[The culture of hacking
in China is not confined to top-secret military compounds where hackers carry
out orders to pilfer data from foreign governments and corporations. Hacking
thrives across official, corporate and criminal worlds. Whether it is used to
break into private networks, track online dissent back to its source or steal
trade secrets, hacking is openly discussed and even promoted at trade shows,
inside university classrooms and on Internet forums.]
By Edward Wong
 |
Gilles
Sabrie for The New York Times
A booth
for a British company’s products at a law enforcement trade show in Beijing.
Chinese
companies there boasted of their ability to hack into and monitor computers
and cellphones.
|
BEIJING —
Name a target anywhere in China, an official at a state-owned company boasted
recently, and his crack staff will break into that person’s computer, download
the contents of the hard drive, record the keystrokes and monitor cellphone
communications, too.
Pitches like that, from
a salesman for Nanjing Xhunter Software, were not uncommon at a crowded trade
show this month that brought together Chinese law enforcement officials and
entrepreneurs eager to win government contracts for police equipment and services.
“We can physically
locate anyone who spreads a rumor on the Internet,” said the salesman, whose
company’s services include monitoring online postings and pinpointing who has
been saying what about whom.
The culture of hacking
in China is not confined to top-secret military compounds where hackers carry
out orders to pilfer data from foreign governments and corporations. Hacking
thrives across official, corporate and criminal worlds. Whether it is used to
break into private networks, track online dissent back to its source or steal
trade secrets, hacking is openly discussed and even promoted at trade shows,
inside university classrooms and on Internet forums.
The Ministry of
Education and Chinese universities, for instance, join companies in sponsoring
hacking competitions that army talent scouts attend, though “the standards can
be mediocre,” said a cybersecurity expert who works for a government institute
and handed out awards at a 2010 competition.
Corporations employ
freelance hackers to spy on competitors. In an interview, a former hacker
confirmed recent official news reports that one of China’s largest makers of
construction equipment had committed cyberespionage against a rival.
One force behind the
spread of hacking is the government’s insistence on maintaining surveillance
over anyone deemed suspicious. So local police departments contract with
companies like Xhunter to monitor and suppress dissent, industry insiders say.
Ai Weiwei, the dissident
artist, said he had received three messages from Google around 2009 saying his
e-mail account had been compromised, an increasingly common occurrence in China
among people deemed subversive. When the police detained him in 2011, he said,
they seized 200 pieces of computer equipment and other electronic hardware.
“They’re so interested
in computers,” Mr. Ai said. “Every time anyone is arrested or checked, the
first thing they grab is the computer.”
There is criminal
hacking, too. Keyboard jockeys break into online gaming programs and credit
card databases to collect personal information. As in other countries, the
police here have expressed growing concern.
Some hackers see crime
as more lucrative than legitimate work, but opportunities for skilled hackers
to earn generous salaries abound, given the growing number of cybersecurity
companies providing network defense services to the government, state-owned
enterprises and private companies.
“I have personally
provided services to the People’s Liberation Army, the Ministry of Public
Security and the Ministry of State Security,” said a prominent former hacker
who used the alias V8 Brother for this interview because he feared scrutiny by
foreign governments. He said he had done the work as a contractor and described
it as defensive, but declined to give details.
And “if you are a
government employee, there could be secret projects or secret missions,” the
hacker said.
But government jobs are
usually not well paying or prestigious, and most skilled hackers prefer working
for security companies that have cyberdefense contracts, as V8 Brother does, he
and others in the industry say.
Self-trained, the hacker
teamed up with China’s patriotic “red hackers” more than a decade ago. Then he
began working for cybersecurity companies and was recently making $100,000 a
year, he said.
V8 Brother said this
cyberworld was so arcane that senior Chinese officials did not know details
about computer work at government agencies. “You can’t even explain to them
what you’re doing,” he said. “It’s like explaining computer science to a construction
worker.”
