Feeds

Exposing China's vast underground economy

90,000 people work on the dark side of the Net

Next gen security for virtualised datacentres

Analysis A new academic study has set out to illuminate for the first time the size and structure of the Chinese online underground, and found it affected nearly a quarter of the country’s internet users last year and cost the economy over 5 billion yuan (£500m).

Investigating China’s Online Underground Economy was put together by researchers at California University’s Institute on Global Conflict and Co-operation to highlight the scale and sophistication of China’s cyber black market and to aid global collaboration efforts against hi-tech crime.

The report claims that in 2011 the online underground involved over 90,000 participants, costing the local economy 5.36 billion yuan (£536m), making victims of 110m internet users (roughly 22 per cent) and affecting 1.1m web sites (20 per cent).

To calculate these figures, the report used stats provided by the major local security vendors, court room documents detailing high profile cases and messages from the underground markets themselves which were relatively easy to track down on certain public web platforms.

It focuses on four main interdependent value chains – the stealing of ‘real assets’ such as banking information; ‘network virtual assets’ such as virtual currency; taking advantage of hacked resources such as botnets, with the intent of making money; selling ‘black hat’ tools, techniques and training to others.

As elsewhere, real assets are mainly stolen by phishing and Trojans. Once those tools do their work, the assets are either sold on the underground market or profited from by being used directly to carry out ID fraud.

Network virtual asset theft, on the other hand, is an increasingly attractive draw for criminals because current consumer laws in China still don’t adequately cover this area, the report said.

Botnets are rented, as in other underground economies, to launch spam rums, DDoS attacks, click fraud and other scams. Smartphones are an increasingly popular attack target.

Black hat operators, meanwhile, discover the vulnerabilities, write the malware or build the attack tools and sell them into the other three value chains along with their own labour in the form of training or physically launching attacks.

All of which paints the picture of a highly developed, completely online, underground cyber crime world not too dissimilar from those which we know already operate across other geographies.

A very Chinese approach to cyber crime

However, the researchers found some differences in the Chinese approach – individual participants were much more prone to use public web platforms to conduct their communications:

In major western countries, the online underground economy typically uses Internet Relay Chat (IRC) protocols to build black market advertising and communication channels. However, due to the uniqueness of the usage behaviour of Chinese internet users, the Chinese online underground economy employs different channels for advertising and communication, such as web forums and QQ chatting groups.

In the online underground economy, there are different social roles and value chains, and participants always hope that their own published supply and demand information will be visible to other participants, enabling a deal to be made on favourable terms for more substantial returns. Thus, internet miscreants often choose simple and convenient ways to build the underground market, relying on jargon to increase concealment on a best effort basis.

Many of the bad actors in this world use Baidu’s PostBar (Tieba) web forum platform and Tencent’s QQ chat service, escaping detection by using a variety of slang, the report claimed.

The researchers said they painstakingly searched through 84 such terms – including “horse” (ma, 马), “channel traders” (baoxiao shang, 包销商) and “material washing” (xi liao, 洗料) – and found 129 post bars dedicated to the underground market.

Baidu PostBar has been claimed to be the largest Chinese web forum on the internet. It provides a keyword-based forum organisation, as well as a loose and convenient login and post mechanism. As a result it has attracted a large number of participants to the online underground economy. Certain slang terms are used as keywords to build underground black markets, such as “material” (liao, 料) post bar. Normal internet users who are not aware of the terminology of the online underground economy will not access this hidden post bar simply due to their ignorance

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.