China’s ‘white hat’ hackers beef up corporate security
BEIJING SEEKS DOMESTIC DATA PROTECTION RATHER THAN RELYING ON FOREIGN FIRMS
China, long accused by the US of rampant cyber aggression, may be synonymous with hacking exploits these days, but that doesn’t mean every Chinese hacker is out to pilfer and destroy.
As Chinese companies grapple with a sharp increase in the number of cyberattacks, many hackers are finding it increasingly lucrative to go above board and join the country’s nascent cybersecurity industry. Zhang Tianqi, a 23-year old Beijinger, cut his chops in high school trying to infiltrate foreign websites, skirting domestic law by probing for vulnerabilities on overseas gaming networks.
Now, after a stint working at internet blue chip Alibaba Group Holding Ltd., he is the chief technology officer of a Shanghaibased cybersecurity firm which owns Vulbox.com, a site offering rewards for vulnerability discoveries, and internet security media site FreeBuf.com.
“I’d been messing around in the field in my early years, but luckily it just so happens now that there’s this trend of China taking information security very seriously,” Zhang said, from his office in a high-tech development in eastern Shanghai.
China is hoping that eventually domestic cybersecurity groups will provide most of its companies with defences against hacking, rather than them relying on foreign firms like Symantec, Kaspersky and EMC Corp’s RSA.
The gradual professionalism of China’s bedroom hackers traces the country’s rise as an economic and technological force, and its sometimes conflicted position in the escalating global data security arms race.
The US government has attributed sophisticated attacks — including the large-scale data theft last month from the Office of Personnel Management (OPM) — to increasingly advanced state-affiliated teams from China. But former hackers say the majority of their peers are joining a burgeoning industry to help China firms fend off the numerous attacks they face themselves.
China has denied any connection with the OPM attack and little is known about the identities of those involved in it. The Cyberspace Administration of China told Reuters in a June 19 fax that it opposes “any form of network attack” and does “not allow any groups or individuals to engage in network-attacking activities” within its borders.
The cybersecurity industry’s growth was partly spurred by a government crackdown on China’s hacking community five years ago — around the same time Beijing passed a series of laws banning hacking and spamming tools and requiring telecom operators to help suppress attacks.