China, everybody’s go-to suspect when it comes to IT security, is finally acknowledging its own problems with hacking. Beijing has also started a campaign to crack-down on non-government-approved Chinese hackers who stole personal data from 100 million people last week.
Irony is a dish best served … with mu shu pork and maybe a side order of white rice.
Sometime between Dec. 21 and 26 hackers infiltrated the databases of many of China’s most popular blogging, shopping, social networking, and gaming sites, according to a report by Caixin Online. The hackers subsequently published more than 100 million usernames, passwords, and email addresses. The leaked files claimed to have information from websites including Tianya (tianya.cn), social networking sites Renren and Kaixin001, the Twitter-clone Sina Weibo, IT development site CSDN.net and online gaming sites like 17173.com and duowan.com. Many if not all of these sites – including the IT development site – stored users' information in plain text.
Best quote from the story:
China's Ministry of Industry and Information Technology … denounced the slew of hackings, saying they "infringed on internet users' legal rights."
The official Xinhua news agency quoted Shi Xiaohong, VP of anti-virus company Qihoo 360, as saying the leak was the result of companies neglecting to encrypt users' passwords and account information. Caixin also cited legal experts told that the massive leak also revealed shortcomings in Chinese internet security law and online ID theft protections. Nice to know that even if the Chinese are ahead of us in hacking they’re worse than we are at protecting customer info. (“Chinese internet security law”? Isn’t that an oxymoron?)
In response to all this the government has begun an anti-phishing campaign to protect users’ bank accounts. The nation’s 10 biggest search engines have agreed to always display websites of banks appear first in searches. By doing this the government hopes to limit the numbers of people visiting fake sites and falling for phishing scams.
How, exactly, this will protect users from companies which don’t take any security measures is anyone’s guess. At what point will the government decide that security efforts shouldn’t only be used to monitor online chat rooms for people discussing things it doesn’t want discussed.
Hacking isn’t just for thieves, after all. PacketStorm notes in its report:
As well as criminal hackers, many activists are turning to the web to make protests more visible. The website of Mengniu, a firm at the centre of a tainted milk scandal, was vandalised and its homepage image replaced with text that read "Do you have a conscience?"