In China, Cybercrime Underground Activity Doubled In 2013

China has become infamous for politically motivated intelligence gathering, but new research from Trend Micro shows that a financially motivated, politically independent cybercrime underground is alive and growing behind the Great Wall, as well.

The new report shows that Chinese cybercrime underground activity doubled between 2012 and 2013. According to Trend Micro CSO Tom Kellermann, it has likely tripled since then.

Further, Kellermann says, these criminals are not just targeting victims in other countries. The targets include "the bourgeois, nouveau-riche Chinese elite who have profited from capitalism" in a country with a dwindling middle class.

The Chinese government "has been focused externally... on information dominance and espionage," Kellermann says. The technological skills cultivated by the country's leaders are coming back to hurt them in the form of new cybercriminals "who are not beholden to the regime. They believe money is God and believe that crime has evolved with technology."

Other recent Trend Micro research shows that the Chinese underground is largely focused on mobile device/services attacks -- Android-based products in particular -- and charges customers a premium for that work.

The most sought mobile crime products and services are SMS spamming, premium service numbers, and SMS servers. SMS spamming is relatively inexpensive, ranging from $50 for 5,000 text messages ro $460 for 100,000 messages. Premium service numbers -- used to subscribe mobile users to unwanted services and charge them a fee for it -- run from $2,500 per year to $36,000 per year. SMS servers -- radio frequency hardware that forces nearby phones to disconnect from legitimate base stations and connect to the attacker's SMS server instead -- cost $7,400.

The reasons for the higher price tags, says Kellermann, are that mobile attacks require more creative code and can offer bigger payoffs. For one thing, mobile payments are more popular in Southeast Asia than they are in the United States, which makes mobile devices more attractive.

"I'd pay more" for mobile attacks, "because I can hack your life," he says. "If the [mobile] device is an extension of yourself, then I can hack you."

In comparison, the most popular nonmobile attack tools are quite affordable. DDoS toolkits can be rented for $81 per month. RAT "licenses" range from $97 to $258 per year, depending on the software. Even the new DNS attack services cost only $323.

The attack products and services appear to be sophisticated and professional. However, the methods the criminal marketplace uses to communicate are not.

The communication tool of choice is QQ groups, a feature of the QQ instant messaging app. Unlike most organized criminals in Eastern Europe, who often rigorously vet customers before working with them, these Chinese groups make themselves quite available to the general public. A simple search of QQ groups turns up results like the "China DDoS and Hacking Service Group."

Download the full report here.