Wanted: Good guys who can hack like Internet criminals

PHOTO: NP

China needs to build a world-class "white-hat hacker" team to protect Internet security, according to Zhou Hongyi, chief executive of Qihoo 360 Technology Co.

Zhou made the assertion at a technology forum on Wednesday in Beijing.

"The rapidly expanding Internet industry badly needs protection by security experts who can attack like real hackers. Experienced white-hat hackers who can think out of the box are required," Zhou said.

White-hat hackers - the good guys, or ethical hackers - break Web security for nonmalicious reasons, usually to help companies or governments test their security vulnerabilities.

Zhou pledged to hold hacker competitions at Chinese universities in 2015 to find future talent for the industry.

China's slowly growing white-hat community isn't keeping up with the Internet explosion on the market. Experts say that because commercial security companies serve only paid enterprise customers, many security breaches are left unattended on the networks of key organisations such as government agencies, State-owned enterprises and sometimes the military.

Websites operated by government and financial institutions attract most of the attacks, according to the National Computer Network Emergency Response Technical Coordination Center, a nonprofit cybersecurity technical provider.

Up to 85 per cent of the backdoor attacks targeting servers and websites came from hackers outside China, according to the organisation.

A weak talent reserve in the cybersecurity sector will hurt China's information safety in the long run, warned Yun Xiaochun, chief engineer at the coordination centre.

"The talent supply is far weaker than demand in the industry. Most of the top-tier security personnel were recruited by overseas companies, leaving the domestic market even more talent-hungry," Yun said. Some security experts ended up in the underground hacking business to make more money, he added.

Chinese cybersecurity experts have only two career options, according to an IT security employee working for an Internet company in Hangzhou, Zhejiang province.

"Either you join the underground market as a real hacker or work for Internet companies that have strong security demand," the source told China Daily on condition of anonymity.

Industry insiders said weak investment in security was the major reason some opt to become real hackers.

According to a report from industry researcher IDC, less than 1 per cent of the total IT investment in China went to the security segment in 2012, compared with 9 per cent in developed markets such as the United States, European Union and Japan.

"Lack of investment assures that China will play catch-up in the field in the coming years," Yun said.

It remains unknown how many white-hat hackers are active in China, but experts said the number "will not be high".

Fred Cohen, a US computer scientist known as the inventor of anti-virus techniques, said at the forum that the Chinese Internet security industry should work with the rest of the world to build a global information and talent exchange programme.

"Web attacks are a universal problem. The world should work together to tackle the threats," Cohen said, adding that every netizen can be a part of the effort to establish an "international safety standard".

The Chinese government is fully aware of the threat of Internet attacks.

Miao Wei, chief of the Ministry of Industry and Information Technology, said cybersafety is becoming a key part of national security, and the government is determined to defend both State and individual information safety online.

"Our economic growth needs a secure Internet environment. The government's job is to make sure the Internet is safe to use," Miao said at a Tuesday meeting.

VIDEOS TO WATCH

SERVICES