Photo: VCG

Since 2022, public security organs across China have investigated 2,430 hacking crimes and arrested 7,092 suspects, effectively cutting off the chain of hacking crimes, protecting network and data security, and safeguarding the normal order of cyberspace, the Ministry of Public Security announced on Thursday at a press conference.

The authority noted that according to its latest statistics, the number of hacking cases in China has been increasing for three consecutive years, with an average annual growth rate of 27.7 percent. The ministry also noted that the average age of hackers has been decreasing year by year, and there have even been cases of elementary school students proficiently using hacker tools.

The rise in hacking crimes has become increasingly prominent in recent years. During the press conference in Beijing, Shi You, the deputy director of the Bureau of Network Security Protection of the ministry, introduced that hacking crimes mainly involve illegal intrusion into computer information systems, unauthorized access to computer data, illegal control of computer information systems, providing programs and tools for illegal intrusion and control of computer information systems, as well as the destruction of computer information systems.

The ministry released 10 typical cases of hacker crimes, as part of the efforts and significant achievements by the authority during the nationwide campaign called "Clean up the Internet."

In one typical hacking case, the Panzhihua public security bureau in Southwest China's Sichuan Province successfully handled in January a case of making profit through illegal remote manipulation of older mobile phones, with the whole chain making illegal profits of more than 100 million yuan ($14.02 million).

The local public security authority in September 2022 uncovered multiple cases of automatic ordering of value-added services on older phones, resulting in monthly deductions of 1 to 10 yuan ($1.4) for related value-added services, indicating that the phones were remotely controlled.

After investigation, it was found that the suspects surnamed Chen and Gao colluded with vendors and manufacturers of older phones to implant Trojan programs during production. They then automatically ordered value-added services such as "weather forecasting." It was verified that this gang illegally controlled over 14.4 million older phones. The Panzhihua public security bureau arrested 29 suspects in Guangdong, Beijing, Hainan, and Hunan and froze over 60 million yuan of funds involved in the case.

In another typical case, the Ya'an public security bureau in Sichuan in May discovered that the local HPV vaccine reservation platform had been hacked, resulting in a large number of HPV vaccine resources being illegally reserved for others. After investigation, it was found that suspects Chen and Yu, among others, had been using hacker techniques for a long time to illegally obtain encrypted data packets transmitted by the HPV vaccine reservation platforms of the local health commissions in 18 provinces and regions as well as 47 cities across the country. In May, the Ya'an authority cracked down on these types of crimes, arresting 36 suspects and seizing over 10 million yuan.

In another case, the Shantou public security bureau in South China's Guangdong Province in May discovered a clue during their investigation that lead them to uncover the illegal mass registration of verified network accounts using overseas AI software to bypass the facial recognition system of Douyin (Chinese version of TikTok). The Guangdong authorities found that the suspect surnamed Chen and others had purchased the personal information of citizens online and used overseas AI facial technology software to create videos of these citizen's faces, thus bypassing the real-person verification process. On July 5, the provincial and Shantou's local authorities conducted a coordinated operation in Shenzhen, Jieyang, Shantou, and other areas to apprehend seven suspects of the criminal gang, and seized a large number of related items such as computers, mobile phones, hard drives, SIM cards, and bank cards. More than 10,000 implicated Douyin accounts were investigated, with an involved amount exceeding 600,000 yuan.

The ministry launched a cluster campaign against criminal acts of illegally tampering with the tax control chip of refueling machines to steal oil and evade taxes, investigated and punished a large number of private gas stations involved, and recovered 1.46 billion yuan in evaded taxes.

Also, the ministry launched a cluster campaign against the criminal behavior of putting Trojan programs on WeChat, postal delivery, and e-commerce platforms, knocking down 121 gangs, arresting 426 criminal suspects, successfully dissuading 964 enterprises from actions that would make them a target of fraud, and recovering losses of more than 93.5 million yuan. At the same time, the authority cracked down on a number of hacker criminal gangs that illegally obtained citizens' personal information through technical means and made profit through inquiries, and seized billions of pieces of various information and data.

Shi said at the press conference that, in addition to directly infiltrating and damaging computer information systems, criminals also provide technical support, material information, and promotion services for illegal activities such as telecommunications fraud, online gambling, online pornography, and "internet water armies," through methods such as data theft, website tampering and traffic hijacking.

In addition, the scope of hacking infringement has extended from online to offline world. For example, some hackers remotely controlled parking lot barriers, tampered with fuel dispenser tax control chips, and interfered with environmental monitoring devices, forming an interconnected network of virtual and real-world crimes, according to Shi.

As new technologies, new formats, and new applications such as artificial intelligence (AI), blockchain, and the Internet of Things continue to evolve, hackers are constantly upgrading their techniques. For example, they are now using AI to create fake images and voices, and exploiting vulnerabilities in blockchain smart contracts to generate large amounts of "virtual currency" and steal other people's assets.

Among the hacking cases, the technological barriers are constantly decreasing, and there is a significant trend towards younger criminals. With the highly shared nature of internet information, there are now thousands of hacker tools circulating online. Most of these tools come with detailed tutorials and are easy to operate, allowing criminals to carry out activities such as vulnerability scanning, Trojan implantation, and DDoS attacks without needing to be proficient in professional skills. The average age of hackers is decreasing year by year, and there have even been cases of elementary school students proficiently using hacking tools.

In addition, hacking crimes are shifting from being about showing off skills to being about financial gain. They are also transitioning from being individual acts to being carried out by organized groups. These crimes involve stealing online assets and infringing upon the property rights and interests of citizens. They also involve seizing public resources, disrupting social fairness and justice, interfering with pricing and measurement systems, disrupting the market economy order, tampering with ecological monitoring data, undermining ecological civilization construction, forging professional qualification certificates, and endangering production and transportation safety. Moreover, hackers provide assistance at various stages to facilitate activities such as telecommunications fraud and other malicious crimes.