Baidu Blue-Lotus Finishes 2nd at DEFCON, Shows China's Strength in Network Security

LAS VEGAS, Aug. 9, 2016 /PRNewswire/ -- The annual BlackHat and DEFCON conventions were held in Las Vegas from July 30-August 8, 2016 as scheduled. Tens of thousands of hackers from around the world gathered for their most important events of the year.

During DEFCON's hallmark Capture the Flag (CTF) contest, Baidu President Dr. Zhang Yaqin had dinner with Blue-Lotus team members and was on hand to cheer for them. So far, Blue-Lotus is Mainland China's only team to have entered the finals of DEFCON's CTF contest, the world's top-level hacking competition, and placed among the Top 5 in the rankings. The group stands for the highest level of performance, carrying the spirit of freedom and sharing that defines the Chinese hacker circle.

B1o0ps, the team consisting of Blue-Lotus and 0OPS, defeated Korea-based DefKor, the defending champion, in the finals of DEFCON's CTF contest, and ultimately ranked 2^nd with a slight score gap behind US-based PPP, traditionally a strong team. This is the highest ever placing of a Chinese hacker team at the finals of DEFCON's CTF contest.

As part of this grand event for global hackers, Chinese company Baidu Security brought a cool drone formation performance in the evening of August 3rd. Forty-five drones showed respect for the BlackHat and DEFCON conferences, combining to form the messages"HACKFUN" and "BAIDU". Flying in the night skies of Las Vegas, these drones received applause from hackers present at the site. This was the first ever drone performance at the BlackHat event. The fact it was presented by Baidu Security, a security company from China, underscored how much BlackHat recognized and valued China's hacking skills and security teams.

Fast-growing Teams of Chinese Hackers Enjoy Respect at the World's Major Hacking Events

The BlackHat conference is widely viewed in the information security industry as the top-level, highly technologically intensive conference on information security. DEFCON is known as the secret carnival of global hackers and as the best representative of the spirit and culture of hacking. Both hacking events attract researchers from companies and governments, expert hackers from global security companies and research organizations and even officials from U.S. government departments/agencies such as the Department of Defense, the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA).

Chinese hackers have been frequent speakers at the BlackHat conference over the past couple of years. In 2014, two subjects from Chinese hackers were presented at the BlackHat conference; in 2015, that number jumped to nine subjects. This year, 15 top-level hacking technologists from eight Chinese teams of hackers spoke at the conference and enjoyed respect from their global counterparts.

At the BlackHat conference, Microsoft has rented a large space to show the MSRC Top100 on a background wall. Huang Zheng and Li Kemeng from the X-lab of Baidu Security's Business Department are on the TOP100 hacker list, and Baidu remains an industry leader in terms of identifying Microsoft OS vulnerabilities, being acknowledged 16 times and holding the 3^rd place globally. Huang Zheng and Li Kemeng hold the 8^th and 82^nd global places respectively, while Huang holds the 1^st place in China.

In addition, Zhang Yulong and Wei Tao from the X-lab have joined the Pebble Hall of Fame. They identified a security vulnerability allowing the intruder to fully control all Pebble smartwatches(a number in the millions) before stealing and controlling the victims' privacy data in life and at work. They have submitted a protection solution as well. Apart from Pebble smartwatches, all ARM Cortex-M-based smart and Internet-of-things (IoT) devices will be affected. Having identified this security vulnerability is significant. Zhang and Wei will report this problem at the Virus Bulletin conference to be held in Denver this October.

Let China's Voice Be Heard: Chinese Security Technology Gains Global Recognition

China's voice was hardly heard in the first two decades after the Internet was born. Nonetheless, the Internet has brought radical changes in the lifestyles of the Chinese people, their way of thinking and even their values over the past 20 years. The rest of the world has felt the internet's effects on China and seen China's rapidly growing strength in cyberspace.

