|
 As Chinese companies grapple with a sharp increase in the number of
cyber attacks, many hackers are finding it increasingly lucrative to
go above board and join the country's nascent cyber security
industry.
Zhang Tianqi, a 23-year old Beijinger, cut his chops in high school
trying to infiltrate foreign websites, skirting domestic law by
probing for vulnerabilities on overseas gaming networks.
Now, after a stint working at internet bluechip Alibaba Group
Holding Ltd, he is the chief technology officer of a Shanghai-based
cyber security firm which owns Vulbox.com, a site offering rewards
for vulnerability discoveries, and internet security media site
FreeBuf.com.
"I'd been messing around in the field in my early years, but luckily
it just so happens now that there's this trend of China taking
information security very seriously," Zhang said on June 18, from
his office in a high-tech development in eastern Shanghai.
China's President Xi Jinping has made cyber security a national
priority as the country starts to feel the impact of rapid economic
growth occurring without a corresponding development in data
protection.
In May, China's National Computer Network Emergency Response
Technical Team, a non-profit agency, said it had recorded 9,068
instances of data leaks in 2014, three times as many as in 2013,
reflecting the "grim challenges" of Chinese cyber security,
according to the official Xinhua news agency.
To try and tackle this, dozens of cyber security companies are now
cropping up across China according to industry observers, populated
by young techies with bona fide security skills and work experience
at firms like Alibaba, Tencent Holdings Ltd and Baidu Inc.
China is hoping that eventually domestic cyber security groups will
provide most of its companies with defenses against hacking, rather
than them relying on foreign firms like Symantec, Kaspersky and EMC
Corp's RSA.
The gradual professionalism of China's bedroom hackers traces the
country's rise as an economic and technological force, and its
sometimes conflicted position in the escalating global data security
arms race.
The U.S. government has attributed sophisticated attacks - including
the large-scale data theft this month from the Office of Personnel
Management (OPM) - to increasingly advanced state-affiliated teams
from China.
But former hackers say the majority of their peers are joining a
burgeoning industry to help China firms fend off the numerous
attacks they face themselves.
China has denied any connection with the OPM attack and little is
known about the identities of those involved in it.
The Cyberspace Administration of China told Reuters in a June 19 fax
that it opposes "any form of network attack" and does "not allow any
groups or individuals to engage in network-attacking activities"
within its borders.
CRACKDOWN
The cyber security industry's growth was partly spurred by a
government crackdown on China's hacking community five years ago -
around the same time Beijing passed a series of laws banning hacking
and spamming tools and requiring telecom operators to help suppress
attacks.
[to top of second column] |
Government sweeps largely silenced once-raucous online forums like
kanxue.com, where hackers traded tips and boasted about their
conquests.
Many chose to shift from "black hat" activities to "white hat" ones,
using their skills to find network vulnerabilities so that they can
be fixed.
"Many people feel that now white hats have some space to do things,
or make money, while hackers can't do bad things anymore," said one
hacker who asked not to be identified because of his former work
with the government.
Aside from companies like Alibaba, Tencent and Baidu beefing up
their defenses, China's government has also been working to ramp up
the data security of the country as a whole.
Agencies including the Cyberspace Administration of China have led
educational efforts around promoting data security.
Still, many "white hats" say Chinese companies continue not to take
the matter of information security seriously enough, neglecting to
hire enough people in-house to protect themselves.
"I hope we can give people a wake-up call," said the former
government hacker.
Even with the current progress, it's likely to be a long and
laborious effort, with China saying it is often the target of
sophisticated attacks from overseas.
Last month, Chinese security company Qihoo 360 Technology Co Ltd
issued a report saying it had discovered a series of
cyber-intrusions against important Chinese targets that lasted for
years. These include a government maritime agency, research
institutions and shipping companies.
Zhang says that while the finger is often pointed at China for
hacking attacks, the country is still playing catch up with the
United States on both the cyber security, and cyber espionage
fronts.
"When China's measured up against the American giants, the level of
their hacks, their data security, the scale and the harm they can do
is all much greater."
(Additional reporting by Ben Blanchard, and Jeremy Wagstaff in
Singapore; Editing by Rachel Armstrong)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
