Chinese cybercriminals are getting more organized, and they are building a stronger presence in international markets and forums used by online criminals.
“China has long been home to a relatively robust and large underground cybercrime community within the Deep & Dark Web,” states a report released on Feb. 19 by Flashpoint, a Deep Web data and intelligence group.
The deep Web is the unseen part of the Internet. A large portion of it is just code and data; other parts are defined more broadly as Web pages not searchable by Google or that are password protected.
But there’s another subset of the deep Web, sometimes called the “DarkNet,” that is only accessible with specialized software. It’s a place where illicit markets sell everything from drugs to hitmen, and where cybercriminals often sell stolen data or buy new tools for their trade.
“The vast majority of mass retail business is conducted via automated shops and platforms designed to cater to a wide audience with little in the way of individual interaction between buyer and seller required,” the report states.
While Chinese cybercriminals have always had a strong presence on the DarkNet, however, they used to lack structure, and their operations were comparatively less professional.
While cybercriminals elsewhere sometimes have full digital storefronts where they may sell stolen credit cards and data, the Chinese cybercriminals were often still using forms of direct communication for one-off deals.
They were often using tools like Baidu Tieba and QQ Messenger. This would be roughly equivalent to using Google Chat or Instant Messenger to sell stolen goods.
Sometimes they would even post advertisements for cybercrime on random forums, including places where people discuss real estate, video games, and entertainment.
“This stands in stark contrast to the high level of professionalism and maturity that characterizes the Russian underground economy, where one-on-one transactions are primarily reserved for significant sales,” the report states.
Over the last year, however, the operations of Chinese cybercriminals changed.
Researchers at Flashpoint monitoring Chinese cybercriminals on the DarkNet throughout 2015 saw “increasing signs” that the Chinese cybercrime underground was maturing, and branching out internationally.
Instead of building their own systems, the report states, many Chinese cybercriminals started establishing themselves on forums and shops “within the Russian underground.”
The report notes that Chinese likely chose the Russian systems because their markets have comparatively loose standards. They usually accept registration from users who don’t speak Russian or English.
The new shift has only just started, but the Chinese joining the broader community of cybercriminals may bring about a more globalized structure for cybercrime.