China's Underground Cyber-Crime Economy Grows in Size, Sophistication

While state-sponsored online espionage is most often associated with China, freelance cyber-crime is alive and well in the country, according to a recent research report.

China Cyber-Crime 2

The tool is called Social Engineering Master. Anyone who pays the equivalent of $50 can search through a variety of stolen or leaked information and use it to create a convincing cyber-attack targeted at a specific victim or group of victims.

The online service is just one of the offerings that have cropped up as part of an online criminal ecosystem in China. While China is well known as a source of cyber-attacks targeting Western political and economic targets through operations called Darkhotel, Emissary Panda and Naikon that made headlines worldwide, online criminal marketplace activity has grown significantly over the past year.

Underground developers are not only selling products, such as exploit kits, and services, such as made-to-order denial-of-service attacks, but they are branching out into easy-to-use Web applications and polished hardware hacks, according to a report released by security firm Trend Micro on Nov. 23.

Services, such as Social Engineering Master, show that the country's criminals are becoming more sophisticated, Christopher Budd, global threat communications manager with Trend Micro, told eWEEK.

"The big problem these days is not getting the data, but getting to the data that you want," he said. "They provide a tool that gives you a nice interface, so the cyber-criminals can create very compelling social engineering emails."

While malware and hacking services continue to be a staple of the underground marketplace in China, criminals have branched out into other areas, according to Trend Micro. Hacked hardware has gone from prototypes to polished products, especially such devices as payment-card readers, which can quickly skim financial information, the company stated.

Legitimate-sounding services—such as boosting the rank of free apps in Apple's App Store and paying for dedicated servers—have doubled in price in some cases, while services more commonly associated with crime—such as buying hacked registration codes for software and renting botnets—have become cheaper.

"While it is less open in China, this is now truly a marketplace," Budd said. "We no longer talk about it as a curiosity. We are in the second, maybe third, generation of cyber-crime offerings."

Take payment-card skimming. With non-cash transactions growing by more than a quarter in the past year, criminals are turning a greater focus toward stealing card data and using it for fraudulent transactions. For that purpose, criminals have developed advanced devices for skimming credit- and debit-card information, the Trend Micro report states.

"We are seeing compromised payment card readers that are being mass-produced and they are being inserted into the legitimate supply chain without people realizing it," Budd said. "It is like the owners of a mom-and-pop restaurant going to the local version of Staples and buying what they think is a legitimate card reader, but in reality, it is grabbing data from every transaction."

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...