Chinese PC hijack explosion

The number of innocent individuals in China whose personal computers were hijacked by criminals rose by a staggering 2125 per cent between 2006 and 2007, delegates were told here today at the 20th annual conference of FIRST, the Forum of Incident Response and Security Teams. During sessions when the need for more sophisticated approaches to combat the increasing sophistication of Internet crime rode high on the conference agenda, Dr Minghua Wang who heads China's Computer Emergency Response Team Co-ordination Centre, revealed that while the number of PC's hijacked for remote Trojan hosting was already relatively high at 44,717 at the end of 2006, twelve months later the number had exploded to nearly a million - 995,154.

"Malicious websites have become a major threat to normal Internet users in China," he said.

"We now have web-based Trojan networks, driven by economic profit and launched by experienced and well organised black hats, with hundreds of malicious hosts at different locations within China, and even abroad.

"We need co-operation between computer emergency response teams and law enforcers."

His theme that ‘net crime is now almost entirely gain-driven was picked up later in the day by Terri Forslof [TERRI FORSLOF], manager of security response for TippingPoint Technologies.

"Over a ten year period hack for fun and hack for fame has become hack for profit," she said.

"We now have a parasitic micro-economy of mature criminal organisations equipped with almost unlimited money and resources and mature engineering practices, using a long term focus to engage in multi-year planning.

"We defenders have to adapt and keep pace."

Keynote speaker George Stathakopoulos, general manager of security engineering and communications at the Microsoft Corporation, agreed, warning that security professionals who didn't keep up with rapidly evolving crime patterns risked becoming "security historians" rather than security practitioners.