A rare glimpse inside the Chinese cybercrime underground

How much impact does the Chinese hacking community have on Western firms?

China has long been judged to have one of the most prolific, best funded hacking apparatus of any nation bar the US and Russia. Its PLA military units and shadowy Ministry of State Security (MSS) have engaged in countless cyber-espionage operations over the past decade, stealing IP, trade and state secrets designed to give the country an economic and geopolitical advantage. But less is known about the country’s cybercrime underground. A new report has some interesting findings.

While the impact of Chinese cyber-criminals on Western firms may currently be relatively low, it’s still estimated to number millions of attacks per year. In the future, experts don’t rule out the possibility of closer co-operation between the state and third-party hackers, which will be even worse news for Western CISOs.


Inside the Great Firewall

The IntSight’s Dark Side of Asia report provides a snapshot of cybercrime activity across the region, but its largest section is devoted to China. There are some surprises. Chinese cybercrime activity is remarkably resilient. In spite of the fact that Tor is banned, VPNs are heavily restricted, WeChat conversations can be accessed by the authorities, crypto-currency is banned and the government has a tight control over what people say and do online, criminal activity is still thriving.

Why? Sheer weight of numbers, according to report author Itay Kozuck, who has claimed that there are hundreds of thousands of illegal sites operating in the country. “We don't have exact numbers but I can say for sure that Chinese threat actors usually operate more in the clear web, just because it’s far easier for them, because the Chinese government puts restrictions on access to the dark web,” he tells me.

Popular social platforms like QQ, Baidy Tieba, Baidu Zhidao and even WeChat are used to communicate and advertise all the usual spoils of cybercrime: DDoS tools, hacker-for-hire services, malware, drugs, forged documents, stolen data and more. Code words and jargon are often used to disguise this activity from China’s fearsome censorship apparatus, the report claims. Chinese cyber-criminals also populate Russian and Western hacking forums to buy tools and information and sometimes to sell their wares, but this is rare, Kovuch tells me.

To continue reading this article register now