Gulf News

China’s ‘white hat’ hackers beef up corporate security

BEIJING SEEKS DOMESTIC DATA PROTECTION RATHER THAN RELYING ON FOREIGN FIRMS

China, long accused by the US of rampant cyber aggression, may be synonymous with hacking exploits these days, but that doesn’t mean every Chinese hacker is out to pilfer and destroy.

As Chinese companies grapple with a sharp increase in the number of cyberattac­ks, many hackers are finding it increasing­ly lucrative to go above board and join the country’s nascent cybersecur­ity industry. Zhang Tianqi, a 23-year old Beijinger, cut his chops in high school trying to infiltrate foreign websites, skirting domestic law by probing for vulnerabil­ities on overseas gaming networks.

Now, after a stint working at internet blue chip Alibaba Group Holding Ltd., he is the chief technology officer of a Shanghaiba­sed cybersecur­ity firm which owns Vulbox.com, a site offering rewards for vulnerabil­ity discoverie­s, and internet security media site FreeBuf.com.

“I’d been messing around in the field in my early years, but luckily it just so happens now that there’s this trend of China taking informatio­n security very seriously,” Zhang said, from his office in a high-tech developmen­t in eastern Shanghai.

China is hoping that eventually domestic cybersecur­ity groups will provide most of its companies with defences against hacking, rather than them relying on foreign firms like Symantec, Kaspersky and EMC Corp’s RSA.

The gradual profession­alism of China’s bedroom hackers traces the country’s rise as an economic and technologi­cal force, and its sometimes conflicted position in the escalating global data security arms race.

The US government has attributed sophistica­ted attacks — including the large-scale data theft last month from the Office of Personnel Management (OPM) — to increasing­ly advanced state-affiliated teams from China. But former hackers say the majority of their peers are joining a burgeoning industry to help China firms fend off the numerous attacks they face themselves.

China has denied any connection with the OPM attack and little is known about the identities of those involved in it. The Cyberspace Administra­tion of China told Reuters in a June 19 fax that it opposes “any form of network attack” and does “not allow any groups or individual­s to engage in network-attacking activities” within its borders.

The cybersecur­ity industry’s growth was partly spurred by a government crackdown on China’s hacking community five years ago — around the same time Beijing passed a series of laws banning hacking and spamming tools and requiring telecom operators to help suppress attacks.