By Huang Chengqing
I. China Internet security: analysis and suggestions
Statistics released by the China Internet Network Information Center show that, in June 2007, in China's mainland, there were 162 million Internet users, 1.31 million websites and 67 million online computers, and the total bandwidth at the international gate reaching 305Gbps, which represented an increase of 18 percent, 66 percent, 23 percent and 46 percent respectively over those in the same period of the previous year. According to CNCERT/CC's statistics, by June 2007, CNCERT had received 645 phishing reports and 452 spam-mail reports, and had detected 10M Trojan hosts and 28,367 times of web defacement, which showed an increase of 142 percent, 33 percent, 4,193 percent and 391 percent respectively over those in the same period of the previous year. The data indicate that China's Internet industry is fairly large in scale, but at the same time it faces obvious security problems. Many Internet users lack the basic security awareness and protection skills, and consequently many online computers have become victims of hackers.
CNCERT found that, in the first half of this year, Internet attacks in China were mainly from local sources (34 percent), while the rest came from the USA (20 percent), South Korea (12 percent), Japan (8 percent) and China's Taiwan (5 percent). Web defacement incidents happened 28,367 times, an increase of 16 percent as compared with the figure of the entire year of 2006. Of them, 1,585 times of web defacement, or about 6 percent, were aimed at governmental websites. Computers with more than 3 million IPs were planted with Botnets controlled mostly by overseas servers totaling 8,361, specifically 32 percent from the US, 5 percent from China's Taiwan, and 7 percent from South Korea. About 1 million computers lost control to Trojan horse virus from 78,000 oversea servers, of which 42 percent were located in China's Taiwan, 25 percent in the US, 6 percent in South Korea, 5 percent in Europe and 4 percent in China's Hong Kong. According to APWG's reports, 4,512 phishing sites had been found in China's mainland in the first half of 2007. Meanwhile, CNCERT/CC had received 645 phishing reports and successfully solved 222 cases. Most incidents were reported by five US companies.
Currently, there are mainly two categories of problems China now faces. Firstly, laws and regulations on Internet security management and against cyber crimes are not yet perfect, and there is no specific law in regard to Internet information security. The existing laws and regulations are seriously behind the time, and fall short of serving as adequate basis for solving practical problems. Secondly, there are underground business transactions conducted by unlawful dealers. According to surveys, the underground business chain includes a number of links ranging from malicious coding and distributing, collecting/controlling victim computers, profiteering through the use of victim computers and underground trading platforms. Malicious code distribution may take the forms of junk mails, websites embedded with code and IM, victim computers collecting/controlling through Botnets and Trojan horse networks. Ways of making money through victim computers usually take the forms of hiring hackers to launch DDOS attacks against competitors, distributing commercial spam mails, phishing websites, reporting on false hits, and stealing and selling accounts/passwords and other private information. As Internet itself can be used as the best underground trading platform, all of the above can be negotiated for trade on this platform.
Because of the rapid advancement of hacking techniques and Internet incidents mostly being cross-border and highly concealed, it's technically rather difficult for the relevant departments to deal with the incidents, and the cost is very high to monitor and investigate into these incidents. Punishment on cyber crimes based on existing laws and regulations is very inadequate. At the same time, because of the large size of China's Internet industry, the available resources and law enforcement capacity of the government for Internet security management is rather insufficient.
Despite the problems and difficulties, there are still much that we can do. They are mainly in four aspects:
Firstly, cooperation should be strengthened between the Internet operation management departments and the law enforcement departments. Seminars attended by people in the industry and from law enforcement departments may help push for the establishment and improvement of relevant laws and regulations. The Internet operating and technical departments may actively assist the public security departments in dealing with cyber crime cases and cracking down cyber crimes.
Secondly, a multi-departmental cooperative mechanism on Internet security management should be introduced, and the Internet security emergency response system should be improved. It's necessary to set up fast and effective emergency response channels and an efficient work process among governments, CNCERT/CC, ISPs, and security vendors.
Thirdly, efforts should be continued to do technological research and to build technical platforms.
Fourthly, active participation in international cooperation schemes, such as APEC-TEL, ITU, FIRST, APCERT, and NSP-SEC should be pursued.
Since the Internet has no boundaries, it's rather difficult to effectively deal with Internet incidents by individual country or region alone. We therefore suggest that all participants cement a relationship of trust and form stable international cooperation, not only at the management level, but at the actual operational level, to conduct specific technical cooperation and emergency response coordination. We also wish to improve communication and exchanges among us, so as to build a trustworthy Internet together.
II. The anti-spam: situation and measures
The flood of spam has become a common problem requiring global efforts for solutions. China has conducted continued attacks against spam with comprehensive measures, and has achieved remarkable results.
According to a report of SOPHOS, the amount of spam sent out from China dropped by 8.5 percent in the third quarter of 2007 as compared with that in the same period of the previous year. In 2007, China was the most successful in anti-spam in the world.
Survey conducted by the Internet Society of China shows that in the third quarter of 2007, the amount of spam received by Chinese netizens accounted for 55 percent of the total of emails received, a decrease of 4 percent as compared with that in the same period of the previous year.
1. Managing according to law
The Ministry of Information Industry issued "Internet Email Service Regulations" on February 21, 2006, which went in force on March 30, 2006. On August 16, 2006, a company in Shenzhen which had sent spam emails to netizens was the first to be punished by the Guangdong Communications Bureau. The company was requested to stop sending spam emails and fined 5,000 yuan.
