By YIN PUMIN

Virtual Wars

By YIN PUMIN

China must join hands with other countries to fight cyberattacks

Users of the China’s most popular Internet search engine, Baidu, found the website inaccessible on the morning of January 12, 2010. The company later confirmed its website had been paralyzed by a cyber-attack. “The reason why Chinese users could not log on to the website was that our domain name server in the United States was illegally attacked,” it said in a statement.

It’s the second time the search engine has crashed as a result of an attack since its launch in 2000.Its servers were also attacked in December 2006.

In terms of suffering disruption as a result of hacking, Baidu is not unique among Chinese websites. In fact China has become one of the world’s biggest victims of cybercrime.

Last year, the country was hit by nearly half a million cyberattacks, half of which appeared to have originated from foreign countries, including the United States and India, according to a report issued by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC),the country’s primary computer security monitoring network, on August 9.

China has the world’s largest population of Internet users, topping 485 million as of June this year, according to statistics from the China Internet Network Information Center (CNNIC).The number is increasing at a rate of over 10 percent annually.

“However, Internet security in China is facing serious threats as various cyberviruses and worms continuously manifest themselves within China’s cyberspace,” said Zhou Yonglin,Director of the CNCERT/CC’s Operations and Management Department.

Moreover, the lack of awareness about cyberattacks and necessary protection measures among the vast majority of Chinese Internet users is believed to make China more vulnerable to cyberattacks.

A vulnerable nation

With the number of Chinese netizens soaring in recent years, China has become a prime target for hackers around the world.According to the CNCERT/CC’s report,China suffered 493,000 cyberattacks last year, 14.7 percent of which came from Internet Protocol (IP) addresses located in the United States, and another 8 percent from addresses located in India.

Most of the attacks came in the form of malicious “Trojan” software used by hackers to gain access to target computers.

In many cases, the in fi ltration was initiated by an e-mail that triggered the download of malware; programs that allow hackers a backdoor communication channel to personal computers.

Meanwhile, the CNCERT/CC also detected 13,782 IP addresses with botnet, or corpse, viruses in 2010, of which 47 percent were receiving instructions from foreign countries, with the United States, India and Turkey being the top three countries of origin, according to the report.

However, due to the openness of the Internet, it is dif fi cult to truly determine where the attacks are coming from, Zhou said.

“We cannot say for certain that the hackers were located abroad simply because their IP addresses were located in other countries,” he said, adding that by the same token,CNCERT/CC couldn’t say with certainty that hackers are based in China simply on the basis of IP addresses.

For example, hackers can implant control programs on computers outside their countries of origin using e-mails.

The CNCERT/CC report said that 4,635 Chinese government websites were tampered with by hackers last year, up 67.6 percent from a year earlier. It added that 60 percent of the websites of ministry-level government departments are at risk of being hacked.

In 2010, nearly 35,000 websites based in China were targeted by hackers.

“Many government websites were set up very quickly, and there are certain security risks that have been neglected because of poor management and design,” Zhou said, adding that some hackers simply try to penetrate government websites to show off their skills.

“Hackers usually attack government websites for one of two reasons,” he said.“Often their goal is to turn the homepage of government websites into that of their hacking group in order to draw attention to their existence and demonstrate what they are capable of. Sometimes, however,hackers hide their own pages on government websites in order to demonstrate that they have access to government servers, they then offer to sell the information on these servers to criminals.”

The CNCERT/CC report also said hacking that tampers with Web pages is often politically or religiously motivated. Some government agencies’ websites are often targeted by IP addresses that originate from Turkey, with hackers displaying texts and pictures intended for political and religious campaigns, it said.

The CNCERT/CC urged all Chinese government websites to boost their firewall systems and employ more qualified Web administrators.

Hackers love government websites because they are more vulnerable than commercial websites. This does not mean commercial websites are safe. Infiltration into the computer systems of Chinese companies in industries such as technology,finance, energy and transport is also on the increase, according to the report.

Domestic attacks, for example, mainly targeted fi nancial institutions and online payment platforms. In these cases hackers hope to trick users into giving up their log-in credentials.

Shi Xiaohong, Vice President of Qihoo 360, a leading Chinese network security solutions provider, said that Internet security is becoming a serious issue.

“The motive for hackers to create ‘phishing’ websites, or malicious software, is largely financial. Typically they want people’s bank account information so they can access funds.Sometimes hackers want to profit by selling private information,” Shi said.

