China reels from cyberattack
CHINA is home to the world’s largest group of internet users, a thriving online technology scene and rampant software piracy that encapsulates its determination to play by its own set of digital rules.
But as the country scrambles to recover from a global hacking assault that hit its companies, government agencies and universities especially hard, the risks of its dependence on pirated software are becoming clear.
Researchers believe large numbers of computers running unlicensed versions of Windows probably contributed to the reach of the so-called ransomware attack, according to the Finnish cybersecurity company F-Secure. Because pirated software usually is not registered with the developer, users often miss major security patches that could ward off assaults.
It is not clear whether every company or institution in China affected by the ransomware, which locked users out of their computers and demanded payment to allow them to return, was using pirated software. But universities, local governments and state-run firms probably have networks that depend on unlicensed copies of Windows.
Microsoft and other Western companies have complained for years about widespread use of pirated software in a number of countries that were hit particularly hard by the attack. A study last year by BSA, a trade association of software vendors, found that 70 percent of software installed on computers in China was not properly licensed in 2015. Russia, at 64 percent, and India, 58 percent, were close behind.
Zhu Huanjie, who is studying net- work engineering in Hangzhou, China, blamed a number of ills for the spread of the attack, including the lack of security on school networks. He said piracy was also a factor. Many users, he said, did not update their software to get the latest safety features because of a fear that their copies would be damaged or locked, while universities offered only older, pirated versions.
“Most of the schools are now all using pirate software, including operation system and professional software,” he said. “In China, the Windows that most people are using is still pirated. This is just the way it is.”
On Monday, some Chinese institutions were still cleaning computer systems jammed by the attack. Prestigious research institutions like Tsinghua University were affected, as were ma- jor companies like China Telecom and Hainan Airlines.
China’s securities regulator said it had taken down its network to try to protect it, and the country’s banking regulator warned lenders to be cautious when dealing with the malicious software.
Police stations and local security offices reported problems on social media, while university students reported being locked out of final thesis papers. Electronic payment systems at gas stations run by the state oil giant PetroChina were cut off for much of the weekend.
Overall, according to the official state television broadcaster, about 40,000 institutions were hit. Separately, Chinese security company Qihoo 360 reported that computers at more than 29,000 organisations had been infected.
Using copied software and other me- dia has become embedded in China’s computing culture, said Thomas Parenty, founder of Archefact Group, which advises companies on cybersecurity. Some people are under the impression that using pirated goods in China is legal, while others are simply not used to paying for software, he said.
Parenty cited an instance when he was working at the Beijing office of an American client. “It turned out every single one of their computers, all the software, was bootlegged,” he said.
The twin problems of malware and the unwillingness to pay for software are so ingrained that they have led to an alternative type of security company in China. Qihoo 360 built its business by offering free security programs; it makes money from advertising.
The issue has led to political battles between Microsoft and the China’s government.
The Chinese government has been less focused on software piracy – and more on building local alternatives to Microsoft. After leaks by former intelligence contractor Edward Snowden about American hacking attacks aimed at monitoring China’s military buildup, leaders in Beijing accelerated a push to develop Chinese-branded software and hardware that would be harder to breach.
For now, however, much of China relies on Windows. And despite the weekend’s cyberattack, Parenty said he did not think that there would be a big effect on attitudes toward pirated software.
“The only way I see this changing things is if the central government decides there is a risk to critical infrastructure from this threat and force people to buy legitimate software,” he said. “But I don’t see that happening right now.”