SKILLFUL HACKERS: Hackers show their techniques at the 27th Chaos Communication Congress, an annual computer security conference, in Berlin, Germany, on December 28, 2010 (CFP)
Shi Xiaohong, Vice President of Qihoo 360, a leading Chinese network security solutions provider, said that Internet security is becoming a serious issue.
"The motive for hackers to create 'phishing' websites, or malicious software, is largely financial. Typically they want people's bank account information so they can access funds. Sometimes hackers want to profit by selling private information," Shi said.
Zhang Zhaozhong, a military expert with the National Defense University, said that China's vulnerability to cyberattacks is not just an opportunity for criminals but a potential threat to national security.
According to Zhang, China depends heavily on foreign technology and infrastructure for its basic military, commercial, and transportation needs. Internet security experts warn that a foreign adversary could exploit this dependence either by building backdoor attack routes into software and hardware before it is transported to China, or by denying Chinese institutions' access to critical global infrastructure.
For example, the world's 13 root name servers—critical components of world's Internet infrastructure—all lie outside of Chinese territory, making the country dependent on foreign infrastructure for its Web usage.
"The number of root-servers in China is zero, which means the country is very vulnerable to cyberattacks," Zhang said.
The CNCERT/CC's report is, in part, a response to accusations from the Western world.
In early August, McAfee, a U.S. cyberspace security company, released a report based on its investigations into targeted infiltrations of the computer systems of more than 70 global companies, governments, enterprises and non-profit organizations over the last five years.
The report stated that a "state actor" was behind the attacks but did not provide further details.
Some Western media outlets immediately jumped to the conclusion that the hacks were a unified attack from a single source and quickly pointed the finger of blame at China. McAfee's comment had previously implied that China was behind a concerted effort to hack into the servers of the International Olympic Committee and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics.
But Chinese experts have insisted that the origin of major online attacks is difficult to trace.
"Hackers usually launch attacks by controlling other computers, making it very difficult to locate the source of attacks," said Wen Weiping, an associate professor at the Department of Information Security of Peking University.
Overseas hackers, for example, could first attack a computer in China and then use the Chinese computer to attack computers in other countries, making their victims believe they were being attacked from China.
"Since hackers are dispersed throughout the world, it is necessary for the international community to cooperate to deal with the issue," said Teng Jianqun, a researcher for computer security with the China Institute of International Studies.
According to the CNCERT/CC's report, China has stepped up its efforts to combat cyberattacks.
In 2010, the Ministry of Public Security embarked on a special operation to hunt for hackers who organize attacks and distribute phishing and other malicious software.
During the operation, 180 hacking cases were uncovered and nearly 500 suspects were detained.
China is actively seeking to cooperate with other countries as cross-border cyber-attacks are a rapidly growing problem.
In May 2010, China and the Republic of Korea (ROK) joined hands to stop ROK-based hackers targeting a Chinese mobile phone ring-tone website.
Four months later, the CNCERT/CC took part in an annual emergency response drill on cybersecurity, which was also attended by Community Emergency Response Teams (CERT) organizations from nine other countries including Japan, India and Thailand.
In March of the same year, China and the United States initiated a mechanism of dialogue on Internet security, to enhance cooperation on blocking spam and combating cyberattacks.
China is also a regular participant in the Internet safety emergency drills of the Association of Southeast Asian Nations and it has signed online security and cooperation pacts with a number or Asian countries.
"We hope other countries will hear China's voice, and understand that China is making an effort to make the Internet a safer place for all its users," said Tang Lan, Deputy Director of the Institute of Information and Social Development Studies of the China Institutes of Contemporary International Relations.
In response to the increased number of cyberattacks, the CNCERT/CC's report urged local regulators to step up their efforts to police the Internet and deter hackers by imposing stricter penalties.
On August 29, China's Supreme People's Court (SPC) and Supreme People's Procuratorate (SPP) jointly issued a judicial interpretation that aims to fight hacking and other Internet crimes more aggressively.
The interpretation defined a number of relevant terms, and clarified the criteria for imposing penalties in cases where data has been obtained illegally.
According to the ruling, which came into force on September 1, hackers who break into 20 or more computers will face jail terms of up to seven years.
Another prominent aspect of the interpretation is that those who knowingly purchase or sell illegally obtained data or network control will also be subject to criminal penalties.
"Online crime has become increasingly unrestrained, with large online transaction platforms being targeted. Penalizing these violators will help sever the profit chain of hacking and other related crimes," said a statement jointly released by the SPC and SPP.
"The latest interpretation also applies to Chinese hackers who steal information from foreign computers," said Zhou Guangquan, a professor in criminal law at Tsinghua University.
"The interpretation will be an effective way to prevent people from hacking computers," he said.