x Abu Dhabi, UAESunday 23 July 2017

Internet black hats cast shadow in China

Cyber crime poses a serious threat to the fast-growing Chinese economy and it is likely such attacks, already costing in excess of $850 billion a year, will accelerate.

The Chinese population is becoming increasingly connected to the internet and there are about 350 million smartphone users. Reuters
The Chinese population is becoming increasingly connected to the internet and there are about 350 million smartphone users. Reuters

China's illicit internet economy is growing at such a rate it will inevitably have a hugely adverse impact on the country's entire economy.

According to a report from the University of California's Institute on Global Conflict and Cooperation titled Investigating China's online underground economy, China's cyber black market is costing its economy more than US$850 billion (Dh3.12 trillion) a year.

The report says the cyber black market is endangering 108 million internet users and 1.1 million websites. It also reveals the full extent of a surprisingly sophisticated, well established black economy fuelled by internet fraud and other online criminal behaviour, often referred to as "black hat" hacking.

In keeping with the Chinese tradition of the pupil deferring to the wisdom of the master, "black hat" training services are often advertised as: "Seeking an apprentice". Would-be "black hats" also publish advertisements reading: "Seeking for master." These messages use a lexicon of terms devised by the criminal fraternity designed to confuse other internet users.

For example, certain slang terms are used as keywords to build underground black markets, such as "material". These appear on Chinese chat services such as Baidu Post Bar with alarming regularity.

"Normal internet users who are not aware of the terminology of the online underground economy will not access this hidden post bar simply due to their ignorance," according to the report. "Even if someone accidentally enters, he/she would not understand the meaning of the advertisement or message in the black market."

Typical "black hat" crimes include the theft of privacy information and "phishing", the practice of posing as a trustworthy entity such as a bank to obtain financial information from unwary or gullible internet users. Frequently, the "phishing" attack also installs "black hat" software on its victim's computer or smartphone without his or her knowledge. This enables the "black hat" to steal all the information needed to strip the victim's bank account bare and perpetrate other forms of fraud. Some so-called "malware" also enables the "black hat" to take remote control of a victim's computer or smartphone.

The full impact of this unprecedented level of internet crime is only just beginning to be understood. According to Rob Enderle, the principal analyst at the Enderle Group based in Silicon Valley, the first casualty of China's black cyber economy will be the country's hitherto thriving IT industry.

"It likely has the combined effect of keeping real IT technology from growing in China long term and keeping money from flowing out of China to other countries short term … It clearly directly and adversely impacts global IT sales," says Mr Enderle.

He adds this fuels negative views of China as a country in which to do business, offsetting the advantages of low labour costs and a strong ecosystem with the fear of having technology stolen on the part of companies that might otherwise use China as a location for manufacturing and development.

This level of destruction of China's IT industry will inevitably damage the country's economy. It will combine with other adverse effects such as a lowering of faith in the country's banking system as internet users become victims of internet fraudsters posing as reputable financial companies.

The University of California report also claims much of China's cyber crime may well be undetected, implying even last year's cost in excess of $850bn may be an underestimate of the total cost to the Chinese economy.

"Some high-tier aspects of the online underground economy, such as selling business intelligence and Advanced Persistent Threat [a cybercrime category directed at business and political targets] tasks are likely to occur in even more hidden and secure communication channels between small groups with mutual trust," says the report.

But even if this suspected loss is not taken into account, the overall figure looks set to grow radically over the next few years if the problem is not effectively addressed.

The Chinese population is becoming increasingly connected to the internet. In developing economies such as China and India, many consumers have gone straight from computer illiteracy to owning a smartphone. As the price of these devices is set to fall further in the coming years, Chinese mobile internet penetration will continue to grow from the current level of more than 350 million users. According to the report, smartphones offer black hats easy pickings.

"In recent years we have seen the same variety of forms of malicious code targeting PCs now emerging for smartphone platforms," says the report. "Furthermore, smartphone platforms are exposed to new and more dangerous security threats because they often include more privacy information, directly linked to the ability to make credit card charges."

The report's authors also stress rapid growth of the Chinese online underground economy must abate if the economy as a whole is not to suffer irreparable damage.

They argue only a framework of well-formed laws and regulations, more effective measurement and tracking techniques by law enforcement agencies, plus a variety of threat protection measures from security vendors, can reduce the risks and hazards of cyber crime now suffered by Chinese internet users.

business@thenational.ae

twitter: Follow and share our breaking business news. Follow us

iPad users can read the digital edition of business section as it was printed via our e-reader app. Click here