Inside the world of Chinese hackers

Jesse Brown on the latest attack, and its origins



Yet another Chinese hack attack was revealed this week, this one targeting a classified database of high-level U.S. surveillance targets that lived on a compromised Google server. As the Washington Post reported, Microsoft director David W. Aucsmith exposed these details about rival company Google’s 2010 breach at a recent security conference:

“What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on…If you think about this, this is brilliant counterintelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way.”

Wow. Privacy advocates have long warned that the trouble with companies hosting sensitive data on us lies in the possibility of our government demanding it from them. Whoever dreamed that we also need to fear foreign governments swiping information our own government collects on us from third party companies?  The mind boggles.

So who are these ingenious Chinese hackers we keep hearing about? Are they military spies? Teenage trolls? Criminal fraudsters? The answer is all of the above. A subsequent feature from the New York Times (itself a victim of Chinese hackers) provides a fascinating glimpse into Chinese hacking culture, a lucrative and growing partnership between the public and private sectors that operates, largely, in broad daylight.

Police department reps visit booths at a security trade show, where spyware merchants hawk services that, they claim, can trace any Internet rumour to an individual, whose whereabouts and cell phone communications can then be obtained. Young hackers with widely varying levels of technological ability build freelance careers that take them from bedroom-based petty fraud to government spying contracts to high-paid private sector corporate espionage. Salaries can balloon to up to $100,000 a year, a fortune in mainland China.

We rarely hear of police crackdowns on hackers within China, except in cases of political dissidence or internal fraud. Chinese law enforcement agencies, which overtly employs these tools in their “Great Firewall” censorship and surveillance regime, seem uninterested in using them to root out apolitical fraud, especially when targets are abroad. Meanwhile, Chinese embassy spokesmen pay lip service to China’s supposed prohibition on cyber crime, while in the same breath denying that it even happens. “We’ve heard all kinds of allegations,” Yuan Gao told the Post, “but have not seen any hard evidence or proof.”

Ultimately, in an economy wildly propelled by a now-slowing manufacturing sector, computer crime may not be considered a problem at all. It may be considered the future–a transition to the knowledge economy.  Whereas lax manufacturing standards gave China an edge in the world of atoms, official indifference (even encouragement) towards destructive and invasive behaviour online may also prove to be a competitive advantage in the digital marketplace. According to one anonymous hacker quoted by the Times, anti-hacking ethics are a luxury few can afford.

Follow Jesse on Twitter @JesseBrown

Filed under:

Inside the world of Chinese hackers

  1. nice article. considering that the government of china ultimately owns all software companies under their regime, i suspect it would not be wise for companies with proprietary secrets to use software developed from there. china has many popular software products (several popular antimalware, system tuneup/registry cleaners, etc). one company was found to be illegally using malwarebytes antimalware signatures. this software has complete freedom to roam your system and is can pass your firewall unfettered. it frequently accesses the internet to update etc. and would make a perfect snooping tool (trojan). its likely to be found on some personal computers of nasa or military employees. something to think about.

  2. Chinese hackers. Russian hackers. European hackers. English hackers. French hackers. Middle Eastern hackers. Indian hackers. Indonesian hackers. American hackers. Take your pick. They’re all trying to find the motherlode of all hacks. The laws, such as they are, don’t do enough to address the problem.

    • There are no legal solutions…..only technical ones.

  3. The big brothers are everywhere. I don’t bother.

Sign in to comment.