Chinese hacking firm buys officials’ favor with alcohol, women | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

  • By Dake Kang and Zen Soo / AP, BEIJING

China’s hackers for hire take government officials out for lavish banquets, binge drinking and late-night karaoke with young women to win favor and business, as revealed last month in a highly unusual leak of internal documents from a private contractor linked to Chinese police.

China’s hacking industry is vast in size and scope, but also has shady business practices, disgruntlement over pay and work quality, and poor security protocols, the documents showed.

Private hacking contractors are companies that steal data from other countries to sell to Chinese authorities. Over the past two decades, Chinese state security’s demand for overseas intelligence has soared, giving rise to a vast network of private hackers for hire companies that have infiltrated hundreds of systems outside China.

Photo: AP

Although the existence of these hacking contractors is an open secret in China, little was known about how they operate.

However, the leaked documents from a firm called I-Soon (安洵信息) have pulled back the curtain, revealing a seedy, sprawling industry where corners are cut, and rules are murky and poorly enforced in the quest to make money.

Leaked chat records showed that I-Soon executives are colluding with competitors to rig bidding for government contracts. They pay thousands of dollars in “introduction fees” to contacts who bring them lucrative projects.

I-Soon has not commented on the documents.

Mei Danowski, a cybersecurity analyst who wrote about I-Soon on her blog, Natto Thoughts, said the documents showed that China’s hackers for hire work much like any other industry in China.

“It is profit driven,” Danowski said. “It is subject to China’s business culture — who you know, who you dine and wine with, and who you are friends with.”

Although I-Soon boasted about its hacking prowess in slick marketing PowerPoint presentations, the real business took place at hotpot parties, late night drinking sessions and poaching wars with competitors, leaked records showed.

A picture emerged of a company enmeshed in a seedy, sprawling industry that relies heavily on connections to get things done.

I-Soon founder and CEO Wu Haibo (吳海波) is one of China’s so-called “red hackers” — patriots who offer their services to the Chinese Communist Party. With the spread of the Internet, China’s hacking-for-hire industry boomed, emphasizing espionage and intellectual property theft.

Today, hackers such as those at I-Soon outnumber FBI cybersecurity staff by “at least 50 to one,” FBI Director Christopher Wray said in January at a conference in Munich.

China boasts world-class hackers, many employed by the Chinese military and other state institutions, but documents showed that I-Soon and other hackers for hire often engage in sketchy business practices. I-Soon leadership discussed buying gifts and which officials liked red wine. They swapped tips on who was a lightweight, and who could handle their liquor.

I-Soon executives paid “introduction fees” for lucrative projects, including tens of thousands of yuan to a man who landed them a 285,000 yuan (US$39,659) contract with police in Hebei Province, chat records showed.

To sweeten the deal, I-Soon chief operating officer Chen Cheng (陳誠) suggested arranging the man a drinking and karaoke session with women.

“He likes to touch girls,” Chen wrote.

The source of the I-Soon documents is unclear, and executives and Chinese police are investigating. Although Beijing has repeatedly denied involvement in offensive hacking, the leak illustrates I-Soon and other hacking companies’ deep ties with the Chinese state.

For example, chat records showed that the Chinese Ministry of Public Security gave companies access to proofs of concept of so-called “zero days,” the industry term for a previously unknown software security hole. Zero days are prized because they can be exploited until detected. I-Soon company executives debated how to obtain them. They are regularly discovered and surface at an annual Chinese state-sponsored hacking competition.

Many of I-Soon’s clients were police in cities across China, a leaked contract list showed. I-Soon scouted for databases they thought would sell well with officers, such as Vietnamese traffic data to Yunnan Province in the southeast, or data on exiled Tibetans to the Tibetan regional government. At times, I-Soon hacked on demand.

I-Soon proclaimed their patriotism to win new business. Top executives discussed participating in China’s poverty alleviation scheme — one of Chinese President Xi Jinping’s (習近平) signature initiatives — to make connections.

In interviews with state media, Wu quoted Chinese philosopher Mencius (孟子), casting himself as a scholar concerned with China’s national interest.

Despite Wu’s professed patriotism, the leaked records depict a competitive man motivated to get rich.

“If you don’t make money, being famous is useless,” he wrote in a private message.

However, I-Soon has been hit by the country’s recent economic downturn, leading to thin profits, low pay and an exodus of talent, the leaked documents showed.

Low salaries and pay disparities caused employees to complain, chat records showed.

Leaked employee lists showed that most I-Soon staff held a degree from a vocational training school, not an undergraduate degree, suggesting lower levels of education and training.

Sales staff reported that clients were dissatisfied with the quality of I-Soon data, making it difficult to collect payments.

The company’s troubles reflect broader issues in China’s private hacking industry. The country’s cratering economy, Beijing’s tightening controls and the growing role of the state has led to an exodus of top hacking talent, four cybersecurity analysts and Chinese industry insiders said.

“China is no longer the country we used to know. A lot of highly skilled people have been leaving,” said one industry insider, declining to be named to speak on a sensitive topic.

Under Xi, the growing role of the state in China’s technology industry has emphasized ideology over competence, impeded pay and made access to officials pivotal, the person said.

In the past few years, Beijing has heavily promoted China’s tech industry and the use of technology in government, part of a broader strategy to facilitate the country’s rise, but much of China’s data and cybersecurity work has been contracted out to smaller subcontractors with novice programmers, leading to poor digital practices and large leaks of data.

Despite the clandestine nature of I-Soon’s work, the company has surprisingly lax security protocols. I-Soon’s offices in Chengdu, for example, have minimal security and are open to the public.

The leaked files showed that top I-Soon executives communicated frequently on WeChat, which lacks end-to-end encryption.

Yet at the end of the day, it may not matter, Danowski said.

“It’s a little sloppy. The tools are not that impressive, but the Ministry of Public Security sees that you get the job done,” she said of I-Soon. “They will hire whoever can get the job done.”

Additional reporting by Frank Bajak

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.


Click Here For The Original Story From This Source.


National Cyber Security