January 2, 2012 at 17:01China fights phishers at state level
Despite the censorship restrictions imposed by the party and the government, the number of Internet users in China is growing at an extremely fast pace: Russian Wikipedia estimates that the number of active users is about 300 million; at the same time, the technical editorial office of the BBC gives a different, more significant, figure - 485 million. This is despite the fact that there is a Great Chinese firewalland there are frequent cases of blocking world-class sites - YouTube, Facebook, Twitter, Hotmail; many remember scandals with Google in China and retaliatory accusations of a hacker attack on the services of the search giant. In fairness, it should be noted that the reasons for the blockage are always political rather than economic, although local services - Baidu search engine, for example - manage to collect cream even from this, successfully competing with Google in China.
With all these constraining factors for the development of an Internet audience in China, the active participation of the government nevertheless played a positive role. At the very least, there has been a precedent, after which at least Chinese computer attackers - given the speedy decisions of Chinese courts for economic crimes - will have to think about the consequences of their actions.
At the end of the New Year’s week, it became known that about 45 million logins and passwords (10% of the entire active Internet audience!) Of users of a number of Internet banking services in China were stolen. Moreover, according to the old and well-known scheme: using phishing.
The attackers, having copied the interface of popular online banking systems, under one pretext or another, ensured that the victims of fraud entered their usernames, passwords, email addresses on a fake website and thereby gained access to financial information.
Given the more than significant amount of theft, which could ultimately lead to unpleasant consequences, the Chinese government took up the problem. The official investigation was led by the Minister of Industry and Information Technology of China, who promised to deal with those behind the phishing attacks and punish those responsible. Somehow in some countries, words did not become just words, and they were followed by certain actions aimed at restricting the actions of attackers.
The most popular search engines (apparently in China something similar to ours happens when they search for vkontakte.ru using Yandex) in their listings, they now designate legitimate online banking services with a special icon that allows users to visually identify the required site as real.
The second measure taken by the government looks much tougher: the owners of services that allow online communication have implemented special software that is designed to monitor user communication and remove suspicious links leading to fake sites.
So far, of course, all these results have yielded little effect, because, most likely, the scale of the phishing attack has already reached some critical value; it is quite possible that the organizers of the attack are hardly located in China, risking, so to speak, not only virtually, but also physically. Nevertheless, the very precedent of state intervention and the protection of users organized at the state level is, at a minimum, unusual and it still seems difficult to evaluate it.
[ Source]
With all these constraining factors for the development of an Internet audience in China, the active participation of the government nevertheless played a positive role. At the very least, there has been a precedent, after which at least Chinese computer attackers - given the speedy decisions of Chinese courts for economic crimes - will have to think about the consequences of their actions.
At the end of the New Year’s week, it became known that about 45 million logins and passwords (10% of the entire active Internet audience!) Of users of a number of Internet banking services in China were stolen. Moreover, according to the old and well-known scheme: using phishing.
The attackers, having copied the interface of popular online banking systems, under one pretext or another, ensured that the victims of fraud entered their usernames, passwords, email addresses on a fake website and thereby gained access to financial information.
Given the more than significant amount of theft, which could ultimately lead to unpleasant consequences, the Chinese government took up the problem. The official investigation was led by the Minister of Industry and Information Technology of China, who promised to deal with those behind the phishing attacks and punish those responsible. Somehow in some countries, words did not become just words, and they were followed by certain actions aimed at restricting the actions of attackers.
The most popular search engines (apparently in China something similar to ours happens when they search for vkontakte.ru using Yandex) in their listings, they now designate legitimate online banking services with a special icon that allows users to visually identify the required site as real.
The second measure taken by the government looks much tougher: the owners of services that allow online communication have implemented special software that is designed to monitor user communication and remove suspicious links leading to fake sites.
So far, of course, all these results have yielded little effect, because, most likely, the scale of the phishing attack has already reached some critical value; it is quite possible that the organizers of the attack are hardly located in China, risking, so to speak, not only virtually, but also physically. Nevertheless, the very precedent of state intervention and the protection of users organized at the state level is, at a minimum, unusual and it still seems difficult to evaluate it.
[ Source]