54.8 F
Washington D.C.
Wednesday, December 7, 2022

Western Companies with Chinese Websites are Compromised, Firm Says

In an emergency conference call, Web Presence In China CTO Alex Ververis advised more than 50 Western organizations’ representatives on the fallout of the revelations that Baidu Tongji is being used to weaponize website traffic against Western sites such as Github, the company said in an announcement, saying China’s default analytics tool constitutes malware.

“If you have Baidu’s analytics tool Tongji associated with your Chinese Website, you’re essentially hosting malware,” Ververis told attendees of the conference call. “The Chinese government’s people at China Unicom can redirect your traffic to take down Western sites it has issue with, as it has with Github’s New York Times and Greatfirewall.org sites.”

Ververis was referring to the “massive denial of service attacks that recently shut down Github, the world’s number one open source development platform,” the announcement said, adding, “The attacks were directed at mirror sites of the New York Times and Greatfirewall.org on Github. Although the official sites are blocked in China, Github’s ability to share the code for the sites and thus spawn mirror replicas accessible on the mainland is the reason behind the attacks.”

“There’s very little doubt in my mind that the Chinese government is mandating this attack on Github, and can and will use the same approach on other sites it finds objectionable,” Ververis said. “Whatever a Western organization’s opinion on the matter, the factor it cannot ignore is that Baidu’s analytics tool, Tongji, represents a potential security breach which can be used in facilitating such attacks. Basically, anytime a visitor comes to your Chinese Website, and that Website is enabled with Tongji to track data, the user is downloading Javascript which can then be deployed for the kind of attacks that are taking down Github sporadically.”

As CTO of Web Presence In China, a full service digital agency headquartered in Beijing, Ververis’ role includes overseeing not only programming projects, but also ensuring the hosting and data security of clients with digital assets on the Chinese Internet.

Ververis also advised stakeholders on the call with China digital assets of more direct risks to their sites.

“Those of you with SSL certificates on your site may find your good ratings compromised by using BaiduTongji for analytics,” he said. “Norton and Comodo are eventually going to have to take into account the compromised status of Tongji, and penalize the certification of sites that are using them. That will mean visitors seeing warning signs associated with your site, a huge blow to customer experience.”

Analytics tools are essential to modern digital marketing, but the prospect of abandoning Baidu’s Tongji can seem a dismaying one, especially considering that since Google is blocked in China, its analytics tool is at best 70 percent accurate, according to Web Presence in China research.

Ververis offered an alternative for those seeking a third way.

“Chinalytics is hosted inside the Great Firewall, which means 100 percent accuracy, but is open source, which means it’s secure from the kind of mischief to which Tongji or another proprietary platform can so easily be turned,” he said. “The only other option I’m aware of is Adobe’s Omniture, which starts at approximately $17,000 a year. Chinalytics is a drop-in replacement for Google Analytics, and designed for the Western user. Anyone who needs reliable, secure China data should check it out, and by all means take steps to disassociate from Baidu Tongji, as well as other third party systems linked to the Chinese government.”

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles