Dustin Childs can still describe the best demonstration of a winning hack at an international tournament he’s ever seen. It happened almost a decade ago. The participants had to find a way to break into a Windows workstation that was hardened with firewalls and up-to-date software to make it more secure. One member of a team from China typed an IP address into the Windows browser, he said, “and took their hands off the keyboard and that was it.” The address triggered computer code that turned the Chinese team’s access from “guest” to “host,” giving them administrator rights and the ability to install whatever code or software — or malware — they wanted. That was in 2017 at Pwn2Own, a hacking competition that drew entrants from around the world — analysts and researchers from cybersecurity firms, primarily — to find new ways to exploit popular software and mobile devices. By then, teams from China had been competing for years, and dominating. They came from universities, companies and elsewhere, said Childs, the head of threat awareness at the cybersecurity firm Trend Micro Inc. The top title at the tournament was called “Master of Pwn,” said Childs, who has been affiliated with the tournament since 2009 and is part of the Zero Day Initiative that runs it.

Full commentary : Experts say China’s hacking breakthroughs have become more secretive since laws began requiring researchers to report vulnerabilities to the government first.