Cybercriminals in Asia: How the underground works in China

A huge market, almost unfathomable to foreigners, China also has online gangsters who operate like those in the West. The perpetrators are especially ingenious, however, when it comes to using a perfidious trick.

The Chinese cyber underground was already a particularly bustling industry in the past few years. More mobile devices than stationary computers were the target of criminal activity for the first time as early as near the end of 2013. Today this market is pulsating like never before, according to the Japanese security firm Trend Micro.

School for data thieves

In its simplest form, the criminals collect stolen customer data or malware and sell it to anyone who shows an interest. Intercepted or stolen data is traded just as are prototypes and functioning reading devices for cash registers and ATMs. The data intercepted there can then be used to commit crimes such as financial fraud, theft of identity and intellectual property, espionage and blackmail.

Individual offenders and groups often collaborate to achieve common goals such as hijacking external computers for botnets and DDoS attacks. Offenders with different expertise often have a teacher-and-apprentice relationship. The QQ app for instant messaging was an especially popular target, as was the Chinese search engine Baidu, which clearly ranks first in China. Its rival Google, with its single-digit market share, lags far behind.

Insidious hardware

Displacements in traded goods and services have also been registered in the past years. Hacked hosts, tools for DDoS attacks and RATs (Remote Access Trojans) were initially offered and sold. Today social engineering tools have been newly introduced to the market, as well as hardware for attacks on electronic and mobile payment methods. Manipulated checkout systems are thus sold to restaurants and shops without their knowledge. Individual devices notify the perpetrators once the checkout is back in use and new data can be retrieved.

Reading devices for ATMs, which can be used to intercept the account information of the victims, are also offered on B2B websites. Certain models of these inconspicuous magnetic card readers can save thousands of account details. No permanent power supply is needed, as the collected data is only downloaded once the reading devices are connected to a computer. (Source: Trend Micro/bs)