Press "Enter" to skip to content

China’s ‘White-Hat’ Hackers Fear Dark Times After Community Founder Is Detained By Josh Chin in The Wall st Journal, Aug 1, 2016

China’s growing population of so-called ethical hackers, who have long existed in a legal gray area, fear a government crackdown after authorities took away the founder of its largest independent community.
Fang Xiaodun, a security engineer, set up Wooyun in 2010 as an online platform for Chinese hackers who work to help protect vulnerable networks. The community had about 20,000 registered users when it suddenly shut down on July 19. It hasn’t reopened since. Unclear is whether the government shut it down or its organizers did.
The following day, Mr. Fang was taken away by authorities and has not been heard from since, according to multiple people familiar with the matter. Mr. Fang’s family couldn’t be reached for comment. It wasn’t clear whether he had a lawyer.
Nor was it clear which agency was holding Mr. Fang or for what reason, the people said. China’s Ministry of Public Security and the Cyberspace Administration of China, the country’s internet regulator, didn’t immediately respond to requests for comment.
“Right now all we can do is wait and see what happens,” said one person close to Mr. Fang. “The way this is handled is crucial to how white hats operate in China in the future.”
“White-hat” hackers, as they are known globally, are security experts and hobbyists who aim to help companies and organizations by testing their computer networks for holes. They alert the network owners of any problems, sometimes for a fee or in exchange for merchandise. Other times they work for free. They distinguish themselves from “black-hat” hackers–the shadowy types typically depicted in popular culture hunched over a keyboard in a black hoodie–who probe networks for vulnerabilities to steal data to sell it or exploit it in other ways.
Controversially, the Wooyun platform gives network owners 45 days to respond to a report of a vulnerability, after which it publicizes the hole online, which any hacker can exploit.  White hats say such measures are necessary to force companies and other organizations to take security more seriously. It was unclear whether this aspect of Wooyun’s mission led to Mr. Fang’s arrest.
There’s considerable debate over whether it’s legal in China for white-hat hackers to penetrate computer networks, even assuming their motivations are altruistic. Beijing has left the rules on the matter ambiguous. In July, Economic Information Daily, a newspaper published by the official Xinhua News Agency, noted the lack of clear boundaries, saying, “legally speaking there truly are some hazy areas.”
The number of white-hat hackers in China has grown in recent years, security researchers say, particularly after revelations in 2014 by Edward Snowden, the former U.S. National Security Administration contractor, shocked Chinese companies and government agencies into taking cybersecurity more seriously.
Many of China’s white hats have day jobs as computer programmers or security guards or even fruit vendors and don’t know how to communicate with the organizations whose networks they are testing. One of Wooyun’s roles was to facilitate connections between hackers and network owners.
Workers at antivirus company Qihoo 360, which runs a platform similar to Wooyun’s, say many of the white-hat hackers use both platforms at the same time.
A former chemistry major with long hair and glasses, Mr. Fang left a security job at search giant Baidu to concentrate on Wooyun full time in 2013. He hosted a hacker conference with Wooyun in early July. His most recent post on the popular instant message appWeChat, posted on July 18, showed a photo of him and other images from an unidentified tropical city. It had a self-improvement message: “More important than talent is the courage to become stronger. I hope that when I come back I’ll be a better me.”
The Wooyun website shut late on July 19. Early the next day, the platform issued a statement saying it was upgrading its service and would reopen shortly. “Better to put your faith in Wooyun than to believe rumors,” it said.
Wan Tao, a patriotic hacker in the 2000s who has become an elder figure in the white-hat community, took to social media to defend the platform.
“Society and the security world should all be clear about Wooyun’s massive social influence and contributions to the exposure of security risks and raising of security consciousness,” he wrote on his verified feed on microblogging site Weibo on Thursday.
In April, people close to Wooyun said, one of the platform’s users was arrested on suspicion of illegally obtaining website data after he warned a dating website about a vulnerability that could expose its users personal information. The dating website had fixed the problem and thanked the user prior to his arrest, they said. The user’s whereabouts couldn’t immediately be determined. The Economic Information Daily quoted the hacker’s father saying he believed his son’s only motivation was to help the company.
It’s not clear whether Mr. Fang’s disappearance, reported earlier by the Guangzhou-based Southern Weekly newspaper and business magazine Caixin,  is connected with that case.
http://blogs.wsj.com/chinarealtime/2016/08/01/chinas-white-hat-hackers-fear-dark-times-after-community-founder-is-detained/

Comments are closed.