2 men linked to China’s Salt Typhoon hacker group may have trained at Cisco’s “academy”.

0


To try to determine whether the names were a coincidence, Carey consulted two databases of Chinese names and consulted with Yi Fuxian, a professor of Chinese demography at the University of Wisconsin-Madison. He says the name Qiu Daibing – or 邱代兵 in Chinese characters – is a relatively unlikely name to appear twice by accident. Yi confirmed to WIRED that the surname 邱 represents only 0.27 percent of Chinese names, and when combined with the proper name 代兵 represents a much lower percentage.

The name Yu Yang (余洋 in Chinese characters) is more common. But Carey believes that the two names appearing in connection seem less coincidental. “It’s unlikely that someone with that name, with a Yoo Young, having this skill set and going to the same university in the same place where these companies are incorporated, there’s a very small chance that these people aren’t the right people,” Carey says.

WIRED attempted to contact Qiu Daibing and Yu Yang through Qiu Daibing’s LinkedIn page and an email address on the Beijing Huanyu Tianqiong website, but received no response.

If Carey’s theory that the two men associated with Salt Typhoon were indeed trained at the Cisco Networking Academy is correct, it’s not a flaw or security oversight in Cisco’s program, he says. Instead, it points to a difficult problem in a globalized marketplace where technology products—and even training in the technical details of those products—are widely available, including to would-be adversaries of hacking.

Carey argues that the issue has only become more apparent, however, as China has spent years trying to replace Cisco and other Western equipment on its networks with domestic alternatives. “If China is moving to remove these products from Chinese networks, who is still interested in learning about them?” Carey asks.

For example, China has increasingly limited its information sharing with the global cybersecurity community by pressuring security researchers not to present findings at international conferences, notes John Hultquist, senior analyst for Google’s threat intelligence group.

“It’s like we’re in a sharing group, and they’ve told us directly that they’re not reciprocating,” says Hultquist. We benefit from them with our programs. But it doesn’t go in the other direction.”

About The Author

Leave a Reply

Your email address will not be published. Required fields are marked *