China cracks down on insider cyber hacking

China cracks down on insider cyber hacking

Four hackers sentenced for larceny, but foreign sites remain targets

An internal crackdown on hacking activities in China has prompted speculation that the country may finally be tackling its cyber criminals.

But political organisations are claiming to have received attacks on their networks from within China, raising questions over whether the state is encouraging certain hacking actions while prosecuting others.

Four Chinese cyber criminals were sentenced last week to between six and eight years each for grand larceny, after stealing more than 100,000 yuan (£7,165) from internet bank accounts, according to the Chinese media.

Representative Chen Wanzhi of the National People’s Congress called for greater state control over the hacker economy.

“Our country has already formed a division of labour in the underground internet industrial chain,” he said. “Some medium- and small-sized firms have even had to pay protection money to insure their e-commerce.”

The production of malware – ­ illegal internet programs ­ – is a big problem in China. Statistics from the Chinese Computer Emergency Response Team show that the country was hit by 21 times more Trojan viruses in the first half of 2007 than in all of 2006.

And security vendor Sophos says more than half the world’s malware is hosted on web sites in China.

The crackdown is legitimate and not just for show, according to Gartner analyst Peter Firstbrook.

“China wants to stop people stealing money from its own banks, and is harsh on those who hack within China,” he said. “But it is more lenient on those who attack externally.”

Politically motivated external attacks have been rife in the past few weeks.

Members of the Save Darfur coalition told the Washington Post last week that their server had been attacked by hackers traced to computers in China.

And several pro-Tibet groups reported receiving email viruses ­ although IP addresses have yet to be traced.

Last summer also saw allegations of cyber espionage attacks on Whitehall departments, as well as a warning to UK businesses from MI5 that Chinese hackers were looking to infiltrate their networks.

The US is particularly concerned about Chinese cyber espionage. At the end of 2007, attacks on the Pentagon from China were stepped up in sophistication and frequency.

An internal crackdown on hacking in China is compatible legally with allowing external cyber attacks to continue, according to Chenxi Wang, principal analyst at Forrester Research.

“There is no well-defined law on digital activities and no consistent approach towards criminal activities online,” she said. “The government can do whatever it wants in each situation.”

Not only might the state fail to prosecute those hacking externally, some reports claim it actively encourages the activity.

A report in Newsweek two years ago featured an interview with a Chinese hacker who said officials encouraged him to hack foreign government systems.

But political hackers will support the state without encouragement, according to Scott Henderson, author of a book on political hacking in China.

“There is a confederation of patriotic youth dedicated to defending China against what it perceives as threats to national pride,” he said.