. Especially for WEB WeChat users, due to problems such as untimely response after clicking, the content that you want to transfer to the transfer assistant may be mistakenly sent to other people or even WeChat groups.

In this regard, Li Baisong suggested that people engaged in sensitive work should always adhere to the rigid system and regulations that do not use the Internet for confidential information and do not use the Internet for confidential information. For internal corporate information and work information, they should adhere to work safety regulations such as email communication and encrypted attachment sending.

One fact that cannot be ignored is that improving the efficiency of file transfer and sharing in daily work and communication is a rigid demand, and mobile office is already a widely established fact. Li Baisong said that there are also some practical tips for daily life information, such as pinning the "File Transfer Assistant" to the top, which can avoid the situation where you find it through search when you want to use it, but end up accidentally sending it to the account of a social engineering attacker (social engineering hacker attack). "Previously, a security practitioner did a prank test. He changed his WeChat name to 'File Transfer Helper' and the icon to the same icon. After that, he received a lot of files from WeChat friends."

"In addition, relevant departments should make more practical regulatory adjustments to guide the industry to provide compliant, safe product tools and solutions to meet relevant needs," said Li Baisong.