[ISN] 12 detained or punished over fabricating massive leak of online personal data

From: InfoSec News <alerts_at_private>
Date: Wed, 11 Jan 2012 04:32:59 -0600 (CST)

January 11, 2012

BEIJING, Jan. 10 (Xinhua) -- Four people have been detained by police 
and eight others punished after they were found guilty of fabricating a 
massive leak of online personal data by hackers over the past month in 
China, the country's Internet watchdog announced Tuesday.

China's leading anti-virus software provider, Beijing-based Qihoo 360, 
claimed in late December that the personal information of more than 6 
million users of the China Software Developer Network (CSDN), the 
country's largest programmers' website, had been leaked by hackers. That 
raised concerns about web security and triggered widespread panic.

The company said the leak included user IDs, passwords and e-mail 
addresses in clear text. The hacking case later escalated after the 
personal details of subscribers to more websites, including popular 
online shopping, gaming, social networking and even financial 
institution sites, were said to have been leaked.

However, a police investigation into the cases has found that most of 
those websites had not been attacked by hackers at all over the past 
month, or that they had been attacked without their subscribers' 
information being leaked, a spokesman with the National Internet 
Information Office said Tuesday. The leaks were merely a fabrication.

Police have cracked 12 such cases, nine of which involved insiders 
working for the companies stealing and illegally selling online personal 
data, and three of which involved a fabricated information leak, he 

Four people have been detained and eight others received formal 
admonishments in punishment according to the country's public security 
regulations, he said.

In the CSDN case, a 19-year-old jobless man surnamed Xu was found to 
have faked a large-scale leak of personal data just to "show-off," and 
he had received "admonishment" from the police, the spokesman said.

As for the leak of some users' passwords on a few well-known social 
networking websites, such as Sina Weibo and www.kaixin001.com, police 
found that hackers decoded the passwords through guesswork and the 
personal data banks of the websites had not actually been attacked, he 
said. Police have confirmed the identities of the hackers and are 
hunting them, he said.

China has the world's largest online population, with the number of 
Internet users reaching 485 million by the end of June last year, 
according to the China Internet Networks Information Center (CNNIC).

In the first half of 2011, 217 million Chinese Internet users, or 44.7 
percent of the country's total online population, were attacked by 
malware, including viruses or Trojan horses, and 121 million had the 
experience of having their accounts or passwords stolen, CNNIC data 

Last month, authorities in Beijing, Guangzhou and Shenzhen launched an 
Internet supervision measure requiring local microblog operators to 
implement real-name registration requirements for users, a move designed 
to curb online rumors and enhance social credibility.

"It can be seen from the recent cases of personal data leaks that they 
fabricated such information for different purposes, such as for showing 
off, defrauding others of money, promoting their web security products 
or disturbing and disparaging the real-name registration move," the 
spokesman with the National Internet Information Office said.

"The National Internet Information Office, the Ministry of Industry and 
Information and the Ministry of Public Security will severely punish 
those who attack websites and leak personal information or fabricate and 
spread rumors in this regard," he said.

"We will continue to take effective measures to protect the security of 
online personal information. The website operators should enhance their 
anti-virus and anti-hacker capabilities and guarantee the information 
security of their subscribers," he added.

Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
Received on Wed Jan 11 2012 - 02:32:59 PST

This archive was generated by hypermail 2.2.0 : Wed Jan 11 2012 - 02:38:36 PST