scmp.com - The new virtual ID scheme has been in the beta stage since a draft regulation was launched in July last year.

China has officially introduced a controversial national cyber ID system, despite concerns from some experts and netizens over privacy and censorship.

The system aims to “protect the security of citizens’ identity information”, according to regulations that went into effect on Tuesday, backed by the Ministry of Public Security, the Cyberspace Administration of China, and four other authorities.

The app, whose beta version was launched last year, issues an encrypted virtual ID composed of random letters and digits so the person’s real name and ID number are not given to websites when verifying accounts. So far, it is not-mandatory for internet users to apply for the cyber ID.

Starting in 2017, Beijing started ordering online platforms to adopt real-name registration for applications such as instant messaging, microblogs, online forums and other websites that ask netizens to submit their ID numbers. Separately, official ID has been required to register a mobile phone number in China since 2010.

Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.

The notorious hacker USDoD, who is best known for high-profile data leaks, appears to be a man from Brazil, according to investigations conducted by CrowdStrike and others.

Over the past few years, USDoD, aka EquationCorp, has leaked vast amounts of information stolen from major organizations. His targets include the FBI’s InfraGard portal, Airbus, credit reporting firm TransUnion, background checking service National Public Data (NPD), and many others.

As social networks and porn sites move towards a verified identity model, the actions of one cybersecurity researcher show that ID verification services themselves could get hacked too.

A handful cryptographers were asked for feedback on the architecture of the European Identity Wallet (the Architecture Reference Framwork (ARF), currently at version 1.4.0). We seized the opportunity to write a short report to urge Europe to reconsider the design, and to base it on the use of anonymous (aka attribute-based) credentials.

Anonymous credentials were designed specifically to achieve authentication and identification that are both secure and privacy-preserving. As a result, they fully meet the requirements put forth in the eiDAS 2.0 regulation. (The current design does not.) Moreover, they are by now a mature technology. In particular we recommend to use the BBS family of anonymous credentials, which are efficient and mathematically proven secure.

Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits