25 October 2016
Many Chinese hackers are finding it increasingly lucrative to go above board and join the country's nascent cybersecurity industry. Photo: Reuters
Many Chinese hackers are finding it increasingly lucrative to go above board and join the country's nascent cybersecurity industry. Photo: Reuters

Skilled Chinese hackers switch to white hats

Despite US accusations that China is engaged in rampant cyber aggression, not all Chinese hackers are out to pilfer and destroy.

As Chinese companies grapple with a sharp increase in the number of cyberattacks, many hackers are finding it increasingly lucrative to go above board and join the country’s nascent cybersecurity industry, according to Reuters.

Zhang Tianqi, 23, developed his skills in high school trying to infiltrate foreign websites, skirting domestic law by probing for vulnerabilities on overseas gaming networks.

Now, after a stint working at internet bluechip Alibaba Group Holding Ltd., he is the chief technology officer of a Shanghai-based cybersecurity firm which owns, a site offering rewards for vulnerability discoveries, and internet security media site

“I’d been messing around in the field in my early years, but luckily it just so happens now that there’s this trend of China taking information security very seriously,” Zhang told Reuters.

Chinese President Xi Jinping has made cybersecurity a national priority as the country starts to feel the impact of rapid economic growth occurring without a corresponding development in data protection.

In May, China’s National Computer Network Emergency Response Technical Team, a non-profit agency, said it had recorded 9,068 instances of data leaks in 2014, three times as many as in 2013, reflecting the “grim challenges” of Chinese cybersecurity, according to a report by the official Xinhua news agency.

To try and tackle this, dozens of cybersecurity companies are now cropping up across the country, employing young techies with bona fide security skills and work experience at firms like Alibaba, Tencent Holdings Ltd. and Baidu Inc.

China is hoping that eventually domestic cybersecurity groups will provide most of its companies with defenses against hacking, rather than them relying on foreign firms like Symantec, Kaspersky and EMC Corp.’s RSA, Reuters said.

The gradual professionalism of China’s bedroom hackers traces the country’s rise as an economic and technological force, and its sometimes conflicted position in the escalating global data security arms race.

The US government has attributed sophisticated attacks — including the large-scale data theft this month from the Office of Personnel Management (OPM) — to increasingly advanced state-affiliated teams from China.

But former hackers say the majority of their peers are joining a burgeoning industry to help China firms fend off the numerous attacks they face themselves.

China has denied any connection with the OPM attack and little is known about the identities of those involved in it.

The Cyberspace Administration of China told Reuters in a June 19 fax that it opposes “any form of network attack” and does “not allow any groups or individuals to engage in network-attacking activities” within its borders.

The cybersecurity industry’s growth was partly spurred by a government crackdown on China’s hacking community five years ago — around the same time Beijing passed a series of laws banning hacking and spamming tools and requiring telecom operators to help suppress attacks.

Government sweeps largely silenced online forums like, where hackers traded tips and boasted about their conquests.

Many chose to shift from “black hat” activities to “white hat” ones, using their skills to find network vulnerabilities so that they can be fixed.

“Many people feel that now white hats have some space to do things, or make money, while hackers can’t do bad things anymore,” said one hacker who asked not to be identified because of his former work with the government.

Aside from companies like Alibaba, Tencent and Baidu beefing up their defences, China’s government has also been working to ramp up the data security of the country as a whole.

Agencies including the Cyberspace Administration of China have led educational efforts around promoting data security.

Even with the current progress, it’s likely to be a long and laborious effort, with China saying it is often the target of sophisticated attacks from overseas.

Last month, Chinese security company Qihoo 360 Technology Co. Ltd. issued a report saying it had discovered a series of cyber-intrusions against important Chinese targets that lasted for years. These include a government maritime agency, research institutions and shipping companies.

Zhang says that while the finger is often pointed at China for hacking attacks, the country is still playing catch up with the United States on both the cyber security, and cyber espionage fronts.

“When China’s measured up against the American giants, the level of their hacks, their data security, the scale and the harm they can do is all much greater.”

– Contact us at [email protected]


EJI Weekly Newsletter