The Lawfare Podcast

The i-Soon Leaks with Winnona DeSombre Bernsen

Mar 5, 2024

A Chinese cybersecurity firm's data leak reveals hacking methods, tools, and victims, highlighting similarities with U.S. firms. Discussion on vulnerability hoarding, contracting challenges, and developing cybersecurity norms. Exploring Chinese vs. U.S. cyber industries, government involvement, and implications for national security.

37:17

Creator website

Episode guests

Winnona DeSombre Bernsen

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Chinese cybersecurity firm ISUN's leaked documents expose hacking methods and relationships between Chinese and US cyber industries.

Comparing Chinese and Western cybersecurity firms reveals similarities in corporate ecosystems and challenges faced in governmental contracting.

Deep dives

Chinese Cybersecurity Firm's Massive Data Leak Reveals Operations and Similarities with Western Counterparts

Premier Chinese vulnerability researchers and international vulnerability researchers showcased that they could breach top Western tech during the Tamfukup competition in China. The discovered vulnerabilities don't receive immediate patches; instead, they are shared with the Chinese government first. The leaks from the Chinese cybersecurity firm ISUN unveiled internal workings, hacking methods, and relationships between Chinese and US offensive cyber industries.

Introduction

6min

Insights into Chinese Cybersecurity Capabilities

13min

Recruitment at Capture the Flag Events and Health Insurance Options

1min

Prioritizing Self-Care and the Benefits of Therapy

7min

Comparing the Origins and Impact of Western and Chinese Hacking Communities

13min

Exploring Private Sector Hacking Operations and Transparency in Cybersecurity

4min

In mid-February, Chinese cybersecurity firm i-Soon appeared to suffer a massive data leak, which offered unprecedented insight into the operations of the company, known to contract for many Chinese government agencies. The more than 500 documents include conversations between employees, sales pitches, and internal documents, and expose the firm’s hacking methods, tools, and victims. They also show in what ways the offensive cyber industries in China and the U.S. are surprisingly similar.

Eugenia Lostri, Lawfare’s Fellow in Technology Policy and Law, sat down with Winnona DeSombre Bernsen, nonresident fellow at the Atlantic Council, to talk through the leaks and her research into the key similarities and differences between the Chinese companies and their counterparts. They talked about how the Chinese government hoards vulnerabilities, the similar contracting headaches that firms in the U.S. and China suffer from, and how the findings from this leak can be used to develop better norms.

You can listen to the podcast conversation, “China’s Approach to Software Vulnerabilities Reporting,” with Dakota Cary and Kristin Del Rosso here. The conversation, “Rules for Civilian Hackers in War with Tilman Rodenhäuser and Mauro Vignati” is here.

Support this show http://supporter.acast.com/lawfare.

Hosted on Acast. See acast.com/privacy for more information.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

The Lawfare Podcast

The i-Soon Leaks with Winnona DeSombre Bernsen

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Chinese Cybersecurity Firm's Massive Data Leak Reveals Operations and Similarities with Western Counterparts

Analysis of the ISUN Leaks Exposes Structural and Operational Similarities Across Industries

Differences in Origin Shape Industry Behavior and Government Relations

Implications of Vulnerability Disclosure and Government Exploitation on Global Cybersecurity

Remember Everything You Learn from Podcasts