School's Out for Chinese Hacker College

In what's being labeled the biggest hacking bust in the history of China, police in the Hubei Province arrested three people and seized several computers and servers, a car, and 1.7 million yuan ($250,000). The three arrested were allegedly involved in a web site known as the Black Hawk Safety Net (www.3800hk.com) which sells courses in cybersecurity, aka hacking. According to officials, the site has made around $1 million since it started in 2005. It does not appear that the individuals arrested have been accused of actually hacking, just in distributing materials that would aid in hacking.

These arrests appear to be based on Article 286 of the Criminal Laws of the People's Republic of China. The law reads in relevant part (English Translation pulled from Congressional Executive Commission on China):

"Whoever intentionally creates or spreads destructive programs such as the computer viruses, thus affecting the normal operation of the computer system, if the consequences are serious, shall be punished in accordance with the provisions of the first paragraph."

The law seems to outlaw creating or implementing a virus in a computer or network, but the language is sufficiently vague (at least by this translation) to potentially criminalize knowingly or unknowingly supporting illegal activity by distributing such software. This law went into effect in 1997, and from my research, has never been applied against a website teaching cyber-security or hacking nor distributors of hacker tools such as trojans, port sniffers, viri, spoofing software...etc. China has been developing a reputation as a haven for hackers, and possibly even sponsoring cyberwarfare. Interestingly, it was only days after Google complained about Chinese hackers using elaborate systems to target Chinese dissidents and civil rights leaders through Google's systems that China made this public show of clamping down on cyberterror. One might even say, by the looks of things, that China was looking for a scapegoat.

As an interesting aside, Black Hawk Safety Net appears to have catered primarily to hackers interested in financial fraud and not so much to patriotic hackers, such as the ones Google complained of and that China has been accused of supporting.

For the full press release, see China Daily.

Terrorists & Texas (hold 'em), Gambling and Terrorist Finance

At the recent conference Combating Cybercrime in Betting and Gaming 2010, a number of interesting topics were covered. Of particular interest to the author of this blog was the coverage of terrorist utilization of the internet for fundraising and money laundering. In an example of cyberterrorism, online gambling sites were used by three men, who were also accused of inciting terror, to launder millions of dollars that had been stolen through online check fraud and identity theft schemes. Apparently the men had used multiple accounts to move money through the online gambling sites to conceal the identity of the money. Allegedly, they continued these operations while in jail! According to a reporter from The Register, at least 23 investigations are ongoing into the use of online gambling sites to finance terrorism.

For those interested in learning more about these issues and others surrounding online terrorist financing, I am publishing as part of this blog entry a paper I authored on the subject, Internet Financial Crimes: Practical Solutions for a Growing Problem.

Chinese Crackdown on Organized Crime

In the eclectic political and economic system of China, a significant crackdown on organized and white collar crime has been in the works for the past few years. China's rich history from dynastic monarchies, a repressive communist revolution, to a capitalism-infused modern economy has long had a connection to the powerful semi-criminal organization commonly referred to as the Triad. In fact, underground groups were a powerful force in the overthrow of the dynastic system in China at the beginning of the last century. Has this relationship finally come to an end or are we witnessing a cleverly crafted charade?

A monumental, if not the most significant, development in China's crackdown on organized crime occurred Tuesday, with the beginning of the trial against Wen Qiang, the former head of police for the city of Chongquing. Wen Qiang is accused of looking the other way for gangs in his city, along with actually being an active participant in activities such as rape and embezzlement to the tune of 16 million yuan. If convicted, Wen Qiang could face the death penalty. Is this a turning point in China's growing corruption problem or just a symbolic movement? Only time will tell.

Patriotic Hacking (Or Maybe Just Pranking), Cont'd

After Obama's State of the Union Address, Brazilian hackers defaced around 50 U.S. government sites, placing expletive containing messages against Obama on each site. These sites primarily serve the House of Representatives, and were undergoing routine maintenance which briefly exposed the sites to attack. That was all the time these vandals needed to heckle these politicians.

One might wonder what the intentions of such an attack might be. Certainly there was a denunciation of Obama, but it only a petty insult without any serious criticism of the President. The majority of the message posted was a graffiti-esque signature of the vandals. Probably not a serious threat to national security, but certainly a bit troubling considering who was compromised.

Hacking as a State Institution: the Google/China Debacle

The situation Google faces in China, with patriotic hackers (possibly even state sponsored) causing trouble for Google subscribers, some of whom are Chinese dissidents, presents a unique example of a synergistic interaction between cyber-criminals and government regulators. The United States has had similar groups emerge, such as vigilante anti-terror hackers, some of which still operate (for an interesting read, click here). Are we seeing some of the first acts of a new class of hackers? Could these be the field exercises of a new cyber-army? Certainly only time will tell.

Google's response should be interesting too. Will they withdraw as threatened and let domestic search engines like Baidu take over? Or will they launch resistance efforts in China? Maybe nothing will change. Once again, only time will tell, but if you would like to hear a prediction from The Modern Bandit here it is: we haven't heard the last from our patriotic Chinese friends.  

The Florida Bar & Blogging

As some of you may have noticed, my postings to the blog have slowed in recent months, and had come to a stop at the beginning of this year. This was largely due to changes in the Florida Bar's rules regarding attorney advertising that were made effective this year through rule 4-7.6 (the Florida Supreme Court adopted the rules here). Many commentators have expressed fears that these rules would effectively halt legal blogging, and in my case they did, at least temporarily. For those interested, Lyrissa Lidsky, faculty at the University of Florida, has written on the topic here.

After researching the amendments, it is my opinion that my blog does not fall within the scope of the rules (due to being an educational, not advertising blog), but even if it did fall within the scope, I don't believe it violates those rules. Arguably the blurb on the right hand side of my blog about me could be a nominal violation of rule 4-7.6 by way of rule 4-7.2 once I begin practicing law because it could possibly be considered a "statement that characterize[s] the quality of legal services being offered." However, a simple description of one's credentials I don't believe is what the bar intended to prohibit (in the context of prohibiting "information regarding past results" and "testimonials" it appears "quality" means the excellence of an attorney as opposed to an attribute of the attorney, but I could be wrong, we'll see).

If any of you ethicists or bloggers believe that I have it wrong, or wish to contribute, feel free to post a comment at the bottom of this post or email me at charlie@modernbandit.com.

P.S. If any Bar admissions people are reading this post, please don't fail me for my blog. This is in no way a criticism of the Florida Bar, but seriously, couldn't you just make an explicit exception for educational legal bloggers?

New Cyber Security Czar

The Obama administration named Howard A. Schmidt, a former Bush cyber security advisor, as the cyber security chief last Tuesday, December 22, 2009. Schmidt, an accomplished cyber security expert, having worked for the Air Force, eBay, and Microsoft, has a lot of experience to offer. This nomination is part of President Obama's campaign promise to make cyber security a priority. Though the economy, national security issues, and healthcare have slowed efforts to address cyber security, hopefully Schmidt will bring beneficial momentum to this priority.