May 19, 2009, 9:38 AM — China has targeted cybercrime in three new sets of regulations issued this month as the activity starts to look like an established industry in the country.
Cybercrime in China has grown such that attackers often divide the labor needed to design malware, distribute it and turn the resulting access to remote PCs into monetary gain, security analysts say.
Over 1.2 million computers in China in 2008 were infected by software that let an attacker control them as part of a botnet, according to the Ministry of Industry and Information Technology (MIIT).
That suggests botnets afflict China more severely than other countries. Just 2 million computers worldwide in the first half of that year were bot-controlled, according to a survey by the MIIT's National Computer Network Emergency Response Technical Team.
One of China's new regulations calls on the country's state-run telecommunications operators, CNCERT and other government agencies to improve their abilities to monitor and eliminate botnets. China's domain registry center and other bodies are ordered to "dispose" of malicious domain names and compromised IP addresses.
A botnet is a large group of computers compromised by an attacker and used for malicious purposes such as sending spam. A botnet can also be used to launch a distributed denial of service (DDOS) attack, in which the machines all attempt to connect to a victim's Web site at once. The site's server is overwhelmed by the number of communication requests and either shuts down or slows severely.
Malicious hackers have used botnets for both purposes in China. DDOS attackers sometimes request payment from victims to end the attacks.
Another new set of MIIT regulations has ordered more extensive background files to be kept for Web sites, and for greater accuracy in information like the name of the domain owner. A hassle-free registration process has previously drawn attackers from within and outside the country to spread malware from Chinese domains.
The third set of new regulations orders information sharing among the telecom companies and government agencies when their own systems are attacked or when they learn of public user problems that suggest malicious activity.
The new regulations are part of a growing body of Chinese laws and government orders that suggests Beijing understands the severity of cybercrime inside its borders.
"Botnets are a threat not just to individual Internet users, but also to business interests and even to national security," the MIIT said in a document on its Web site explaining the regulations.
But while China has made progress, the country can still improve its legal regime and technical capabilities for fighting cybercrime, said Wang Yongquan, a professor at the East China University of Political Science and Law. Enforcement of laws has been a problem in China.
"Cybercrime happens a lot, but it's not discovered very often," Wang said.
Cybercriminals can be difficult to trace because they often hide behind remote IP addresses, Wang said. Low technical proficiency among Chinese police and court officials, especially in rural areas, can complicate evidence gathering and prosecution.
More input from technical experts could benefit the formation of China's cyberlaws, said Wang.