For hackers, China is the land of opportunity

While scare stories abound, a former Chinese hacker said the notion of insidious, state-sponsored hacking as discussed in the West, is absurd

By Edward Wong  /  NY Times News Service, BEIJING

Mon, May 27, 2013 - Page 9

Name a target anywhere in China, an official at a state-owned company boasted recently, and his crack staff will break into that person’s computer, download the contents of the hard drive, record the keystrokes and monitor cellphone communications too.

Pitches like that, from a salesman for Nanjing Xhunter Software, were not uncommon at a crowded trade show this month that brought together Chinese law enforcement officials and entrepreneurs eager to win government contracts for police equipment and services.

“We can physically locate anyone who spreads a rumor on the Internet,” said the salesman, whose company’s services include monitoring online conversations and pinpointing who has been saying what about whom.

The culture of hacking in China is not confined to top-secret military compounds where hackers carry out orders to pilfer data from foreign governments and corporations. Hacking thrives across official, corporate and criminal worlds.

Whether it is used to break into private networks, track online dissent back to its source or steal trade secrets, hacking is openly discussed and even promoted at trade shows, inside university classrooms and on Internet forums.

The Chinese Ministry of Education and a number of universities, for instance, join companies in sponsoring hacking competitions that are attended by army talent scouts, although “the standards can be mediocre,” said a cybersecurity expert who works for a government institute and handed out awards at a 2010 competition.

Corporations employ freelance hackers to spy on competitors. In an interview, a former hacker confirmed recent official news reports that one of China’s largest makers of construction equipment had committed cyberespionage against a rival.

One force behind the spread of hacking is the government’s insistence on maintaining surveillance over anyone deemed suspicious. So local police departments contract with companies like Xhunter to monitor and suppress dissent, insiders say.

Dissident artist Ai Weiwei (艾未未) said he received three messages from Google around 2009 saying his e-mail account had been compromised, an increasingly common occurrence in China among people deemed subversive. When the police detained him in 2011, he said, they seized 200 pieces of computer equipment and other electronic hardware.

“They’re so interested in computers,” Ai said. “Every time anyone is arrested or checked, the first thing they grab is the computer.”

There is criminal hacking, too. Keyboard jockeys break into online gaming programs and credit card databases to collect personal information. As in other countries, the Chinese police have expressed growing concern.

Some hackers see crime as more lucrative than legitimate work, but opportunities for skilled hackers to earn generous salaries abound, given the growing number of cybersecurity companies providing network defense services to the government, state-owned enterprises and private firms.

“I have personally provided services to the People’s Liberation Army [PLA], the Ministry of Public Security and the Ministry of State Security,” said a prominent former hacker who used the alias “V8 Brother” for this interview because he feared scrutiny by foreign governments.

He said he had done the work as a contractor and described it as defensive in nature, but declined to give details.

“If you directly work for the government, there could be secret projects or secret missions,” the hacker said.

However, government jobs are usually not well-paid or prestigious, and most skilled hackers prefer working for security companies that have cyberdefense contracts, as V8 Brother does, he and others in the industry say.

Self-trained, the hacker teamed up with China’s patriotic “red hackers” more than a decade ago. Then he began working for cybersecurity companies and was recently making US$100,000 a year, he said.

V8 Brother said this cyberworld was so arcane that senior Chinese officials did not know details about computer work at government agencies.

“You can’t even explain to them what you’re doing,” he said. “It’s like explaining computer science to a construction worker.”

In Washington, officials criticize what they consider state-sponsored attacks. The officials say intrusions against foreign governments and businesses are growing, and the Pentagon this month accused the Chinese military of attacking US government computer systems and defense contractors. The administration of US President Barack Obama, which itself has ordered cyberattacks against Iran, has made cybersecurity a priority in talks with China.

The Chinese Ministry of Foreign Affairs says China opposes hacking attacks and is itself a victim.

The furor in Washington intensified in February after the New York Times and other news organizations published details of hacking efforts against their own networks and the findings of a report by a cybersecurity company, Mandiant. The report said a shadowy group within the PLA, Unit 61398, ran a formidable hacking and espionage operation against foreign entities out of a building on the outskirts of Shanghai.

In China, the unit is just one part of the complex universe of hacking and cybersecurity. And the military units are not a well-kept secret. At least four former employees of Unit 61786, responsible for cryptography and information security, have posted resumes on job-search Web sites listing employment in the unit.

Another job seeker reported employment in Unit 61580; the unit has engineers specializing in “computer network defense and attack,” according to the Project 2049 Institute, a nongovernmental organization in Virginia that studies security and policy issues in Asia.

Members of Unit 61398, the bureau mentioned by Mandiant, have written several papers on hacking and cybersecurity with professors at Shanghai Jiaotong University, which has a prominent information security department. Across China, the universities labeled jiaotong (交通) — meaning communications — are taking the lead in building cybersecurity departments. The military recruits at the universities and runs its own training center, the PLA Information Engineering University, in Zhengzhou.

However, cybersecurity experts in China say the schools often churn out students who know theory, but lack practical skills. That could explain why many Chinese hacking attacks that have been discovered do not appear very sophisticated.

US cybersecurity experts say attacks from Chinese groups often occur only from 9am to 5pm Beijing time. And unlike, say, the Russians, Chinese hackers do not tend to cloak their movements, said Darien Kindlund, manager of the threat intelligence group for FireEye, a cybersecurity firm based in Milpitas, California.

“They’re using the least amount of sophistication necessary to accomplish their mission,” Kindlund said. “They have a lot of manpower available, but not necessarily a lot of intelligent manpower to conduct these operations stealthily.”

The culture of hacking began in China in the late 1990s. The most famous underground group then was Green Army. One sign of how hacking has gone mainstream is the fact that the name of a later incarnation of Green Army — Lumeng — is now being used by a top cybersecurity company in China. (Its English name is NSFOCUS.)

These companies are often started by prominent hackers or employ the hackers to do network security. They have polished Web sites that list Chinese government agencies and companies as their clients. They also list foreign clients — one company, Knownsec, lists Microsoft — and have offices abroad.

The Web site of another company, Venustech, says its clients include more than 100 government offices, among them almost all the military commands. The company, which declined an interview request, has a hacking and cyberdefense research center.

Another former hacker said the monolithic notion of insidious, state-sponsored hacking now discussed in the West was absurd. The presence of the state throughout the economy means hackers often end up doing work for the government at some point, even if it is through something as small-scale as a contract with a local government office.

“I don’t think the West understands,” he said. “China’s government is so big. It’s almost impossible to not have any crossover with the government.”

Large companies in China are employing hackers for industrial espionage, in operations that involve complex tiers of agents who hire the hackers. Sany Group, one of China’s biggest makers of construction equipment, hired hackers to spy on Zoomlion, a rival, according to official media reports confirmed by the former hacker. Sany declined to comment.

That hacker said he knew the middleman agent who had hired the cyberspies for Sany. The agent was a security engineer who owned two apartments in Beijing and had been under pressure to meet mortgage payments.

“In China, everyone is struggling to feed themselves, so why should they consider values and those kinds of luxuries?” the former hacker said. “They work for one thing, and that’s for money.”

Additional reporting by Jonathan Ansfield