This website collects cookies to deliver better user experience. Cookie Policy
Accept
Sign In
The Wall Street Publication
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Reading: After Alibaba Spotted Global Software Flaw, Beijing Complains of Delay
Share
The Wall Street PublicationThe Wall Street Publication
Font ResizerAa
Search
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Have an existing account? Sign In
Follow US
© 2024 The Wall Street Publication. All Rights Reserved.
The Wall Street Publication > Blog > Tech > After Alibaba Spotted Global Software Flaw, Beijing Complains of Delay
Tech

After Alibaba Spotted Global Software Flaw, Beijing Complains of Delay

Editorial Board Published December 22, 2021
Share
After Alibaba Spotted Global Software Flaw, Beijing Complains of Delay
SHARE

This week, the company found itself in hot water in China for what officials said was its failure to report the Log4j2 software flaw to Beijing in a timely fashion. The Chinese ministry in charge of technology suspended a cybersecurity partnership with Alibaba’s cloud-computing unit over the matter, Chinese state media reported.

Contents
Newsletter Sign-upWSJ Pro Cybersecurity

Newsletter Sign-up

WSJ Pro Cybersecurity

Cybersecurity news, analysis and insights from WSJ’s global team of reporters and editors.


The flaw in Apache Log4j software, a free bit of code that logs activity in computer networks and applications, was made public this month, and it is being exploited by hackers in an attempt to gain access to corporate and government systems. In the U.S., officials said hundreds of millions of devices were at risk and issued an emergency directive ordering federal agencies to take steps to mitigate the threat by Christmas Eve.

Distributed by the nonprofit Apache Software Foundation, Log4j is among the most widely used tools to collect information across corporate computer networks, websites and applications.

Researcher Chen Zhaojun of Alibaba Cloud, a subsidiary of the Hangzhou-based e-commerce company, first reported the vulnerability, a spokeswoman for the Apache Software Foundation said. Mr. Chen is a staffer on Alibaba Cloud’s security team, according to an online Apache logging services security report.

Cybersecurity experts say the general etiquette for researchers who find software flaws is to privately report the vulnerabilities to developers who can issue fixes. Making software flaws or updates public before such patches are in place can set off a race among hackers to take advantage of such issues.

Alibaba declined to comment on Beijing’s allegation of a reporting delay and Mr. Chen’s involvement.

Mr. Chen had called the foundation’s attention to the flaw on Nov. 24, and within a day, Apache—which is run by a team of volunteers—had accepted his report and started researching a fix, the software group said. Apache communicated with Mr. Chen several times over the next two weeks, discussing a possible fix, it said.

By Dec. 9, when Apache was nearly ready to release a patch, Mr. Chen alerted the foundation that users on Chinese chat forums were discussing the flaw, raising the possibility that hackers could already be trying to exploit it, said Gary Gregory, one of the nonprofit’s volunteer developers.

“The timing there was unfortunate,” Mr. Gregory said.

On Wednesday, China’s Ministry of Industry and Information Technology, also known as MIIT, said its cybersecurity threat and information platform would be stopping its cooperation with Alibaba Cloud for six months over the alleged failure by the company to highlight the vulnerability in a timely fashion, the state-run China Daily reported, citing unnamed ministry officials.

Alibaba Cloud is part of a national cybersecurity-threat platform that requires members to promptly report information about such glitches, the report said. Alibaba’s failure to report the Log4j2 flaw to the relevant authorities in a timely manner hindered efforts by China’s MIIT to handle the threat effectively, China Daily reported.

The ministry said it would reassess Alibaba’s corrective measures before resuming its current partnership, China Daily added. MIIT didn’t respond to a faxed request for comment sent after office hours.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing, and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann

Alibaba has faced a number of regulatory headwinds over the past year as Beijing has tightened its control over China’s most influential internet companies. The technology juggernaut was hit with a record $2.8 billion fine for antitrust violations in April and its financial affiliate Ant Group has been forced to restructure according to regulations laid out by China’s central bank.

MIIT said Friday on its website that Alibaba Cloud had recently discovered the Log4j vulnerability and had informed the Apache Foundation about its existence. The statement added that the ministry was informed of the vulnerability through its cybersecurity-threat platform on Dec. 9. It didn’t make clear who filed the reports.

The ministry said it immediately called in cybersecurity experts, including those from Alibaba Cloud, to assess the cybersecurity threat. In the statement, the ministry said the Log4j flaw was a high-risk vulnerability that could lead to equipment being controlled remotely and sensitive information being stolen.

The vulnerability allows hackers to remotely execute code on a target computer to potentially take over devices, install ransomware or create back doors for future attacks. Cybersecurity researchers say they have already observed hackers linked to governments in several countries attempting to exploit the flaw. China was among the countries mentioned, as were Iran, Turkey and North Korea.

A spokesman for the Chinese Embassy in Washington said last week that Beijing opposes cyberattacks of any kind.

