In China’s cyber waters thrive unsuspected predators
No doubt, it’s a good catch. Beijing’s police scored a rare victory against organized cybercrime by arresting Zhao, an identity trafficker, earlier this week. On the face of it, their find tells us nothing new: identity theft has been around in China for years. But the scale of the fraud rings a massive alarm bell.
On september 14th the police received a report stating that an unnamed office, based in South Beijing, was offering stollen identities by the bulk. The company had high profile executives and officials on the menu, it was said, and even offered discounts and goodies for large orders. A week of investigation led to the headquarters of Doug, a bogus consulting firm, where the authorities found evidence of the traffic - hardrives containing millions of gaming ID and bank details.
The founder had designed a simple software capable of stealing and storing personal details on industrial scale, and established Doug as a cover-up for his operations. Buoyed by his early success, he then developed Doug’s in-house customer database, marketing department, distribution network, and after-sales service. And two years on, Mr Zhao had started to channel the flowing cash in a new, luxurious life-style - best represented by his brand new Buick limousine.
The story is a powerful reminder that hundreds of thousands of young Chinese have now acquired basic hacking skills - such as phishing (fake emails designed to steal identity) and designing trojan horses (malicious softwares concealed in computer systems). They are now willing to leverage their talents to make easy money. But it also shows that, beyond democratizing hacking knowledge, the phenomenon has allowed a highly specialized industry to develop - with its suppliers, integrators, traders and service providers. Just like in any other sector of the Chinese economy, a well-defined value chain is shaping up.
For now the hackers’ targets are relatively small, and remain mostly domestic. And there’s probably plenty more to grab there before they turn to corporations or international markets. But China is ill equipped to fight such threats, and as the industry keeps on consolidating hackers may start to hunt for bigger prizes. Even worse, the possibility that Beijing will end up tapping into these networks to carry out proper cyber warfare - attacks against foreign individuals and institutions - can’t be excluded.
China claims that its biggest concern is cybercrime. It has a point, given the thousands of potential Zhao lying around. The West remains focused on government-sponsored Internet hacking. Which is also understandable, given the politically tainted attacks it has recently suffered. Whoever wins the argument, one thing is sure - there’s plenty of phish in the sea.