Beware of sender - Chinese cyberspace is home to many new online threats - how to be alert to the growing risks.
Next time you are surfing the net looking for information from China – say product suppliers or market information – or receive an email from an unfamiliar sender in China - beware! Chinese cyberspace is now home to a rapidly growing number of online threats, including “phishing” websites (see below) and many nasty devices that attach themselves to PCs and which can wreak havoc on systems and information. It’s not a case of China being public cyber enemy number one (far from it) but it’s important to be alert to the growing risks.
The Australian contacts of a Chinese based organization recently encountered one of these risks. The first warnings emerged when searches from Australia trying to locate and contact the organization’s China website resulted in warnings that the site could potentially harm the users PC if they attempted to log on. The China organization and its Australian contacts then discovered patterns of unusual and unauthorized email traffic linked to the website and to PCs that had accessed the site. Further investigations by the organization in China revealed that their website had been seriously compromised, requiring it to be dismantled and totally rebuilt – an inconvenient and expensive process, but vital to protect themselves and their network. Another area in the press recently has been China based attempts to defraud online buyers using well known cyber platforms such as Ebay.
Australian internet users are already bombarded with spam, email scams and a frightening array of worms and viruses. But it’s the scale of internet growth in China - and some specific features of the Chinese internet world - which pose extra dangers that Australian users need to be aware of. Anyone doing business with China, whether via simple email traffic or handling online inquiries from customers, will sooner or later come face to face with variants of the online security problems that plague cyberspace.
China is now the world’s largest and fastest growing online community. In 2008 there were more than 300 million internet users, and reportedly 12 million websites registered using the .CN domain name (the organization mentioned above was using a .CN domain).
China’s PCs are especially vulnerable to hackers and online infections. According to an Internet security report released in April 2009 by Symantec (the California-based anti-virus software maker) about 71 percent of the computers hacked in the Asia-Pacific region were computers based in China.
The vulnerability of Chinese PCs to hackers (often from outside) was confirmed by reports from Xinhua (the official Chinese government news agency) that 8 out of 10 computers in China with access to Internet have been attacked by hackers, and that 70 percent of global botnets are in China. (Xinhua report 23/04/09)
The causes of this problem are varied: first many PCs in China are not protected by reputable security software; second, the widespread use of pirated and illegal software in China means PC applications do not receive the benefits of automated on line updates, including protections against new threats; and third, PC owners and users in China are relatively uninformed about the extent of the dangers lurking in cyberspace. Thus, PCs in China are an attractive and relatively vulnerable target for international hackers.
According to Graham Titterington, a Principal Analyst at Ovum in London, China should be treated as a potential danger – but it is far from the only one; “The Internet is global and any threat anywhere in the world can hit any user anywhere in the world. However most attackers tend to target people relatively local to themselves. A lot of attacks include the use of spam email, and this is only likely to be opened if it is the recipient's own tongue. Banks mostly work in regions, or if they are global have regional brands. So a fraud attempt launched against the customers of a particular bank will have only regional impact. China is the source of much of the world's malware - the largest producer tends to be the US, but China is normally up near the top of the table. Also Chinese users are likely, on average, to be less well protected with internet security products and services. So overall they are in greater than average danger.”
Titterington also warns that Chinese government plans to force all PCs made in China to install a single internet firewall and online security system (the so-called Green Dam) may actually cause a new problem of encouraging attacks against a uniform configuration shared by large numbers of users.
A growing problem in China is “phishing”.Phishing scams rely on spam email to direct internet users to bogus websites under the control of internet thieves. Typically the websites are designed to look like legitimate websites or the business sites of established organizations and companies. Users are asked to provide personal data such as bank account information, credit card numbers or passwords, which are then used to carry out frauds. In 2008 Symantec found an astonishing 55,389 phishing website hosts - an increase of 66 percent from 2007. Over 90 percent of these threats attempted to steal internet users' confidential information.
According to the China Daily, the Anti-Phishing Alliance of China (APAC) had stopped domain name analysis of over 300 identified phishing websites by the end of October 2008. All the suspect sites had .CN domain names.APAC responds to complaints and moves to shut down phishing sites. (China Daily 3/12/08)
But cyber security problems emanating from in China need to be placed in perspective. On a global scale, China is far from the leading source of problems.
In 2008 Symantec reported that the global incidence of online identity theft scams, spam and Trojan threats all jumped sharply. In 2008 Symantec detected a record-number of 1.6 million new computer threats compared to 624,000 threats in 2007.The report found that 38 percent of worldwide hacking attempts originate in the United States, compared with 13 percent in China. Users most in danger of being attacked from Web sources were first the United States (23 percent), then China second (9 percent) and Germany third (6 percent).
In early 2009 Reuters reported that internet fraud losses reported in the United States reached a record of US$264.6 million in 2008 according to a report from the InternetFraudComplaintCenter, run by the FBI and the NationalWhiteCollarCrimeCenter. But is China a major source of this internet crime? According to the report, scammers in the United States led the way with 66 per cent of all complaints referred to authorities, then followed Britain with 11 per cent, Nigeria 7.5 per cent, and China with 1.6 per cent.
Peter Danford, Managing Director of Beijing based travel firm the China Guide, says his business depends on its website and extensive online communications inside China and global customers looking to visit China. He reports the usual online dangers, which he deals with using the best and latest security protection packages (also methodical backups). Danford’s business website is hosted in the United States, which he says avoids the restrictions and potential problems that affect .CN registered domains. Danford says he has not encountered any unusual level of cyber-threats from Chinese sources. Interestingly he says the problem he faces daily in China is theft of images and content from his website by other users in China. A casual google search recently located his own images being used without permission on the website of a Chinese real estate company.
Danford says strongly worded email threatening legal action quickly solved the problem. He recommends that anyone doing business in China take steps to encrypt and protect any website content that they regard as valuable to their business.
EXPERT TIPS FROM OVUM:
NEVER click on a link in an unexpected e-mail.
When using a browser check the URL pane regularly to ensure you have gone to the site you wanted and have not been redirected to another site.
Use a browser (e.g. IE8) that provides some protection against malicious sites. When choosing security software never buy unsolicited software that you get offered along with a message about your machine being infected that pops up on your screen – this is almost certainly malware and this is the fastest growing form of attack!
Choose a comprehensive security suite that combines anti-malware with web protection.
Try not to rely on links or web searches to locate .CN domains, try to get the correct URL and enter this directly to access the site safely