Since the flaw’s discovery was made public, technology suppliers such as International Business Machines Corp. and VMware Inc. have said they are deploying patches for software that contains the flaw, while Amazon.com Inc. and Microsoft Corp. have said they are monitoring the issue.

In the European Union, cybersecurity response teams for member countries are closely watching Log4j developments. Belgium’s Defense Ministry said it had shut down parts of its computer network because of cyberattacks linked to the vulnerability.

A top U.S. cybersecurity official described the vulnerability as the worst she had ever seen.

Alibaba, the first Chinese technology provider to make a foray into cloud computing, is China’s largest cloud provider and had 34% of the country’s market in the second quarter of the year, according to researcher Canalys.

—Rachel Liang and Zhao Yueling contributed to this article.

Write to Liza Lin at [email protected] and David Uberti at [email protected]

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

TAGGED:Tech NewsWall Street Publication
Share This Article
Twitter Email Copy Link Print
Previous Article China bans independent religious groups from nation’s internet, outlaws foreign operators China bans independent religious groups from nation’s internet, outlaws foreign operators
Next Article China Evergrande Says State-Backed Risk Team Will Engage With Creditors China Evergrande Says State-Backed Risk Team Will Engage With Creditors

Editor's Pick

California dwelling of lacking child’s mother and father searched; father has served time for youngster cruelty

California dwelling of lacking child’s mother and father searched; father has served time for youngster cruelty

San Bernardino County sheriff’s investigators on Sunday, Aug. 17, searched the house of the mother and father of the infant…

By Editorial Board 9 Min Read
Farmer Needs a Spouse: John Sansone and Claire Dinette Break up!
Farmer Needs a Spouse: John Sansone and Claire Dinette Break up!

Studying Time: 2 minutes It's sadly over for one more actuality tv…

4 Min Read
Steak ‘n Shake slams Cracker Barrel CEO for eliminating ‘old-timer’ from emblem: ‘We take delight in our historical past’
Steak ‘n Shake slams Cracker Barrel CEO for eliminating ‘old-timer’ from emblem: ‘We take delight in our historical past’

FOX Enterprise’ Jeff Flock experiences on Cracker Barrel unveiling a brand new…

4 Min Read

Oponion

Amazon Purchase of MGM Gets Green Light in EU

Amazon Purchase of MGM Gets Green Light in EU

European Union antitrust officials gave a green light to Amazon.com…

March 15, 2022

Devolved nation leaders reward Starmer in uncommon win for No 10 | Politics Information

Sir Keir Starmer is just not…

December 6, 2024

Kiss Frontman Gene Simmons Lists Las Vegas Home Overlooking the Strip for $14.95 Million

This spring, Kiss frontman Gene Simmons…

October 21, 2021

Judge blocks release of records in Bob Saget’s death

A Florida judge granted the request…

February 17, 2022

One Way to Spend Less: Spread Out Your Paychecks

Yes, in many cases, new research…

February 11, 2022

You Might Also Like

Selecting the Proper MacBook Is not As Troublesome As You Would possibly Suppose
Tech

Selecting the Proper MacBook Is not As Troublesome As You Would possibly Suppose

The larger change is in what number of exterior shows the M3 MacBook Air can help. Whereas the M4 mannequin…

29 Min Read
Our Editors’ Favourite Large Display screen Chromebook Is Now 9
Tech

Our Editors’ Favourite Large Display screen Chromebook Is Now $159

Again to high school is at all times a good time to choose up a deal on a brand new…

2 Min Read
The Rad ‘Tony Hawk’s Professional Skater 3+4’ Remasters Are  Off Proper Now
Tech

The Rad ‘Tony Hawk’s Professional Skater 3+4’ Remasters Are $15 Off Proper Now

In search of a wholesome dose of gaming nostalgia? It can save you $15 on Tony Hawk’s Professional Skater 3+4,…

3 Min Read
The Finest Paper Planners Our Editors Use to Set up Their Lives
Tech

The Finest Paper Planners Our Editors Use to Set up Their Lives

There's nothing like the sensation of a brand-new planner. As the brand new faculty yr kicks off, we have discovered…

32 Min Read
The Wall Street Publication

About Us

The Wall Street Publication, a distinguished part of the Enspirers News Group, stands as a beacon of excellence in journalism. Committed to delivering unfiltered global news, we pride ourselves on our trusted coverage of Politics, Business, Technology, and more.

Company

  • About Us
  • Newsroom Policies & Standards
  • Diversity & Inclusion
  • Careers
  • Media & Community Relations
  • WP Creative Group
  • Accessibility Statement

Contact

  • Contact Us
  • Contact Customer Care
  • Advertise
  • Licensing & Syndication
  • Request a Correction
  • Contact the Newsroom
  • Send a News Tip
  • Report a Vulnerability

Term of Use

  • Digital Products Terms of Sale
  • Terms of Service
  • Privacy Policy
  • Cookie Settings
  • Submissions & Discussion Policy
  • RSS Terms of Service
  • Ad Choices

© 2024 The Wall Street Publication. All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?