China fights phishers at state level
Despite the censorship restrictions dictated by the party and the government, the number of Internet users in China is growing at an ultra-fast pace: Russian Wikipedia believes that the number of active users is about 300 million people; at the same time, the BBC's technical edition gives a different, more significant figure - 485 million. This is despite the fact that there is a Great Chinese firewall and there are frequent cases of blocking world-class sites - YouTube, Facebook, Twitter, Hotmail; Many people remember the scandals with Google in China and the response accusations of a hacker attack on the services of the search giant. To be fair, it should be noted that the reasons for blocking are always more political than economic, although local services - the Baidu search engine, for example - manage to collect cream even from this, successfully competing with Google in China.
With all these constraining factors for the development of an Internet audience in China, the active participation of the government has played a positive role. At the very least, a precedent has emerged, after which at least Chinese computer criminals — given the speed of decisions of Chinese courts for economic crimes — will have to reflect on the consequences of their actions.
At the end of the pre-New Year week, it became known that about 45 million logins and passwords (10% of the entire active Internet audience!) Users of a number of Internet banking services in China were stolen. Moreover, according to the old and well-known scheme: with the help of phishing.
The attackers, by copying the interface of popular online banking systems, under one pretext or another, sought to ensure that the fraud victims entered their logins, passwords, and email addresses on the fake website and thereby obtained access to financial information.
')
Given the more than a significant amount of theft, which in the end could lead to unpleasant consequences, the problem was taken by the Chinese government. The official investigation was led by the Minister of Industry and Information Technology of China, who promised to deal with those who are behind phishing attacks and punish those responsible. Somehow it happens in some countries, words didn’t just become words, and some actions followed to limit the actions of intruders.
The most popular search engines (apparently, something like ours is happening in China, when the site vkontakte.ru is searched using Yandex) from now on outlines its legitimate online banking services with a special icon that allows users to visually identify the required site as real.
The second measure taken by the government looks much tougher: the owners of services that allow online communication have introduced special software that is designed to monitor user communication and remove suspicious links leading to fake websites.
So far, of course, all these results have had a small effect, because, most likely, the scale of the phishing attack has already reached some critical value; it is quite possible that the organizers of the attack are hardly located in China, risking, so to speak, not only virtually, but also physically. Nevertheless, the very precedent of state intervention and organized at the state level, the protection of users, at least, is unusual and it is still difficult to assess it.
[ Source ]
With all these constraining factors for the development of an Internet audience in China, the active participation of the government has played a positive role. At the very least, a precedent has emerged, after which at least Chinese computer criminals — given the speed of decisions of Chinese courts for economic crimes — will have to reflect on the consequences of their actions.
At the end of the pre-New Year week, it became known that about 45 million logins and passwords (10% of the entire active Internet audience!) Users of a number of Internet banking services in China were stolen. Moreover, according to the old and well-known scheme: with the help of phishing.
The attackers, by copying the interface of popular online banking systems, under one pretext or another, sought to ensure that the fraud victims entered their logins, passwords, and email addresses on the fake website and thereby obtained access to financial information.
')
Given the more than a significant amount of theft, which in the end could lead to unpleasant consequences, the problem was taken by the Chinese government. The official investigation was led by the Minister of Industry and Information Technology of China, who promised to deal with those who are behind phishing attacks and punish those responsible. Somehow it happens in some countries, words didn’t just become words, and some actions followed to limit the actions of intruders.
The most popular search engines (apparently, something like ours is happening in China, when the site vkontakte.ru is searched using Yandex) from now on outlines its legitimate online banking services with a special icon that allows users to visually identify the required site as real.
The second measure taken by the government looks much tougher: the owners of services that allow online communication have introduced special software that is designed to monitor user communication and remove suspicious links leading to fake websites.
So far, of course, all these results have had a small effect, because, most likely, the scale of the phishing attack has already reached some critical value; it is quite possible that the organizers of the attack are hardly located in China, risking, so to speak, not only virtually, but also physically. Nevertheless, the very precedent of state intervention and organized at the state level, the protection of users, at least, is unusual and it is still difficult to assess it.
[ Source ]
Source: https://habr.com/ru/post/135618/
All Articles