‘White-hat’ hackers key force in cybersecurity
Amateur experts are helping to spot potential loopholes, as Cao Yin reports.
Avery small office near the Sixth Ring Road in Beijing houses a very big dream, one that’s shared by thousands of Internet security enthusiasts across China.
The office is the home of Wooyun, the country’s largest online community of “whitehat” hackers — private individuals who deliberately hack corporate and government computer systems to detect and expose security loopholes and help prevent cyberattacks.
Their dream is to build the ultimate, impregnable cyberfortress.
Fang Xiaodun, one of the community’s co-founders, said that unlike regular hackers, who discover security risks or potential sites of attack in the hope of financial gain, “our aim is to use the advantage our computing or online skills give us to do good deeds in cyberspace”.
As farbackas2010, Fangfrequently spent his weekends at a cafe with employees of Chinese Internet giants, such as Baidu, a Chinese search engine, discussing online security problems and how to solve them.
“We shared the discoveries we had made at our own companies, and often found that some of the problems were similar. But lack of communication and the fact that we worked for different businesses meant that all of us had solved them ourselves,” Fang, 28, said.
At the time, Fang and his security-conscious friends planted a seed that would lead to the foundation of a platform where reports of potential security loopholes could be received and forwarded to the relevant parties.
The platform is Wooyun, founded in July 2010 by 10 online security experts. Five years later, the computer and Internet watchdog has a team of more than 30 core employees, plus about 20,000 online members. Now it is attempting to extend its reach overseas, helping to detect global security loopholes and discussing how to prevent or solve them, Fang said.
“Cybersecurity is an issue without boundaries, and sometimes things need to be shared and solved via an international think tank,” he said, adding that the platform’s work is not only crucial to the protection of