The Chinese hacking community operates by-and-large out in the open, using code words to avoid government scrutiny and benefitting from state support when attacks are aimed outside the country, according to a new report.
While most news analysis of Chinese cyber-attacks focuses on state-sponsored campaigns, there is in fact a thriving and fast-maturing domestic cybercrime underground, according to IntSights’ Dark Side of Asia report.
On the one hand these players are restricted in that the Tor browser is blocked by the Great Firewall, cryptocurrency is banned, VPN use is severely restricted and the authorities can access WeChat communications.
However, where money is involved there will always be a way. IntSights claimed that “clear net” websites are seen as the best way to reach large numbers of customers, with hackers using special code words to avoid scrutiny.
Popular social networks like QQ, WeChat, Baidu Tieba and Baidu Zhidao are used to communicate and advertise everything from DDoS tools and stolen data to forged documents, malware and hacking-as-a-service, the firm said.
“The government does attempt to fight against Chinese cyber-criminals, for example shutting down their websites and making arrests when they can, but due to the sheer number of websites and users in China, even the monitoring and censoring activity being done by the government cannot stop all cyber-criminal activity on the Chinese web,” it claimed.
“While there are tens of thousands of dark websites in Russian and English, the number of Chinese websites is rather small. Moreover, some of the web pages originate from Hong Kong and Taiwan.”
To fill the gap, Chinese cyber-criminals also populate Russian dark web forums to obtain “tools and information” and flood Western sites to sell drugs and other illegal items, the report claimed.
It goes without saying that if a Chinese cyber-criminal or group were to attack a foreign target — for financial gain or in nationalist-fueled hacktivism — the government is likely to turn a blind eye, according to the report.