Security Experts Cautious About China's Intentions In Hacking Site Crackdown
The Chinese government arrested three individuals in November, suspected of teaching members to break into computers and selling hacking tools online as part of a cybercrime operation, according to the Xinhua news agency Monday. However, news of the bust became public Monday.
The operation, known as Black Hawk Safety Net, worked through the Web site 3800cc.com, and generated around $1 million in profits from more than 12,000 customers, according to The Wall Street Journal. As part of the bust, the Chinese government captured about $249,000 in assets, as well as cash, nine servers, five computers and a car, according to Xinhua.
The Black Hawk Web site was also said to have disseminated malware in 2007 that infected private and government computers through the city of Macheng, in the Hubei central province, according to Xinhua.
"Any time you shut down a site that's teaching people to do the wrong thing, that's a good thing," said Dave Marcus, security research and communications manager for McAfee Labs. "But it's a little too early to tell. It's hard to say if it's going to be beneficial in the long run, or whether it's solely a PR move."
But some question the sincerity of the crackdown. The Black Hawk crackdown follows after search engine giant Google threatened to pull business out of China, claiming that the government was behind malicious cyberattacks targeting its network, and the networks of at least 30 other companies, last month.
In the weeks that followed the Google attacks, China started to tackle negative publicity regarding the hacking issue by denouncing cybercrime publicly. The Black Hawk Safety Net bust appears that the government is enforcing a law implemented last year prohibiting individuals from offering or selling online hacker programs that can be used to commit cybercrime.
Despite public efforts to shutter hacker Web sites, however, certain types of malware sourced from China have been steadily on the rise, according to the McAfee Q4 Threats Report, released Tuesday. According to the report, China led the world with the largest percentage of botnets (12 percent of the world's total). The report also indicated that the majority of SQL injection attacks -- 54 percent -- originated in China.
China has had an upward battle to fight international allegations that it openly supports and funds cybercrime operations within its borders. International government officials and the security community suspected China of being behind some renowned cyberattacks, including ones that targeted the Dalai Lama, the German chancellor's office, and others allegedly targeting the White House in August 2006.
But Marcus said that in light of the proliferation of fast flux botnets and the ability to send malware from servers all over the world, attacks appearing to originate from China wouldn't necessarily indicate Chinese government sponsorship.
"[For the Google attacks] the direct connection to China just isn't there. There is no smoking gun," Marcus said. "It's a big, squishy Internet. Just because you send something to a server in China doesn't mean it's a Chinese conspiracy."