Chinese e-commerce sector main target of cybercriminals

China's real-name rule for online activities has made e-commerce sites more attractive targets, as cybercriminals see identity theft as opportunities for monetization and masking online fraud activities.

SINGAPORE--Chinese e-commerce companies are the main victims of the country's cybercriminals, who are on the lookout to steal identities for monetization purposes and fraud activities, because of the country's real-name rule.

According to John Ellis, director of enterprise security at Akamai Technologies, e-commerce is the most widely targeted industry in China by cybercriminals within the country. The sector is booming and growing rapidly in China generating a lot of revenue for the country, he noted, in an interview here Thursday.

China's e-commerce market had brought in US$928 billion in trade by the end of 2011 , representing 12.5 percent of the country's gross domestic product that year. China has also laid out plans to drive the value of online shopping to US$2.86 trillion by 2015 .

The fast growth of e-commerce companies has also made them victims of cybercriminals, who often use SQL injection attacks to gain access to personal information such as credit card details, he explained. Their intent is to sell them for profits and use them for fraud activities, Ellis said.

Identity theft and cloning is a "big business" in China, he observed. These identities are being sold in underground forums , to organized crime syndicates and other organizations for commercial purposes such as telemarketing, he said.

The stolen identities are also being used to commit fraud, since using someone else's identity is a "fantastic way to mask your fraud activities", he added.

These identities also have a short lifespan and are disposable after they emerge in credit tracks or the credit card has been blocked, so the time for cybercriminals to use this information is limited, he remarked.

China real-name rule gives rise to identity theft
This is a result of China's online real-name rule  whereby citizens have use their real name and identification number, in order for them to perform things online such as transactions and posting on social media sites, Ellis explained.

While this rule had been implemented for the Chinese government to trace people who post statements against the government on social media sites, it has led to widespread online theft and cloning as cybercriminals saw the opportunity to profit from them and use them to hide their true identities, he added.

A study by Beijing Rising Information Technology in July also revealed a large number of hackers are now eyeing e-transaction services for their own illegal gains  as online shopping and banking become increasingly popular in the country. For instance, a virus specially designed to steal private information from third-party promoters on online shopping sites are among the top 10 most detected viruses.

Government revises policies, companies tighten security
Moving forward, the Chinese government needs to look beyond the real-name rule to improve IT security and attribution of citizens on the Internet, Ellis advised.

Currently, the government has "weak dialogue" with the IT industry, which has not accepted some policies implemented by the government, he explained. They need to re-examine these policies and the practical implications around them, making it clearer to protect citizens' personal data, he said.

As for e-commerce companies, they need to examine how to secure credit card information better, Ellis said. He observed that IT security practices in China are still very much rooted in traditional practices such as perimeter defenses and e-commerce companies need to start thinking differently.

They have to understand the payment applications, ensure sensitive information are not stolen and not assume that all consumers connecting to their system are safe, he explained.