With the world's largest group of internet users, China is facing increasingly complex challenges. From the perspectives of top-down design and strategy, in particular, China's internet industry is at a crossroads. It is within this context that China-based Internet companies, led by Baidu, Alibaba and Tencent (collectively referred to as the "BAT"), have become increasingly aware of the importance of network security. Accordingly, they have been working hard in the area of network security at a rate reminiscent of China's rise.

Numerous members of China-based security teams were present as speakers at the BlackHat conference. Wei Tao from the Baidu X-lab, in particular, made a speech on the security issue of the globally popular Android platform. He described this issue as "a security vulnerability of the ecosystem" and "the blood cancer of the Android OS".

Starting from the vulnerabilities of the Android kernel, Wei systematically explained how security issues in the Android ecosystem have caused chronic "security diseases". The Android security mechanism relies heavily on kernel integrity. This underlying security mechanism would collapse in the event of any kernel vulnerability. Once securing control over the kernel, the intruder would be able to easily bypass an app's isolation mechanism and most Android OS security mechanisms.

Offering a solution to this problem, Wei presented Baidu Security's latest adaptive kernel hot fixing technology, for which it has applied for five patents. This technology is able to automatically match vulnerabilities of the targeted Android OS for online hot fixing with no need for the source codes and configurations used to compile the kernel. This technology has not only greatly enhanced vendors' ability to respond to the highly fragmented Android platform, but also significantly accelerated the process of vendors' pushing kernel security patches to end users. It is able to fix 99.4% of Android kernel vulnerabilities known in the market, according to statistics.

Cyberspace Security Requires Greater Attention to Security HR Development

Nowadays, there are fewer than 10,000 university graduates per year with the major of information security in China, as opposed to at least 100,000 vacancies to be filled in the information security industry. In addition, Chinese universities pay more attention to theories than practices. This situation contrasts with what is needed by relevant companies.

By holding the XCTF contest in China, Blue-Lotus aims to enhance the ability of Chinese university students majoring in information security to address real-world security problems, thereby promoting the development of relevant talent. Originating at DEFCON 1996, the CTF contest is the best platform for testing the technical skills of hacker teams when it comes to solving real-world problems in network security. In fact, it is Blue-Lotus that took the lead in introducing DEFCON's CTF contest into China before developing it into China's top-level XCTF contest.

Building a Comprehensive Security Ecosystem in an Open Manner and with Public Resources

Consumers' online security has gradually become the basis for products in the era of "Intelligence+". Security has evolved into an ecosystem throughout the process of consumption from the basic protection of user-side equipment, becoming an indispensable cornerstone of user experience. Security will continue to become a gene of all service offerings and users alike, and every network participant and provider benefit from security.

Today, things connect with one another more and more, and traditional industries' access to the internet forms a general trend, but the primary challenge has become how to be fully ready with respect to security. By making full use of advanced technologies such as cloud computing, big data and artificial intelligence (AI), Baidu Security has solved a great deal of security problems across various sectors. To meet the security industry's need to evolve from products toward capacity and from functions toward services, Baidu Security provides customized, comprehensive, multidimensional security solutions based on AI, cloud computing, big data and other security technologies for different companies, different industries and even different application scenarios, satisfying new Internet-relevant needs and requirements in the era of "Intelligence+".

With years of technological heritage and a growing user base in varied areas, Baidu Security is dedicated to building a comprehensive security ecosystem that is intelligent, global and open. On the basis of this system, Baidu Security will be able to provide a broad user base with customized security solutions with high levels of protection. Given a growing device base and increasingly stringent security requirements, it is impossible for any single security vendor or the security industry itself to achieve a high level of information security alone. Being open-minded, Baidu Security is working with China's Ministry of Industry and Information Technology (MIIT), the Ministry of Public Security (MPS), device vendors, carriers and others to further improve the comprehensive security ecosystem. These partnerships aid in improving industry standards, working harder against crimes, communicating directly with users about their needs/requirements and sharing even more data to build a safe, reliable protection system for the public.

Photo - http://photos.prnewswire.com/prnh/20160809/396657

SOURCE Baidu