China’s Ministry of State Security has warned office workers that online work tools can pose espionage risks, and that leaks have “occurred repeatedly” in recent years.
“Many online platforms gathered powerful ‘dark technology’ functions that combine both social and office work features,” the ministry said on its official WeChat account on Sunday.
It cited instant communication, format conversion, file transfer and group discussion tools as examples of risky applications.
Uploading confidential files to those platforms increased the risk for “overseas spying and intelligence agencies” to “steal” sensitive data and should be “strictly prohibited”, the ministry said.
02:15
Airports across the world see operations disrupted as Microsoft systems outage hits globally
Airports across the world see operations disrupted as Microsoft systems outage hits globally
A similar call about file transfer tools went out to government officials and employees in June, and last month a major Chinese tech company announced it was suspending a file storage and transfer tool.
The ministry singled out a type of product called File Transfer Assistant, which bears the same name to a file backup service provided by Tencent’s WeChat, allowing users to send files to themselves.
The ministry said that when employees uploaded classified documents from personal devices to cloud storage systems such as File Transfer Assistant, it “greatly increases risks of overseas spying and intelligence agencies obtaining relevant documents through [inserting] Trojan viruses”.
“The back end of the transfer software company can easily obtain confidential documents, and cannot effectively control the scope of access, which easily causes leakage,” it said.
It also warned there were risks of information being leaked when using optical character recognition software to extract text from images in confidential files, and when inputting confidential information to generate text in AI software.
China’s top spy agency warned government officials in June against storing classified information on cloud services because cloud data had become “a major focus of foreign spy agencies”.
Tencent suspended all file uploads to another cloud service tool, WeCloud, a month later, and said it would stop operation in October because of “business restructuring”.
A notice on Tencent’s WeCloud website urged customers to back up their files and said it would refund subscribers of the service.
The application regularly reminds users that confidential content is prohibited in the system during uploads.
01:58
China denies accusations of state-sponsored hacking from US, UK and New Zealand
China denies accusations of state-sponsored hacking from US, UK and New Zealand
The ministry’s call is part of China’s wider information protection campaign amid tech rivalry and geopolitical tensions with the US.
Another Chinese government department, the Ministry of Industry and Information Technology, released test rules in May for industry and information technology companies to conduct data security risk assessments, with China lagging behind the West in data protection.
Efforts also include a major overhaul of its broadly defined state secrets law for “the new era”, which widened the scope of restricted information to include “work secrets” – those that are not state secrets but that would “cause certain negative effects if leaked”.
The Ministry of State Security set up a WeChat page in July last year to push back against Western criticism of its national security efforts and enlist the public in counter-intelligence.
