Chinese ex-hacker says working for the government would be too boring

Working for China's civil service is probably the last kind of job a Chinese hacker would want

Tao Wan now works at IBM, but said he was once an angry young man, a veteran of the hacking scene that burgeoned in China in the late 1990s.

Wan channeled his youthful frustrations through the famed Green Army hacker group, of which he was a member before leaving to found the China Eagle Union. It, like the Green Army, is believed to have defaced foreign websites.

These days, the 41-year-old Wan has mellowed. He works in Beijing as a managing consultant on IBM's Cloud Tiger Team, which sells the company's cloud computing services.

But Wan still has keen insights into the motivations and capabilities of today's malicious hackers in China, who often are blamed for ever-increasing cyber attacks against the U.S.

The picture he paints is not one of a well-oiled machine in which talented hackers are scooped up by the Chinese government and swiftly integrated into malicious campaigns. On the contrary, he said, it's one of semi-talented, self-educated hackers, some driven by nationalistic feelings to stir up trouble in the form of electronic protests, and others seeking to profit from their knowledge.

Hackers born in the 1990s learned their skills in Internet cafes while their parents were away at work, Wan said.

"This generation of hackers are not that technically capable, they just like to show off -- young kids with a low technical ability," said Wan, who spoke at the Power of Community security conference on Thursday in Seoul.

In the past, Chinese hackers have been spurred into action by geopolitical controversies, such as when Japanese politicians visit the Yasukuni Shrine, a memorial in Tokyo to Japan's military, including war criminals from World War II.

But Wan sees change coming. "I think they are coming out of the nationalistic phase," he said. "I believe the nationalistic intent will fade even further in the future."

Many of the hackers are turning away from the darker side of the security field and instead looking for opportunities in building legitimate businesses. Wan has played a part in that, turning the China Eagle Union into a non-governmental organization called the Intelligence Defense Friends Laboratory, which is intended to encourage more positive behavior.

"Hackers are not destroyers," Wan said. "They must be builders and do something."

China's billion-plus population means that proportionally, there are a lot of hackers in China. China has an active cyber police, but the country is large. Nonetheless, "you can't say enforcement is non-existent in China," Wan said.

The authorities can show a soft touch, which Wan has felt himself: At one time before launching a new attack campaign, he was visited by the police, who persuaded him and others to hold off.

Contact between the Chinese government and hackers is inevitable in one form or another, just as it would be between companies and the government anywhere, Wan said. But China doesn't really employ hackers. Hacker tend to be of a lower social level and don't fit the type of a civil service worker, let alone become officially hired.

Besides, official government work would be a dull, 9 a.m. to 5 p.m. job. "If there was an opportunity, I would refuse it," he said

That said, China does have it own hacking capabilities within its government agencies, but there is a difference in skills compared to countries such as the U.S. and Russia.

"Especially in some government agencies they are very sophisticated but the overall hacking ability is still less sophisticated that other countries," Wan said. "They need to become more competitive."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags IBMsecuritygovernment

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place