In Washington, officials
criticize what they consider state-sponsored attacks. The officials say
intrusions against foreign governments and businesses are growing, and the
Pentagon this month accused the Chinese military of attacking American
government computer systems and military contractors. The White House, which
has ordered cyberattacks against Iran, has made cybersecurity a priority in talks
with China. The Chinese Foreign Ministry says China opposes hacking attacks and
is itself a victim.
The furor in Washington
intensified in February after The New York Times and other news
organizations published details of hacking efforts against their own networks
and the findings of a new report by a cybersecurity company, Mandiant. The
report said a shadowy group within the People’s Liberation Army, Unit 61398, ran a formidable hacking and espionage operation against
foreign entities out of a building on the outskirts of Shanghai.
In China, the unit is
just one part of the complex universe of hacking and cybersecurity. And the
military units are not a well-kept secret. At least four former employees of
Unit 61786, responsible for cryptography and information security, have posted
résumés on job-search Web sites listing employment in the unit.
Another job seeker
reported employment in Unit 61580; the unit has engineers specializing in
“computer network defense and attack,” according to the Project 2049 Institute,
a nongovernmental organization in Virginia that studies security and policy
issues in Asia.
Members of Unit 61398,
the bureau mentioned by Mandiant, have written several papers on hacking and cybersecurity with
professors at Shanghai Jiaotong University, which has a prominent information
security department. Across China, the universities labeled jiaotong — meaning
communications — are taking the lead in building such departments. The military
recruits at the universities and runs its own training center, the P.L.A.
Information Engineering University, in the city of Zhengzhou.
But cybersecurity
experts here say the schools often churn out students who know theory but lack
practical skills. That could explain why many Chinese hacking attacks that have
been discovered do not appear very sophisticated. American cybersecurity
experts say attacks from Chinese groups often occur only from 9 to 5 Beijing
time. And unlike, say, the Russians, Chinese hackers do not tend to cloak their
movements, said Darien Kindlund, manager of the threat intelligence group for
FireEye, a cybersecurity firm in Milpitas, Calif.
“They’re using the least
amount of sophistication necessary to accomplish their mission,” Mr. Kindlund
said. “They have a lot of manpower available, but not necessarily a lot of
intelligent manpower to conduct these operations stealthily.”
The culture of hacking
began in China in the late 1990s. The most famous underground group then was
Green Army. One sign of how hacking has gone mainstream is the fact that the
name of a later incarnation of Green Army — Lumeng — is now used by a top
cybersecurity company in China. (Its English name is NSFOCUS.)
These companies are
often started by prominent hackers or employ them to do network security. They
have polished Web sites that list Chinese government agencies and companies as
their clients. They also list foreign clients — at least one company, Knownsec, lists Microsoft — and have
offices abroad.
The Web site of another
company, Venustech, says its clients include more than 100 government offices,
among them almost all the military commands. The company, which declined an
interview request, has a hacking and cyberdefense research center.
Another former hacker
said the monolithic notion of insidious, state-sponsored hacking now discussed
in the West was absurd. The presence of the state throughout the economy means
hackers often end up doing work for the government at some point, even if it is
through something as small-scale as a contract with a local government office.
“I don’t think the West
understands,” he said. “China’s government is so big. It’s almost impossible to
not have any crossover with the government.”
Private corporations in
China are employing hackers for industrial espionage, in operations that
involve complex tiers of agents who hire the hackers. Sany Group, one of
China’s biggest makers of construction equipment, hired hackers to spy on
Zoomlion, a rival, according to official news media reports confirmed by the
former hacker. Sany declined to comment.
That hacker said he knew
the middleman agent who had hired cyberspies for Sany. The agent was a security
engineer who owned two apartments in Beijing and had been under pressure to
meet mortgage payments. “In China, everyone is struggling to feed themselves,
so why should they consider values and those kinds of luxuries?” the former hacker
said. “They work for one thing, and that’s for money.”
Jonathan Ansfield contributed reporting, and Mia
Li contributed research.
