China Internet Security Analysis And Anti-Spam MeasuresⅠ

I. China Internet security: analysis and suggestions
Statistics released by the China Internet Network Information Center show that, in June 2007, in China's mainland, there were 162 million Internet users, 1.31 million websites and 67 million online computers, and the total bandwidth at the international gate reaching 305Gbps, which represented an increase of 18 percent, 66 percent, 23 percent and 46 percent respectively over those in the same period of the previous year. According to CNCERT/CC's statistics, by June 2007, CNCERT had received 645 phishing reports and 452 spam-mail reports, and had detected 10M Trojan hosts and 28,367 times of web defacement, which showed an increase of 142 percent, 33 percent, 4,193 percent and 391 percent respectively over those in the same period of the previous year. The data indicate that China's Internet industry is fairly large in scale, but at the same time it faces obvious security problems. Many Internet users lack the basic security awareness and protection skills, and consequently many online computers have become victims of hackers.

CNCERT found that, in the first half of this year, Internet attacks in China were mainly from local sources (34 percent), while the rest came from the USA (20 percent), South Korea (12 percent), Japan (8 percent) and China's Taiwan (5 percent). Web defacement incidents happened 28,367 times, an increase of 16 percent as compared with the figure of the entire year of 2006. Of them, 1,585 times of web defacement, or about 6 percent, were aimed at governmental websites. Computers with more than 3 million IPs were planted with Botnets controlled mostly by overseas servers totaling 8,361, specifically 32 percent from the US, 5 percent from China's Taiwan, and 7 percent from South Korea. About 1 million computers lost control to Trojan horse virus from 78,000 oversea servers, of which 42 percent were located in China's Taiwan, 25 percent in the US, 6 percent in South Korea, 5 percent in Europe and 4 percent in China's Hong Kong. According to APWG's reports, 4,512 phishing sites had been found in China's mainland in the first half of 2007. Meanwhile, CNCERT/CC had received 645 phishing reports and successfully solved 222 cases. Most incidents were reported by five US companies.

Currently, there are mainly two categories of problems China now faces. Firstly, laws and regulations on Internet security management and against cyber crimes are not yet perfect, and there is no specific law in regard to Internet information security. The existing laws and regulations are seriously behind the time, and fall short of serving as adequate basis for solving practical problems. Secondly, there are underground business transactions conducted by unlawful dealers. According to surveys, the underground business chain includes a number of links ranging from malicious coding and distributing, collecting/controlling victim computers, profiteering through the use of victim computers and underground trading platforms. Malicious code distribution may take the forms of junk mails; websites embedded with code and IM, victim computers collecting/controlling through Botnets and Trojan horse networks. Ways of making money through victim computers usually take the forms of hiring hackers to launch DDOS attacks against competitors, distributing commercial spam mails, phishing websites, reporting on false hits, and stealing and selling accounts/passwords and other private information. As Internet itself can be used as the best underground trading platform, all of the above can be negotiated for trade on this platform.

Because of the rapid advancement of hacking techniques and Internet incidents mostly being cross-border and highly concealed, it's technically rather difficult for the relevant departments to deal with the incidents, and the cost is very high to monitor and investigate into these incidents. Punishment on cyber crimes based on existing laws and regulations is very inadequate. At the same time, because of the large size of China's Internet industry, the available resources and law enforcement capacity of the government for Internet security management is rather insufficient.

Despite the problems and difficulties, there are still much that we can do. They are mainly in four aspects:
Firstly, cooperation should be strengthened between the Internet operation management departments and the law enforcement departments. Seminars attended by people in the industry and from law enforcement departments may help push for the establishment and improvement of relevant laws and regulations. The Internet operating and technical departments may actively assist the public security departments in dealing with cyber crime cases and cracking down cyber crimes.

Secondly, a multi-departmental cooperative mechanism on Internet security management should be introduced, and the Internet security emergency response system should be improved. It's necessary to set up fast and effective emergency response channels and an efficient work process among governments, CNCERT/CC, ISPs, and security vendors.

Thirdly, efforts should be continued to do technological research and to build technical platforms.

Fourthly, active participation in international cooperation schemes, such as APEC-TEL, ITU, FIRST, APCERT, and NSP-SEC should be pursued.

Since the Internet has no boundaries, it's rather difficult to effectively deal with Internet incidents by individual country or region alone. We therefore suggest that all participants cement a relationship of trust and form stable international cooperation, not only at the management level, but at the actual operational level, to conduct specific technical cooperation and emergency response coordination. We also wish to improve communication and exchanges among us, so as to build a trustworthy Internet together.

II. The anti-spam: situation and measures
The flood of spam has become a common problem requiring global efforts for solutions. China has conducted continued attacks against spam with comprehensive measures, and has achieved remarkable results.

According to a report of SOPHOS, the amount of spam sent out from China dropped by 8.5 percent in the third quarter of 2007 as compared with that in the same period of the previous year. In 2007, China was the most successful in anti-spam in the world.

Survey conducted by the Internet Society of China shows that in the third quarter of 2007, the amount of spam received by Chinese netizens accounted for 55 percent of the total of emails received, a decrease of 4 percent as compared with that in the same period of the previous year.