Chinese police have detained a gang of hackers, certificate forgers, and personal data collectors, believed to be responsible for attacks on 185 government Web sites to manufacture and sell fake certificates ranging from medical care to financial services.
China Daily reported on Thursday the suspects allegedly hacked into sites managed by authorities in 30 provinces, municipalities and autonomous regions. Chen Xiaoping, head of Jieyang police's cybercrime unit, said the group tampered with official databases such that if anyone looked up a particular person's certificate details, it would reflect the hacker group's client instead of the original owner.
This caused "great damage to the image of the government", added Xie Yaoqi, director of the public security bureau in Jieyang, in the report.
China Daily reported the crackdown began when the city's office of personnel and examinations reported an attack on its site on Dec. 8, 2011, after finding a link had been illegally added. This led police to seven suspects who sold fake certificates in Nanjing, Jiangsu province and Heyuan in Guangdong, and subsequently the discovery of a network of hackers, certificate forgers, advertisers, and personal data collectors scattered across at least 12 provinces in China.
As of Jul. 12, police have arrested 165 people, confiscated more than 7,100 fake certificates and at least 10,000 fake seals, and are still searching for more syndicate members, the report added.
Chen said 14 principal suspects from the gang were under the age of 30, with the youngest aged 18. "They have a strong idea on how not to get caught," he said. "They used overseas servers and bank accounts of strangers, whose details were bought online."
He noted that hackers attacked government sites to show off their skills in the past, but now do so to make money. The fake certificates were sold between 4,000 yuan (US$632) and 10,000 yuan (US$1,580), and generated profits of more than 300 million yuan (US$47,409), the article stated.
The large-scale hacking of government sites has exposed a huge market for fake certificates in China, it added. Jieyang police claimed more than 30,000 people bought fake qualifications made by the gang, including medical care, financial services, and architecture.
Xu Jianzhuo, from the Ministry of Public Security's network security bureau, called for stricter supervision in addition to police intervention to tackle, including laws and regulations to strengthen the obligations of Internet service providers (ISPs) to verify users' information.
Collecting evidence for cybercrimes is difficult and the real-name registration rule has not been genuinely put into practice, so users can still register with a fake name and ID number which would not be verified by the online service provider, he added.