iStock_000031268478Small-300x156

Virtual Reality, Meet Hard Reality: The World of Warcraft Crackdown & What It Could Mean For Cybercrime in China

Dec 31, 2013 By Sarah Vonnegut

Last week in the Zhejiang province of China, 10 men were sentenced to prison terms of up to two years for accessing over 11,500 World of Warcraft accounts. The men didn’t hack into the accounts, but instead bought the login details for the accounts on the black market, then sold each player’s gear and accumulated gold to other gamers within the game.

The hijackers are serving time for gaining “invasive access to ordinary computer information systems.” The ten men turned a profit of nearly $11,000, but the government seized the profits and computer equipment used by the hackers as well as issuing fines and prison terms of between a year and a half and two years to each of the accused. The criminals underwent a lengthy trial after being arrested and charged in March of this year.

After struggling with accusations of labeling anti-government sentiments as cybercrime for a few years now, these new arrests may be a step in the right direction for the Chinese nation when it comes to taking a more marked stance on actual cybercrime including fraud and selling stolen information.

The State of Cybercrime in China Today

The first full study on Chinese Cybercrime was done just last year, and the results are staggering. According to the report, an average of 700,000 crimes takes place online each and every day within the mainland, and a total of $46 billion (289 billion yuan) was lost to cybercrime activity by the end of 2012.

In China, cybercrime falls under other “social harms” deemed so by the government, including porn, gambling and writing negative things about the state, among others. Whereas in the U.S. the cyberspace is considered public domain and is fairly uncensored, China, has implemented over 60 Internet regulations that are enforced by the Internet police, a force reported to be as large as 2 million officers.

At least 18,000 websites are blocked in China’s mainland; while the Government maintains that the blocked sites include only “superstitious, pornographic, violence-related, gambling, and other harmful information,” sites with content on various political topics are also banned, including topics like police brutality, freedom of speech, and democracy, among others. In addition, international media sites are banned from time to time as well: BBC News, The Voice of America and Yahoo! Hong Kong among them.

At the same time, the government and army themselves were implicated in several hacks, ranging from last year’s G20 Summit scandal, in which it was discovered that the Chinese spied on European foreign ministries, to earlier this year when various American media companies cried foul after being infiltrated by what was suspected to have been the Chinese army. The Pentagon’s 2012 annual report on China to Congress stated that during that year, “numerous computer systems…including those owned by the US government, continued to be targeted for intrusions, which appear to be attributable directly to the Chinese government and military.”

An article published in the New York Times earlier this year described the culture of hacking in China to be widespread and not only relegated to top-secret missions (such as the TAO squad at the NSA), instead thriving “across official, corporate and criminal worlds.”  In a country where posting libelous rumors online can earn someone up to three years in jail (depending on the popularity of the post judged by likes and shares) while the prison sentence for buying stolen account details on the black market and emptying out the accounts illegally is just two years and a fine, it may seem like the Chinese are using their internet police more as a tool to help censor naysayers rather than protect against domestic cybercrime.

Wie Yongzhong, a professor at the People’s Public Security University, and the lead author of the Chinese cybercrime report mentioned earlier believes that the current legal system wants to punish cyber-criminals but to date, hasn’t updated its laws to be able to in a meaningful way. The laws, Wei said, vaguely connect or relate to web crime, but lack practicality.

“For example if hackers attack the website of a financial organization and transfer money, there are no laws pinpointing the parties responsible during the Internet invasion. It is unclear whether the hacker, the bank’s website or any other related party should shoulder some responsibilities for the crime,” he said.

Is This The Start Of Something New?

China does seem to be working on it, though, and while the balance between cybercrime versus censorship may still be teetering, they may finally be taking a stronger stance against cyber theft. The World of Warcraft case is one of the first cases that seem to have little to no political ties. If the World of Warcraft incident is an indication of what’s to come, 2014 could be the year for a more secure cyberspace in China – no fraudulent Orcs allowed.

What do you think – is this trial the start of a new crackdown on true cybercrime in China?

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.