CHINA> National
Hackers face jail term under new law
(China Daily)
Updated: 2008-12-23 07:28

Hackers who steal data or manipulate a huge number of computers face jail terms of up to seven years under a proposed amendment to the Criminal Law.

Those who offer intruders software or tools face similar penalties, according to the draft of the 7th amendment to the law submitted to the National People's Congress (NPC) Standing Committee, the top legislature, for its second reading yesterday.

If passed, these will be the first legal tools to fight increasing data theft from civil-use computers in China, which has the world's biggest online population of 290 million.

The existing Criminal Law stipulates punishment only for intruding into networks of governments, national defense or leading science sectors; or altering the functions of personal computer systems.

The proposed penalties also apply to Chinese hackers who steal information from foreign computers, Zhou Guangquan, a member of the NPC's law committee and a professor in criminal law at Tsinghua University, told China Daily.

He said the law makes it clear that if either the crime or its consequence occurs in China, it shall be subject to Chinese law. "Even if the crime has nothing to do with China, but the criminal is a Chinese citizen, it also falls under the law's jurisdiction," Zhou said.

Li Shishi, deputy director of the NPC law committee, said the latest changes were made at the request of the Ministry of Public Security (MPS). "The ministry said many unscrupulous people have been found hacking computers to steal account numbers and passwords, or to remotely control them," he said.

"These actions are a big threat to online security, and we consider it necessary to define them as crimes."

A reference document submitted by the criminal-law office of the NPC Standing Committee's legislative affairs commission makes it clear that online service account numbers and passwords, especially those of games and banks, are the most popular targets for hackers.

For example, the document says, more than 20,000 online game accounts are stolen every day in Hunan province alone. The current market value of a game account is about 10 yuan ($1.46).

Shi Xiaohong, chief technician with 360.cn, a leading online safety company in China, said hackers usually do not change or cancel the information, but resell it to other people to make profits - thus falling outside the ambit of the current law.

"The most common way to steal information from a personal computer is to put Trojans on a certain web page. When a surfer opens the page, the Trojan is automatically installed into the computer," he said.

"Most of these Trojans are used to steal information or remotely control the computers."

In May, police handled an online crime in which more than 3.8 million computers were invaded, according to the reference document from the NPC.

These computers, called "corpse computers", are often used to send massive amounts of spam or to launch a focused attack against a certain network to make profits.

Shi said the spread of Trojans and malicious software has exploded since the latter half of last year. So far this year, 360.cn has intercepted 8.8 million Trojans and malicious software, about 10 times the figure in 2007.

"The writing and spreading of Trojans, as well as the selling of stolen information, have become a complete business line," he said.

Figures from the MPS show that the Internet supervision bureau has handled seven major Trojan cases this year, and suspects in each of case made at least 10 million yuan ($1.46 million) by merely selling Trojans. The bureau estimates that in all the seven cases, the illegal profit by selling information stolen by the Trojans is more than 2 billion yuan ($290 million).

Yu Zhigang, an online-crime scholar at the Chinese University of Political Science and Law, said the absence of appropriate laws is behind the rampancy of such crimes.

"The clear definition of such actions as crimes will deal a heavy blow to this underground industry," he said.

However, because of the very nature of online crimes, where it is difficult to obtain evidence, police may still find it hard to handle such cases even with legal backing, said Xu Min, a safety expert with an Internet security company in Nanjing, Jiangsu province.

"To root out such crimes, both the police and the public should learn more about the Internet, and raise their awareness of suspicious online activities," he said.