Wednesday, February 17, 2010

Hackers in China Feast on a Lucrative Market - - 12 Feb 2010

Amid the Google cyberattack controversy and China's recent show of anti-hacking force, Chinese web sites continue to provide hacker training and spyware with impunity. Trojan horse attackers derive 95 percent of their revenues from selling virtual items and online game accounts. U.S. officials are certain that hackers are employed by the government.

Chinese Web sites sell hackers all sorts of Trojan horse programs and other malicious software designed to penetrate computer security systems. Online gaming in China alone presents hackers with a market whose value, according to a recent estimate by the state broadcaster CCTV, is 10 billion yuan (1 billion euros) annually [or $1.37 billion].

Using Trojan software secretly implanted in targeted computers, hackers steal users' personal information Relevant Products/Services and game accounts and logins and then transfer valuable, hard-won virtual Relevant Products/Services items and sell them via online sites. Meanwhile, non-hackers dip deep into their pockets to stay competitive in the online games.

According to Chinese experts, the country's Trojan horse attackers derive 95 percent of their revenues from selling virtual items and online game accounts.

The controversy surrounding recent sophisticated cyberattacks on the U.S.-based Internet giant Google Inc. has put a spotlight on China's booming hacker industry. Google experts suspect that the attacks originated in China, which the Chinese government has dismissed as "groundless."

The spat has become highly politicized. Google said it was reviewing its operations in China and would relax self-censorship, under which it abided by the Chinese government's Web restrictions, even if this prompted a shutdown of its Internet search engine in China.

Now China's propaganda machine is doing all it can to show that the country is cracking down hard on cybercrime. Part of the campaign is this week's report by state media that the "biggest training Web site for hackers," called the Black Hawk Safety Net, had been closed.

The report, however, quickly turned out to be old news that was announced only in the wake of the Google dispute. The Web site was actually shut down in November. Meanwhile, similar Web sites continue to provide hacker training and spyware with impunity. One such site offers answers to the tantalizing question: "How do I break into the school's network Relevant Products/Services?"

The border between knowing how to make a computer system Relevant Products/Services secure Relevant Products/Services and using that knowledge to penetrate it is often blurred. Someone privy to a system's security vulnerabilities can easily hack into it himself.

Official Chinese media concede that there are large "grey zones." Hacker training in China is rampant and the trainers profess innocence. Driving instructors teach their students how to drive but cannot ensure that the students will later drive safely and not kill anyone in a traffic accident, they argue.

The trainers also make comparisons with kung fu, a Chinese art of self-defense. It can also be used in attacks, they point out.

There is no doubt that plenty of money can be made with Trojan software, not to mention other attacking programs and cybertools. Computer hacking is widespread in parts of Eastern Europe and Russia, as well as in China, home to the world's biggest online community of 380 million Internet users.

"There is a huge underground market, and major revenue comes from selling game accounts or virtual items stolen from hijacked computers," Zhang Yumu, vice-president of Beijing Rising International Software Co, a large Chinese computer security concern, told the English-language China Daily newspaper.

Along with hackers who hijack online gamers' computers are those who steal credit card numbers or bank data Relevant Products/Services, or who simply want to show off their expertise. They often offer their cyber skills to companies.

U.S. officials are convinced that hackers are employed by the Chinese government and military.

According to a recent study by a congressional advisory panel, the U.S.-China Economic and Security Review Commission: "A large body of both circumstantial and forensic evidence strongly indicates Chinese state involvement in such activities, whether through the direct actions of state entities or through the actions of third-party groups sponsored by the state."

The commission noted that some hackers' tracks led to the People's Liberation Army, China's armed forces.

By Andreas Landwehr

No comments: