Monday, February 8, 2010

China Heralds Bust of Major Hacker Ring

The Wall Street Journal

SHANGHAI—China heralded a major bust of computer hackers to underscore its pledge to help enhance global online security, with state media saying officials had shut what they called the country's largest distributor of tools used in malicious Internet attacks.

Three people were arrested on suspicion of making hacking tools available online, the state-run Xinhua news agency said on Monday. Their business, known as Black Hawk Safety Net, operated through the now-shuttered Web site and generated around $1 million in income from its over 12,000 subscribers, the report said.

The arrests took place in late November as part of a police investigation that spanned three Chinese provinces and resulted in part from Black Hawk's role in domestic cyberattacks, according to Xinhua.

The delay in announcing the case wasn't explained. China in recent weeks has waged an aggressive public-relations campaign on the issue of hacking, apparently at least in part aimed at discrediting allegations from Google Inc. and others last month that China was the source of sophisticated cyberattacks against the Internet search giant and a number of other foreign companies. After U.S. Secretary of State Hillary Clinton also raised concerns about hacking from China, Chinese state media said her comments were hypocritical and said Google had become a pawn in an American "ideology war."

State-media reports described Black Hawk as offering hacking "training," which is a euphemism for selling malicious software. Xinhua said the site helped disseminate a computer virus in 2007 that wreaked havoc on private and government computers in the city of Macheng, in the central province of Hubei.

The Macheng prosecutor's office, in a statement, identified two men formally arrested in the case on Dec. 31 as 29-year-old Li Qiang and 28-year-old Zhang Lei. The statement said they were founders of Black Hawk Safety Net. The men couldn't be reached for comment. A man answering phones at an office of Black Hawk in the Henan province city of Xuchang said its servers had been shut down but that he couldn't elaborate.

Chinese hackers have described the Black Hawk operation, which also included the site, as important, but just among the many on the Internet. Increasingly, they say, programs designed to break into Internet-connected computers, known as hacking tools, are available on Chinese-language sites that are located outside the country.

China's closure of Black Hawk Safety Net reflects the use of a new clause in its criminal law that makes it illegal to offer others online attack programs. Xinhua said some 1.7 million yuan in assets, or about $249,000, were also seized, including cash, nine servers, five computers and a car.

Numerous reports have fingered Chinese sources as the suspects in various cyberattacks, including ones that targeted the offices of the Tibetan spiritual leader Dalai Lama and the German chancellor's office. Within China, various attacks over the years have involved theft of user accounts and whole Web site source code.

Determining the origin of Internet attacks is difficult, however. While Google alleged that the hacking attempts it faced originated China, for instance, outside experts briefed on the attacks say they were actually traced to servers in Taiwan, which some experts say Chinese hackers could have used as a cover.

Some reports say that China hosts far less malicious software on its servers than is held on U.S. systems and is less of a spy threat than the U.S. Other experts point out China is a less-than-ideal location to launch overseas attacks because the Internet's international links are slowed by limited bandwidth and heavy content filtering.

China has described itself as the largest global victim of Internet hackers. According to a report released by the National Computer Network Emergency Response Coordination Center of China, Xinhua said, the hacker industry in China caused losses of 7.6 billion yuan ($1.11 billion) in 2009.