Security Researcher Pressured into Canceling Talk on Chinese Cyber Army

A security researcher named Wayne Huang was pressured by the Taiwanese government into canceling his talk at the upcoming Black Hat conference in Las Vegas. During his presentation the researcher planned to reveal information gathered in the past decade about the Chinese Cyber Army, an organization engaged in cyber espionage.

Wayne Huang is a frequent speaker at security conferences and the CEO of a Web application security vendor called Armorize. The company is headquartered in Santa Clara, CA, but research and development (R&D) center is based in the Nankang Software Park in Taipei, Taiwan.

Mr. Huang's Black Hat talk entitled “The Chinese Cyber Army: An Archaeological Study from 2001 to 2010” promised to “reconstruct the face of [Chinese] Cyber Army (CA), including who they are, where they are, who they target, what they want, what they do, their funding, objectives, organization, processes, active hours, tools, and techniques,” based on data gathered from incident investigations and forensics dating back to 2001.

Examples of the cyber espionage carried out by this force, which is known as "Wang Jun" ("Cyber Army” in Mandarin language), include the widely-covered Aurora, GhostNet or Titan Rain operations. However, the researcher also planned to include data on more recent intrusions into computer systems belonging to the United Nations or Canadian Security Intelligence Service (CSIS).

In an interview with Threatpost, Caleb Sima, Armorize's CTO and co-founder, explains that the decision to pull the talk was the result of pressure put on both Mr. Huang and the company by the Chinese and Taiwanese governments, who felt that the nature of the presentation was “too sensitive.” Mr. Sima explained that they tried to speak with the right people in order to resolve the situation, but to no avail.

Apparently they were more or less threatened that their Taiwanese employees won't be able to get US travel visas if they go ahead with the talk. Mr. Huang was told that if he ignores this advice he should avoid flying to Hong Kong or Beijing, as he might get arrested. In addition, the company has important business interests in both China and Taiwan that risked being compromised.

The practice of pressuring researchers out of speaking engagements that involve revealing sensitive information to the public is not uncommon. Just last week we reported that renowned European security expert, Raoul Chiesa, canceled his presentation on ATM crimes at the Hack in the Box (HITB) security conference in Amsterdam, after he received legal threats from ATM vendors. Last year, a security researcher named Barnaby Jack, who worked for Juniper Networks at the time, was forced by his employer to pull out of a talk on ATM vulnerabilities.

You can follow the editor on Twitter @lconstantin