Symantec: Chinese hackers grow in number, skills

China's hacking scene appears poised for growth, as the number of Internet users rise with a commensurate interest in criminal hacking and government spying, according to a new Symantec study.

"China’s hacking scene is clearly an active one," the report said. "These individuals and groups are known for discovering vulnerabilities, writing exploit code and developing sophisticated hacking techniques."

China ranks second behind the U.S. as far as malicious activity on the Internet as a whole, Symantec said, citing its own data. The country had 131 million Internet users as of the end of 2006, accounting for about 10 percent of its population and 11 percent of the world's Internet users.

A well-known cyberwar between Chinese and American hackers erupted in April 2001 following the collision of a U.S. military spy plane and Chinese fighter. U.S. government Web sites were hacked and defaced with slogans such as "Beat down imperialism of American," courtesy of a group calling itself the Honker Union of China.

Not to be out-hacked, U.S. hackers responded over China's handling of the incident, which involved an awkward demand for an apology.

But perhaps more disturbing have been the efficient ways Chinese hackers are believed to have obtained sensitive information. In June 2004, South Korea was reportedly victimized by a concerted attack using Trojan horse programs -- which appear harmless but have malicious functions -- to pilfer classified documents on weapons systems.

In total, 211 South Korean government computers are believed to have been compromised, in addition to 67 other machines belonging to companies, media groups and universities, according to Symantec.

Chinese computer gurus have also experimented with the "pump-and-dump" scheme, a trick used to inflate stock prices for profit, Symantec said. Starting in October 2004, a group used a Trojan horse to steal account details for users of several online stock traders, then used the accounts to run-up certain stocks.

The victims lost more than $1.3 million, with the attackers profiting around $114,000.

But in recent years, some of the bad guys have come clean, starting up their own computer security companies. China now has about six antivirus vendors, in addition to a number of computer security research and consulting groups.

However, there's "growing concern of an escalated cyber threat from China, from the perspective of both governments and enterprises," Symantec said.

The IDG News Service is a Network World affiliate.