2. Promoting self-discipline in the industry
In 2003, two documents on standards were promulgated by the Internet Society of China with support from people in the Internet industry, namely the "ISC Email Service Regulations" and "ISC Anti-spam Regulations". The principle of "information sharing and concerted action" was agreed upon, and the methods of blacklisting, reformation within the deadline and joint boycott were adopted.
Entrusted by the Ministry of Information Industry, ISC established an anti-spam center on February 21, 2006, which has so far received about 340,000 spam reports.
3. Establishing an anti-spam technical guarantee platform with joint investment
ISC has established an anti-spam technical guarantee platform which has been functioning successfully. It also provides RBL Service on DNS. The RBL's queries number 300,000 a day, or 4 in each second, and the ratio of access is 65.97 percent. Altogether 12 ISP/ESPs have been included in the white-list on the platform, including Sina, Netease and 263, and the number of their email users accounts for 82 percent of the total registered email users in China.
4. Conducting foundational surveys and technical studies
ISC began to conduct continued and systematic surveys of spam in China from the end of 2003. Up to now, it has carried out eleven nationwide anti-spam surveys, collecting almost 400,000 questionnaires.
In addition, together with NET263 Co., Ltd and Jiaotong University of Shanghai, ISC has undertaken the project of "Research & Realization of Multi-Feature Anti-Spam System and Standards," a part under the 863 Program (National Hi-tech Research & Development Program). Moreover, ISC has submitted the "Draft Recommendation: Technical Framework for Countering Email Spam (X.fcs)" to ITU-T SG17 together with the Telecommunication Academy of the Ministry of Information Industry, which has been initially accepted. ISC has worked out a 30,000-word research report on the dynamic IP address situation of China. Right now, in cooperation with Jiaotong University of Shanghai and other technology research organizations, ISC is studying email stamp technology which can be used to identify the origin of emails.
5. Educating people on anti-spam
On February 28, 2006, the Ministry of Information Industry, the State Administration for Industry and Commerce and the Internet Society of China jointly launched the "Internet Sweeping Day for 2006" with the theme of "Sweep Internet Spam and Protect Consumers' Rights" in Beijing. Xi Guohua, vice minister of the Ministry of Information Industry, Wang Dongfeng, vice minister of the State Administration for Industry and Commerce, and Gao Xinmin, executive vice president of ISC, as well as leaders of Internet businesses and netizen representatives smashed a hammer on an ice sculpture symbolizing email spam into pieces, in an effort to demonstrate their resolve of getting rid of email spam, maintaining a healthy environment on the Internet and safeguarding the lawful rights and interests of consumers.
ISC also organized a conference to publicize the "Internet Email Service Regulations," distributed a million copies of anti-spam brochures, collected signatures from 200,000 volunteers to resist email spam, arranged training and educating programs in 30 provinces, recruited 20,000 volunteers for anti-spam work, and organized training sessions for 1,000 email server administrators in China.
6. Enhancing international cooperation and exploring new anti-spam channels
Based on self-discipline within the industry, efforts have been made to establish international cooperation, build up trust, draw up standards, solve the question of blacklists, and explore multi-lateral and global anti-spam cooperation. ISC has not only established relations with ITU, OECD, APCAUSE, and other international organizations, but also reached agreements on anti-spam memorandums with eBay, Microsoft, AOL, Yahoo and the Internet Society of Australia. It also signed the "Seoul-Melbourne Multilateral Cooperation Agreement of Anti-spam" with ACA and KISA. ISC maintains a long-term relationship of cooperation with KISA, regularly exchanging information and data.
ISC has carried out a thorough study on how to cooperate on anti-spam internationally. On July 12, 2006, KISA reported to ISC that some IPs from China often changed domain names and spread malicious codes by spam. ISC quickly checked them out, gathered witness evidence and had the spread of spam stopped.
In August 2006, ACMA reported that they had received a large quantity of spam sent from Chinese IPs. We looked up at more than 10 IP addresses that sent out spam around August 16, which also included business advertisements, drug selling, and gambling. ISC immediately contacted the IP-affiliated network companies and found the problem was caused by virus and open-relay. ISC helped the IPs owners to recover control of their servers and solve the problem.
In September 2006, the Internet Law Group from the USA asked for help in investigating a problematic IP under their attention. ISC responded actively and offered a quick feedback. Through these cooperative actions, more information on dealing email spam became available, and at the same time, China has made positive contribution to the international anti-spam effort, wining good reputation internationally.
Although China has done a great deal of work in regard to Internet security and anti-spam, and has achieved initial success, we clearly aware that various kinds of unsolicited electronic messages and many Internet problems are still interrupting netizens' lives and the order of the network. There is still a long way to go. We shall work harder, closely cooperate with international organizations and contribute more to the sound development of the global Internet.
|Profile of Mr. Huang Chengqing
Secretary General, Internet Society of China
Mr. Huang won his EMBA from Peking University. He used to work as assistant engineer at Beijing Wireless Communication Bureau, engineer of Telecom Administration of the Ministry of Posts and Telecommunications, section chief of the General Office of the Chinese Academy of Engineering, and section chief of the Telecommunication Bureau of the Ministry of Information Industry. In 2004, Huang took up the post of Secretary General of the Internet Society of China.
(China.org.cn November 29, 2007)