BEIJING—Some of China's most prominent hackers plan to issue a call for their peers in the country to steer clear of commercial cybercrime, a move aimed at cutting down on Chinese cyberattacks that experts say often target foreign Internet users and companies.
While it's unclear how effective such an appeal will be, it is a sign that some with roots in China's hacking culture are concerned that growth in the underground cybertheft industry could draw both louder foreign complaints and tighter domestic restrictions, which could restrict their freedom of action and affect the legitimate network-security sector as well.
Gong Wei A personal photo of Gong Wei, one of the leaders of an appeal for Chinese hackers to reject cybercrime.The appeal is contained in a document called the "Chinese Hackers' Self-Discipline Convention," to be presented this coming week ahead of a hackers' conference in Shanghai and voted upon at the event later this month, two of its organizers said in interviews. The appeal will be aimed at commercial hacking, such as attempts to break into online accounts and steal money from Internet users and businesses, its organizers say.
The appeal against cybercrime reflects how China's hacking landscape has evolved in recent years to pose a larger threat to Internet users and companies both in and outside the country. Over the last decade, many hackers who were once just hobbyists or were active in nationalistic attacks on foreign websites—usually aiming to send a political message—have found legitimate jobs as security professionals. At the same time, while occasional activist attacks by private citizens have continued, young Chinese hackers have increasingly chosen to apply their skills for criminal gain.
"It's easy [for a hacker] to give up the original pure pursuit of technical skill when faced with benefits and money" available in cybercrime, said Gong Wei, one of the organizers of the new appeal, who is also known by the online name Goodwell. "I hope to use this hackers' self-discipline convention to advocate hacker culture, helping young hackers who have just set foot in this arena to establish a strong psychological line of defense."
Both Mr. Gong and the appeal's other main organizer, Wan Tao, a security consultant in Beijing for International Business Machines Corp., were part of China's first generation of hackers. Mr. Gong, a 36-year-old Shanghai native who runs his own network-security company, created one of the country's earliest online hacking groups, the Green Army, in 1997.
Wan Tao A personal photo of Mr. Wan.Mr. Wan, 40, plans to post a draft of the appeal online in early September, he said in an interview. Years before he joined IBM, Mr. Wan in 2001 founded a group called Chinaeagle Union that became known for activist-style attacks against foreign websites, such as those promoting Taiwanese independence. Mr. Wan, who feels his group wasn't doing anything wrong, says it hasn't launched any attacks since 2002 and it now provides technical support to nongovernmental organizations.
Prosecutions of hackers in China have focused on attacks for the purpose of financial gain, but the government has also discouraged politically motivated attacks by private citizens against foreign websites. The Chinese appeal's organizers said it is unlikely to address whether hackers should reject working for a government or hacking for a political cause—known as "hacktivism."
Several hundred security professionals and researchers are likely to attend the Shanghai conference in September and will be encouraged to sign the pledge not to engage in cybercrime if it passes a vote, in which case supporters will also start urging other hackers around China to sign it as well, Messrs. Gong and Wan said. If the document doesn't get enough votes, then the event organizers will collect feedback and revise it for another attempt later, they said.
The high-profile appeal against cybercrime is seen as highly unusual, even though China is not alone in facing the growth of sophisticated cybercrime groups. Local security researchers say cybercrime in China has become a well-developed industry that operates like an assembly line: The programmer of malicious software usually assembles it with lines of computer code he bought elsewhere. The programmer then sells his work to others who undertake the broader attack, spreading the malicious software, triggering it and sharing the payoff.
China in recent years has ranked among the top sources for certain types of cyberattacks. In 2010, for instance, China ranked behind Romania and the U.S. as the third-biggest host of Web addresses used for "phishing," a kind of attack meant to trick an Internet user into sharing sensitive information like a credit-card number, according to a report by IBM researchers.
The appeal comes as security experts and officials continue to allege that China is the source of many politically motivated cyberattacks on foreign companies and government targets. Last year, Google Inc. moved its mainland China search engine to Hong Kong, partly over concerns about hacking from China that it said led to the theft of intellectual property. In February, the computer security company McAfee Inc. said hackers who appeared to be based in China had conducted a "coordinated, covert and targeted" campaign of cyberespionage against five multinational energy firms since at least 2009.
And last month Taiwan's Democratic Progressive Party, which supports independence from China, said it had been the target of a Chinese hacking campaign that made daily incursions into its computers for months.China's government has repeatedly denied sponsoring hacking activity and said it is a major victim of hacking attacks.
The country has gradually added to its laws and regulations against hacking. China's state-run Xinhua news agency this week said the country's Supreme People's Court and Supreme People's Procuratorate issued a statement that clarifies criteria for penalizing acts like illegally obtaining computer network data or providing hacking tools or programs.
Chinese state television also recently broadcast footage of what two experts on the Chinese military said appeared to be a military institute demonstrating software designed to attack websites in the U.S. The software appeared to facilitate attacks on websites related to the Falun Gong spiritual movement, which China's government banned in 1999.
Messrs. Gong and Wan are well-known figures in Chinese hacking circles and many Chinese hackers are likely to hear of their appeal against cybercrime, though some may dismiss it.
"I would think these guys still carry some weight in the Chinese hacker circle. They were first generation and have quite a legacy," said Scott Henderson, the author of a blog called The Dark Visitor that is about Chinese hackers. "Now whether the other guys are going to give up the money from cybercrime because of what they say, no matter how sincere, is anybody's guess," he said.
The appeal's supporters won't be able to force compliance with its rules, but hackers who sign it will be staking their reputation and could face public criticism for violations, said Mr. Wan. "In this circle there should be some rules...When someone violates the bottom line, we can at least express with a joint voice that doing this is wrong," he said.
0 件のコメント:
コメントを投稿