Inside the world of Chinese hackers

Yet another Chinese hack attack was revealed this week, this one targeting a classified database of high-level U.S. surveillance targets that lived on a compromised Google server. As the Washington Post reported, Microsoft director David W. Aucsmith exposed these details about rival company Google’s 2010 breach at a recent security conference:

“What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on…If you think about this, this is brilliant counterintelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way.”

Wow. Privacy advocates have long warned that the trouble with companies hosting sensitive data on us lies in the possibility of our government demanding it from them. Whoever dreamed that we also need to fear foreign governments swiping information our own government collects on us from third party companies?  The mind boggles.

So who are these ingenious Chinese hackers we keep hearing about? Are they military spies? Teenage trolls? Criminal fraudsters? The answer is all of the above. A subsequent feature from the New York Times (itself a victim of Chinese hackers) provides a fascinating glimpse into Chinese hacking culture, a lucrative and growing partnership between the public and private sectors that operates, largely, in broad daylight.

Police department reps visit booths at a security trade show, where spyware merchants hawk services that, they claim, can trace any Internet rumour to an individual, whose whereabouts and cell phone communications can then be obtained. Young hackers with widely varying levels of technological ability build freelance careers that take them from bedroom-based petty fraud to government spying contracts to high-paid private sector corporate espionage. Salaries can balloon to up to $100,000 a year, a fortune in mainland China.

We rarely hear of police crackdowns on hackers within China, except in cases of political dissidence or internal fraud. Chinese law enforcement agencies, which overtly employs these tools in their “Great Firewall” censorship and surveillance regime, seem uninterested in using them to root out apolitical fraud, especially when targets are abroad. Meanwhile, Chinese embassy spokesmen pay lip service to China’s supposed prohibition on cyber crime, while in the same breath denying that it even happens. “We’ve heard all kinds of allegations,” Yuan Gao told the Post, “but have not seen any hard evidence or proof.”

Ultimately, in an economy wildly propelled by a now-slowing manufacturing sector, computer crime may not be considered a problem at all. It may be considered the future–a transition to the knowledge economy.  Whereas lax manufacturing standards gave China an edge in the world of atoms, official indifference (even encouragement) towards destructive and invasive behaviour online may also prove to be a competitive advantage in the digital marketplace. According to one anonymous hacker quoted by the Times, anti-hacking ethics are a luxury few can afford.