e-magazine
The Hot Zone
China's newly announced air defense identification zone over the East China Sea aims to shore up national security
Current Issue
· Table of Contents
· Editor's Desk
· Previous Issues
· Subscribe to Mag
Subscribe Now >>
Expert's View
World
Nation
Business
Finance
Market Watch
Legal-Ease
North American Report
Forum
Government Documents
Expat's Eye
Health
Science/Technology
Lifestyle
Books
Movies
Backgrounders
Special
Photo Gallery
Blogs
Reader's Service
Learning with
'Beijing Review'
E-mail us
RSS Feeds
PDF Edition
Web-magazine
Reader's Letters
Make Beijing Review your homepage
Hot Links

cheap eyeglasses
Market Avenue
eBeijing
Nation
Nation
UPDATED: September 7, 2007 NO. 37 SEPTEMBER 13, 2007
Dark Side of the Net
Internet viruses and hacking are growing problems in China that institutions and the government are struggling to combat
By DING WENLEI
Share

Another incident that made the spotlight recently was that of a Chinese woman, naked photos of whom, kept in the encrypted online album of a foreign man, were stolen and widely posted on China's BBS network. Curiosity pushed some Internet users to dig out her education and employment information as well as that of the album owner. Facing a flood of reprints and comments, the unwitting victim had to call websites one by one, in an attempt to minimize the devastating effect on her life and career.

The Industry and Commerce Bank of China attempted to tackle the hacker problem in its online banking services on August 21, after 300 victims of bank account takeovers, who were users of the bank's services, had filed a lawsuit against its hesitation in addressing the problem. The victims had fallen prey to identity theft in the previous three years, with the money stolen from their accounts exceeding 2 million yuan. Denied help from the bank, the victims teamed up to fight their cause and established the website www.ak.cn.

An announcement on the bank's web- site said that in the view of their experts a majority of the takeovers were the result of users' ignorance in keeping their account passwords safe. The bank denied any vulnerability in its online banking system.

The bank adjusted its online transaction rules for individuals recently. Since September 1, users with only a password to log in are allowed a daily transaction amount of 300 yuan (the previous amount number was 5,000 yuan before). The bank also plans to promote other security measures including a USB Shield, a kind of digital signature tool that stores customer IDs and creates a digital signature for electronic transaction information submitted by customers.

Yet, hackers prefer the "gray business" of virtual property theft to online bank account theft as the latter could violate criminal law, said Liu Dengpan, an engineer with the Beijing R&D office of Fortinet, a U.S.-based Internet security solutions provider.

Lucrative business

"They usually form groups and have a clear division of duties," said Huang. "The industry chain enjoys low costs and high profits while the investigation and handling of such underhanded offenses are costly and time-consuming. That is why online security violations are rampant."

Hackers post advertisements online, which can be easily accessed through any search engine, asking 300 yuan for an email box attack, or 5,000 yuan for attacking 5,000 computers simultaneously. For a few hundred thousand or several million yuan, depending on the level of sophistication required, hackers offer to attack company websites and servers.

The lucrative business has attracted many tech-savvy young people who often work together in clearly delineated roles including Trojan Horse creator, virus spreader, online thief and money launderer.

"Money laundering is the most risky link," said Liu. "They seek the help of students or those without a stable income, who buy and sell virtual coins or transfer the illicit money into bank accounts they control, using fake ID cards of course."

Internet tech companies have done a lot to upgrade technologies and improve management in coordination with the government's judicial efforts, but malicious codes sprout, because "none of China's laws and regulations contains an explicit provision regarding identity theft," said Chen Yidan, Chief Administration Officer of Tencent, which operates an online game platform.

Professor Liu Deliang believes that without legal recognition of virtual property in civil or criminal law, there is no effective protection of online private information.

Legislation flaws?

"I know who they are [malicious program writers], and have fought with them many times," said Xu Jianzhuo, head of public information network security supervision under the Ministry of Public Security. "I want to arrest them, but without legislative support, I could be prosecuted in performing my judicial duties."

Li Changxi, a researcher with the policy and regulation section of the Ministry of Information Industry, has proposed that legislative efforts should focus on three aspects of Internet information security: malicious codes should be defined instead of measured; legislators should think over how to curb the writing and spreading of computer viruses, not just handle the aftermaths; and there should also be provisions on individual criminal liability in cases of Internet security violations.

Shen Muzhu, professor at the Nanjing Institute of Economics, thinks the features of the Internet should be taken into full consideration in Internet security-related legislation. For example, the boundlessness of cyberspace makes detecting, identifying and tracking down criminals difficult, and paperless digital data exchange and storage make it necessary to legislate on digital signature and payments.

"We have to address the problems technology brings to us with the help from civil law and administration law," said Li Xiao, from the Supreme Court of China, arguing that the problem of criminal law lies with the fact that it always lags behind new developments in technology. She disclosed that the Supreme Court would adopt a case instruction system and make reference to similar cases for lawsuits with no explicit legal support.

"Similar to handling spam, threats to Internet security legislation should be addressed by joint efforts between the legal circle, the industry and the government with a variety of measures based on law," concluded Li.

Beware of Account Hackers

Generally, hackers gain access to online bank accounts by two methods: one is phishing and spoofing, and the other is Trojan Horse programs and keyloggers.

Phishing refers to attempts to steal consumers' user names and passwords by imitating emails or websites from legitimate financial institutions. Secret malicious programs, like Trojan Horses and keyloggers, that steal passwords and account information, allow the attackers to remotely access and control your computers. Such programs can be installed on home computers through virus-laden emails, files downloaded through instant message services, or free software on websites. People who do their online banking at public computers are also at risk from this kind of password swiping.

"Malicious programs are more widespread than many realize," said Chen Rui, CTO of Kingsoft. "Of the two ways, Trojan Horse viruses are what hackers prefer today."

According to a report on the computer virus epidemic and Internet security filed by Kingsoft on July 4, 2007, the company caught 111,474 new virus samples in the first half of this year, a year-on-year increase of 23 percent, of which Trojan Horse viruses accounted for 68.71 percent, or 76,593. 

   Previous   1   2  



  
Top Story
The Hot Zone
-Protecting Ocean Rights
-Partners in Defense
-Fighting HIV+'s Stigma
-HIV: Privacy VS. Protection
-Setting the Tone
Most Popular
 
About BEIJINGREVIEW | About beijingreview.com | Rss Feeds | Contact us | Advertising | Subscribe & Service | Make Beijing Review your homepage
Copyright Beijing Review All right reserved