Forget intelligence gathering. Financially motivated cybercrime is booming behind the Great Wall.

Sara Peters, Senior Editor

September 3, 2014

2 Min Read

China has become infamous for politically motivated intelligence gathering, but new research from Trend Micro shows that a financially motivated, politically independent cybercrime underground is alive and growing behind the Great Wall, as well.

The new report shows that Chinese cybercrime underground activity doubled between 2012 and 2013. According to Trend Micro CSO Tom Kellermann, it has likely tripled since then.

Further, Kellermann says, these criminals are not just targeting victims in other countries. The targets include "the bourgeois, nouveau-riche Chinese elite who have profited from capitalism" in a country with a dwindling middle class.

The Chinese government "has been focused externally... on information dominance and espionage," Kellermann says. The technological skills cultivated by the country's leaders are coming back to hurt them in the form of new cybercriminals "who are not beholden to the regime. They believe money is God and believe that crime has evolved with technology."

Other recent Trend Micro research shows that the Chinese underground is largely focused on mobile device/services attacks -- Android-based products in particular -- and charges customers a premium for that work.

The most sought mobile crime products and services are SMS spamming, premium service numbers, and SMS servers. SMS spamming is relatively inexpensive, ranging from $50 for 5,000 text messages ro $460 for 100,000 messages. Premium service numbers -- used to subscribe mobile users to unwanted services and charge them a fee for it -- run from $2,500 per year to $36,000 per year. SMS servers -- radio frequency hardware that forces nearby phones to disconnect from legitimate base stations and connect to the attacker's SMS server instead -- cost $7,400.

The reasons for the higher price tags, says Kellermann, are that mobile attacks require more creative code and can offer bigger payoffs. For one thing, mobile payments are more popular in Southeast Asia than they are in the United States, which makes mobile devices more attractive.

"I'd pay more" for mobile attacks, "because I can hack your life," he says. "If the [mobile] device is an extension of yourself, then I can hack you."

In comparison, the most popular nonmobile attack tools are quite affordable. DDoS toolkits can be rented for $81 per month. RAT "licenses" range from $97 to $258 per year, depending on the software. Even the new DNS attack services cost only $323.

The attack products and services appear to be sophisticated and professional. However, the methods the criminal marketplace uses to communicate are not.

The communication tool of choice is QQ groups, a feature of the QQ instant messaging app. Unlike most organized criminals in Eastern Europe, who often rigorously vet customers before working with them, these Chinese groups make themselves quite available to the general public. A simple search of QQ groups turns up results like the "China DDoS and Hacking Service Group."

Download the full report here.

About the Author(s)

Sara Peters

Senior Editor

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights