Pinduoduo, a Chinese online group discounter, announced on January 20, that someone had exploited a loophole on its platform to steal tens of millions of yuan worth of discount vouchers during its New Year's promotion. Though the company immediately rectified the bug, it still resulted in a loss of 10 million yuan ($1.49 million), according to the company's risk control team.

Pinduoduo isn't the only high-profile company to have experienced such a breach. In October 2018, Ant Financial, an affiliate of Alibaba Group and the company behind Alipay, one of the leading mobile payment apps, reported that hackers filched money from accounts via stolen Apple IDs, with some losing up to $288. About a week later, Apple officially apologized for the hacking, saying in a statement that it found "a small number of our users' accounts" had been accessed via a phishing scam. Apple, which has long touted that its operating system as virus-free, can no longer claim immunity.

New-generation viruses

The prevalence of these underground activities has turned econnoisseur, a term describing consumers who insist on the highest quality at the lowest price, into a negative word referring to hackers who carry out fraudulent practices online. Activities such as telecommunications fraud, phishing scams, Trojan viruses, cyber extortion and others may directly violate national laws or walk on the edge of the law.

A report released by JD Finance in May 2018 estimated that the underground fraud chain was operating with over 100 billion yuan ($14.8 billion)—twice that of the domestic cybersecurity industry in 2017—with more than 1.6 million econnoisseurs.

On January 18, Tencent's Guardian Plan, an anti-fraud platform cooperating with China's law enforcement and financial regulators to fight cybercrimes, said that in 2018, 145 major cybercrime cases were uncovered, with more than 3,200 arrests and 11 billion yuan ($1.64 billion) involved.

The underground chain has recently expanded into cyber extortion, attracting even more gold diggers. Hackers use distributed denial of service attacks to bombard websites with traffic. The targeted sites, including webcast platforms, online games, cloud services, education, healthcare and financial enterprises, crash. The hackers then ask for money to get the websites back up and running.

Another cyberattack involves ransomware, which locks computers so that users can't access their files or programs, at which point hackers ask for payment to unlock the computers. At present, the most active ransomware in China are Cerber, Crysis and WannaCry and their variants. According to the 360 Threat Intelligence Center, it intercepted 183 types of ransomware and their variants in 2017, with more than 4.7 million computers attacked. Hackers target the wealthiest provinces, with Guangdong Province having the highest share at 14.9 percent, followed by Zhejiang at 8.2 percent and Jiangsu at 7.7 percent.

Pei Zhiyong, Director of the 360 Enterprise Security Research Institute, told Economic Information Daily that compared to selling personal information, hackers now use ransomware for cyber extortion since they can sometimes get nearly 100,000 yuan ($14,925) in payment from victims. Some ask for payment in the digital currency bitcoin to avoid being tracked or to camouflage money laundering. Pan Feng, who used to work for an Internet technology company in Beijing, bombarded the websites of three domestic exchanges in 2016, demanding more than 60 bitcoins which were then worth 200,000 yuan ($30,000). He was also involved in money laundering with an accomplice. On August 17, 2016, Pan was detained by the police and was sentenced to three years in prison for extortion.

Two traditional extortion rackets based on telecommunications and pornography-related fraud are also dishing up new schemes. In May 2018, Anhui Province uncovered a case that used a robocalling app to conduct continuously malicious calls with the purpose of harassing users for ransom. The app generated 28 million calls before it was shut down by the police.

Pornographic content is usually closely linked with telecom and online fraud cases. According to a report released by the Guardian Plan, among the four most notable fraud cases in 2017, two were sex-related. Sexual content primarily targets male online users. Data shows that over half of malicious Web addresses are porn sites, and approximately one third of smartphone viruses are infected via clicking on or browsing pornographic content online, which hackers use as bait for online scams to illegally acquire personal information, bank account details, social network usernames and passwords.

In recent years, people involved in the underground fraud chain are getting smarter and more savvy in their technological skills. Most of them target cloud services and mobile apps. The whole chain can be divided into the upper, middle and downstream sections. The upstream section develops basic technologies, such as verification codes and automation software, registering false and invalid accounts, and stealing other people's accounts. The middle stream collects promotion information from various sellers, while the downstream section is where fake accounts and malicious Trojan horses are used for online fraud, theft and phishing for profits.

Coping in alliance

Traditional security products, such as firewalls, intrusion detection and antivirus software, are incapable of solving the problem, said Wu Haisang, Vice President of Product at Zshield Inc., pointing out that companies need to get rid of the old idea that once bugs are fixed, their cybersecurity is guaranteed. Instead, in the era of cloud-based services, a new automatic and intelligent security system should be established based on an identity and access database. At the same time, new technologies such as big data analysis, artificial intelligence and machine learning should be applied to foresee fraudulent practices, control the situation and immediately rectify the bugs.

"Large companies may land on their feet from these fraudulent practices, but many startups that are eager to increase their registered users through marketing activities, may end up in bankruptcy due to the losses caused by econnoisseurs," Chen Zhuojian, a 360-ADLab security expert told China Securities Journal.

A lot of manpower and resources are needed to deal with these fraudulent practices. Even if a threat is predicted, the lack of data prevents the company from forming an effective coping strategy. In addition, the anti-fraud ability of companies varies due to their different sizes and technological skills.

As a response, on March 22, the Shanghai Information Security Trade Association, in collaboration with LinkSure Network, Ping An Technology and SF Express, established a threat data sharing alliance consisting of companies across many industries, including the Internet, finance and technology industries.

Ni Guangnan, an academician with the Chinese Academy of Engineering, said the advancement of the 5G network and the growing mobile broadband require ever better security protection, thus an alliance is very much needed to fight against cyberattacks.

"The alliance is an attempt to create a new security solution for the industry," said Gong Wei, Chief Security Officer of LinkSure Network, adding that it seeks to bring together companies from various industries in Shanghai to solve some online security problems.

The alliance will focus on sharing knowledge and information on cyberthreats and accumulate the best solutions to deal with these threats.

"Many business groups now have their own subsidiaries, forming relatively independent and closed security ecosystems," Gong said. The security industry should be more open and more communicative in its exploration of new security applications and innovation.

Many other companies such as Suning.com, Vipshop, Zhongtong Express and Lufax, the Internet financial arm of Ping An Insurance (Group) Co., have also joined the alliance.

In the future, the alliance will invite more companies to share cyberthreat intelligence, technology, knowledge and experience. Through online and offline communication and cooperation, it hopes to achieve complementary advantages and resource sharing in the information security field.

Copyedited by Rebeca Toledo

Comments to mamm@bjreview.com