China's Cyber-Crime Problem: Sinned Against and Sinning

China may currently be considered one of the greatest threats to world peace, but what of cybercrime within the country?

Reading the IT press over the past few months you could be forgiven for thinking that China represents the greatest threat to world peace since the fall of Communist Russia. A ruthlessly efficient authoritarian regime controlling an army of cyber operatives tasked with infiltrating and disrupting target networks across the globe and pilfering priceless state secrets and IP. While some of this stuff does go on, the truth is that the country’s domestic cyber-crime problems are as bad, if not worse, than the state-sanctioned attack campaigns which make the headlines.

High-profile reports such as that from information security firm Mandiant, which tied the activities of prolific hacking group Comment Crew to a unit of the People’s Liberation Army, and big stories from the New York Times and others revealing that they were hacked by such groups, have certainly focused the minds of lawmakers in the West. The Pentagon’s annual report to Congress on China has the following pretty unequivocal summary:

In 2012, numerous computer systems around the world, including those owned by the US government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military.

Most recently, a confidential Pentagon report revealed Chinese hackers had nabbed classified IP on Patriot missiles fighter jets, Black Hawk choppers and combat ships. In addition, Verizon wrote in its annual Data Breach Investigations Report 2012 last month that some 96% of the state-sponsored attacks it spotted in 2012 could be traced back to China.

Aside from the fact that attribution of these attacks can be extremely difficult – attackers using compromised machines as C&C servers all over the world can be almost impossible to trace – to focus on these alone would be only to get half of the picture.  

An academic report issued at the end of 2012 revealed just a snapshot of China’s domestic problems. It claimed that in 2011 the online underground in the PRC involved over 90,000 participants, costing the economy 5.36 billion yuan (874m USD), making victims of 110m internet users (roughly 22%) and affecting 1m web sites (20%). More recently, a report by the People's Public Security University of China found that 700,000 web users are victims of cyber-crime every day.

So what’s going on? Can’t the well-oiled state apparatus that seems to have been so efficiently targeting foreign networks for the past few years not stamp out this organised crime, which is eating the profits of state-owned as well as private enterprises? The answer, bluntly, is no.

Two recent news reports have shown just how endemic hacking is in Chinese corporate culture and society. “From 2007, the use of Trojans to control computers, steal information and commercial secrets has taken off,” CNCERT’s deputy chief engineer Du Yuejin told the FT.

The celebrated case of industrial machinery firm Sany, which was revealed last year to have hired hackers to spy on rival Zoomlion, is just the tip of the iceberg.

It doesn’t help that the government is effectively legitimising cyber-crime by using the same talent pool of hackers to monitor dissidents and target foreign states and corporations.

“I have personally provided services to the People’s Liberation Army, the Ministry of Public Security and the Ministry of State Security,” former hacker V8 Brother told The New York Times recently. Security researchers here in Hong Kong have confirmed the same to me and argued that the government and police response to cybercrime in China is largely ineffective and uncoordinated.

 Another kind of nefarious online activity that’s popular in modern corporate China as well as with local government officials involves a kind of covert reputation management. Various “consultancies” have sprung up which claim to be able to delete negative user-generated comments for their clients and post positive stuff online instead. Periodically insiders working at some of the biggest web platform providers are sacked or handed to the police for their part in such schemes. Think of it as a kind of black market PR. It happened most recently in August 2012 when three employees at Baidu were fired for taking bribes in order to delete posts on the firm’s Tieba platform, with the search giant claiming at the time that illegal post deletion is a “major problem for the Chinese internet”.

Another problem is that traditional online crime is usually lumped in with pornography, gambling and “social harm”, the catch-all term for activities actually deemed harmful to the hegemony of the Communist Party. For that reason it’s difficult to get a true idea of how effective the police response to cyber-crime is. Periodical “web crack-downs” are used more often, it seems, to justify the arrest of democracy and human rights activists than catch organised criminal gangs.

I’m pretty sure the situation won’t stay this bad forever – the sheer size of the underground economy in China will eventually lead to concerted action. However, the authorities have a unique and ambiguous relationship with the darknet which will only further delay any positive efforts to police the Wild East Chinese internet better.


John Anderson has been writing about technology and all things Asia for over a decade. From his perch in the Far East he keeps a keen eye on the global significance of emerging trends in the region.