Amateur expertsare helping to spot potential loopholes, as Cao Yin reports.A very small office near the Sixth Ring Road in Beijing houses a very big dream, one that’sshared by thousands of Internet security enthusiasts across China.
The office is the home of Wooyun, the country’s largest online community of “white-hat”hackers－private individuals who deliberately hack corporate and government computersystems to detect and expose security loopholes and help prevent cyber-attacks.
Their dream is to build the ultimate, impregnable cyber-fortress.
Fang Xiaodun, one of the community’s co-founders, said that unlike regular hackers, whodiscover security risks or potential sites of attack in the hope of financial gain, “our aim is touse the advantage our computing or online skills give us to do good deeds in cyberspace”.
As far back as 2010, Fang frequently spent his weekends at a cafe with employees ofChinese Internet giants, such as Baidu, a Chinese search engine, discussing online securityproblems and how to solve them.
“We shared the discoveries we had made at our own companies, and often found that someof the problems were similar. But lack of communication and the fact that we worked fordifferent businesses meant that all of us had solved them ourselves,” Fang, 28, said.
At the time, Fang and his security-conscious friends planted a seed that would lead to thefoundation of a platform where reports of potential security loopholes could be received andforwarded to the relevant parties.
The platform is Wooyun, founded in July 2010 by 10 online security experts. Five years later,the computer and Internet watchdog has a team of more than 30 core employees, plus about20,000 online members. Now it is attempting to extend its reach overseas, helping to detectglobal security loopholes and discussing how to prevent or solve them, Fang said.
“Cybersecurity is an issue without boundaries, and sometimes things need to be shared andsolved via an international think tank,” he said, adding that the platform’s work is not onlycrucial to the protection of cyberspace, but also a means of furthering members’ dream oftotal security.
In October, Fang traveled to Japan to discuss “hot risk” areas and the prevention ofcyberattacks with Japanese security experts.
“I learned that foreign countries have similar security problems as ours, but few of them havea platform like Wooyun to report to, which is why I intend to extend our business,” he said.
In the past, some Wooyun members looked for security loopholes overseas, “but we had nochannel to inform anyone about their reports, so we plan to break through via normalcommunications at first”, he said.
Wooyun has connections with groups in Hong Kong, Taiwan and other places in SoutheastAsia, such as Singapore, and hopes to become a bridge for reports about security risks.
“We first wanted to extend to areas where there are Chinese people, because it’s easier forthem to understand our idea that loopholes should be made public when they’ve beensolved,” he said, adding that the policy of full disclosure has been approved by the onlinemembers.
“Most security fans are proud of discovering problems in cyberspace. Publicly exposingloopholes after helping companies or governments close them is the best way for theseamateur experts to feel a sense of achievement,” he said.
Although Wooyun had previously discovered security risks in some Western businesses,including Apple Inc, the companies declined to disclose the loopholes publicly.
“I hope our effective methods of solving security problems in Asia will help us extend further inthe West,” Fang said.
Now, Wooyun reports any loopholes its member discover to the National Computer NetworkEmergency Response Technical Team Coordination Center of China for technical verification.
“Lots of countries and regions have similar institutes, and we first share the securityinformation with them to open a door for communication,” he said.
Although he graduated from a university in Heilongjiang province with a bachelor’s degree inchemistry, Fang did not find his major interesting. Instead, he was addicted to computers.
“What I enjoy is conquering or circumventing games. The feeling of breaking though a barrieris fantastic,” he said.