The founder of an “ethical hacking” community in China, Fang Xiaodun, was arrested by Chinese authorities a week ago according to Chinese news outlet Caixinwang.
With up to 5,000 members, Wooyun was considered to be China’s largest community of white-hat hackers. The computer specialists break into information systems to discover loopholes, allowing the system owners to strengthen safeguards and defend themselves from malicious hackers.
Around ten senior members of Wooyun – including Fang – were taken away by police without specific charges being made a week ago, according to a source cited by Caixinwang.
“Everything happened very abruptly, even members within Wooyun were kept in the dark,” said the source. “People from Wooyun said there was no administrative procedures nor prior notice for the arrest,” the source added.
Fang was seen at a white-hat hacker convention hosted by Wooyun between July 8 to 9. According to people present at the convention, Fang was not acting unusually and seemed to be emotionally stable at the time.
Website suspended indefinitely
The Wooyun founder had stopped updating his WeChat account on July 18, which was the day before Wooyun’s official website was suspended indefinitely. On July 20, Wooyun released a public notice saying that the site is undergoing an upgrade and would return in “the shortest amount of time.” The site has yet to be re-activated as of July 29.
According to the source, the site was not censored by external parties but instead was shut down by Wooyun members themselves as a means to minimise risk.
Multiple theories regarding the arrest have surfaced in the community. Some speculate that Wooyun was involved in legal issues after publicising certain websites’ system loopholes shortly before they were hacked by a third-party. Others suspect that Wooyun members were involved in testing the vulnerabilities of government networks without authorisation.
Zhao Zhanling, legal consultant for Internet Society of China, said it is unlikely that Wooyun members were arrested for revealing system vulnerabilities of sites that were hacked, since the hacks were not conducted on the Wooyun platform. Zhao added that the organisation might face legal issues which do not involve criminal liability.
According to the source, Wooyun is a non-profit organisation that would only publicise loophole reports if the relevant company refused to claim them. The source added that Wooyung does not charge business enterprises for loophole reports.
Prior to founding the community in 2010, Fang was the head of security at Chinese search engine Baidu, reported Sina Technology.
At age 15, Fang was accepted as a student in Harbin University of Science and Technology where he frequently contributed articles to cybersecurity magazines. He was later employed by a company in 2006 upon successfully hacking into its computer system and passing on information about the loopholes to the company’s owner afterwards.