Zhang Zhaozhong, a military expert with the National Defense University, said that China’s vulnerability to cyberattacks is not just an opportunity for criminals but a potential threat to national security.

According to Zhang, China depends heavily on foreign technology and infrastructure for its basic military, commercial, and transportation needs. Internet security experts warn that a foreign adversary could exploit this dependence either by building backdoor attack routes into software and hardware before it is transported to China, or by denying Chinese institutions’ access to critical global infrastructure.

For example, the world’s 13 root name servers—critical components of world’s Internet infrastructure—all lie outside of Chinese territory, making the country dependent on foreign infrastructure for its Web usage.

“The number of root-servers in China is zero, which means the country is very vulnerable to cyberattacks,” Zhang said.

International cooperation

The CNCERT/CC’s report is, in part, a response to accusations from the Western world.

In early August, McAfee, a U.S. cyberspace security company, released a report based on its investigations into targeted in fi ltrations of the computer systems of more than 70 global companies, governments, enterprises and nonpro fi t organizations over the last fi ve years.

The report stated that a “state actor” was behind the attacks but did not provide further details.

Some Western media outlets immediately jumped to the conclusion that the hacks were a uni fi ed attack from a single source and quickly pointed the fi nger of blame at China. McAfee’s comment had previously implied that China was behind a concerted effort to hack into the servers of the International Olympic Committee and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics.

But Chinese experts have insisted that the origin of major online attacks is dif fi cult to trace.

“Hackers usually launch attacks by controlling other computers, making it very difficult to locate the source of attacks,”said Wen Weiping, an associate professor at the Department of Information Security of Peking University.

Overseas hackers, for example, could fi rst attack a computer in China and then use the Chinese computer to attack computers in other countries, making their victims believe they were being attacked from China.

“Since hackers are dispersed throughout the world, it is necessary for the international community to cooperate to deal with the issue,” said Teng Jianqun, a researcher for computer security with the China Institute of International Studies.

According to the CNCERT/CC’s report,China has stepped up its efforts to combat cyberattacks.

In 2010, the Ministry of Public Security embarked on a special operation to hunt for hackers who organize attacks and distribute phishing and other malicious software.

During the operation, 180 hacking cases were uncovered and nearly 500 suspects were detained.

China is actively seeking to cooperate with other countries as cross-border cyberattacks are a rapidly growing problem.

In May 2010, China and the Republic of Korea (ROK) joined hands to stop ROK-based hackers targeting a Chinese mobile phone ring-tone website.

SKILLFUL HACKERS: Hackers show their techniques at the 27th Chaos Communication Congress, an annual computer security conference, in Berlin, Germany, on December 28, 2010

Four months later, the CNCERT/CC took part in an annual emergency response drill on cybersecurity, which was also attended by Community Emergency Response Teams(CERT) organizations from nine other countries including Japan, India and Thailand.

In March of the same year, China and the United States initiated a mechanism of dialogue on Internet security, to enhance cooperation on blocking spam and combating cyberattacks.

China is also a regular participant in the Internet safety emergency drills of the Association of Southeast Asian Nations and it has signed online security and cooperation pacts with a number or Asian countries.

“We hope other countries will hear China’s voice, and understand that China is making an effort to make the Internet a safer place for all its users,” said Tang Lan, Deputy Director of the Institute of Information and Social Development Studies of the China Institutes of Contemporary International Relations.

Legal measures

In response to the increased number of cyberattacks, the CNCERT/CC’s report urged local regulators to step up their efforts to police the Internet and deter hackers by imposing stricter penalties.

On August 29, China’s Supreme People’s Court (SPC) and Supreme People’s Procuratorate (SPP) jointly issued a judicial interpretation that aims to fi ght hacking and other Internet crimes more aggressively.

The interpretation defined a number of relevant terms, and clarified the criteria for imposing penalties in cases where data has been obtained illegally.

According to the ruling, which came into force on September 1, hackers who break into 20 or more computers will face jail terms of up to seven years.

Another prominent aspect of the interpretation is that those who knowingly purchase or sell illegally obtained data or network control will also be subject to criminal penalties.

“Online crime has become increasingly unrestrained, with large online transaction platforms being targeted. Penalizing these violators will help sever the pro fi t chain of hacking and other related crimes,” said a statement jointly released by the SPC and SPP.

“The latest interpretation also applies to Chinese hackers who steal information from foreign computers,” said Zhou Guangquan,a professor in criminal law at Tsinghua University.

“The interpretation will be an effective way to prevent people from hacking computers,” he said.