Clouds of suspicion
Updated: 2014-10-02 07:58
By Cao Yin and Gao Yuan(China Daily)
"If a hacker collects and makes use of the data, it could pose risks to the privacy of many people, and even national security," Qi said.
The Internet dependency of industries, such as energy, telecommunications and healthcare, means enterprises are putting huge amount of information online, he said.
The growing popularity of e-commerce and smartphone payment apps means people could be exposing themselves to more risks.
According to a mobile payment safety report released by online search engine Baidu, more than 36 million mobile payment users in China had been exposed to high security risks as of June. The number of likely cybertheft victims accounts for around 18 percent of the country's total mobile payment users.
Attackers turned defenders
China's largest cybersecurity service company says it will combat online threats by attracting the best Internet talent, including former hackers.
People who have the ability to launch cyber attacks are also good at defending against such threats, said Qi Xiangdong, president of Qihoo 360.
"When security threats, including viruses or Trojan horses, appear in cyberspace, they can brainstorm to find ways to beat them," he says.
"The key to Internet safety lies in how to make them Web protectors, providing security services for users, instead of Web attackers," he told China Daily during a cyberspace forum held in Nanning in the Guangxi Zhuang autonomous region.
"Although, not all our cybersecurity talents are ex-hackers," he added.
Tan Xiaosheng, vice-president of the company, said in a previous interview that some hackers had decided they preferred a stable job and a peaceful life, "so we gave them the chance, hoping they can use their skills to protect the online environment".
Often called "white hats", they will study attacking methods, promote security software and provide protection plans for users, according to the company.
"Every link of the payment process, from a WiFi connection to the smartphone itself, has potential risks that could turn a normal online shopping transaction into a dangerous hacking case," the report said.
App-based mobile payments are more risky than payments made on a PC, said Qi, as "customers find it almost impossible to tell if an app is malicious".
Beijing Rising Information Technology Co Ltd, a Web safety company, which has released a product to protect near field communication services, says NFC is used in more payment scenarios nowadays, and bankcards and smartphones equipped with NFC could potentially be hacked on buses or in shopping malls for instance.
Fred Cohen, a US computer scientist known as the inventor of anti-virus techniques, said the Chinese Internet security industry should work with the rest of the world to build a global online security standard.
"Web attacks are a universal problem, global security players should work together to tackle security threats," Cohen said.
The Cyberspace Administration of China, the nation's top Internet authority, has also highlighted cooperation to push forward cybersecurity.
"If the Internet is not secure, it will lose energy. So we'd like to cooperate with other countries to fight against online threats, learning from others' experiences of privacy protection," said Lu Wei, the authority's director.
Security specialists are also calling on the legislature to draft a law on personal information protection.
"The current legal provisions are too general. They cannot catch up with the Internet's fast pace in this era," said Jiang Kaida, a cyber security analyst from Shanghai Jiaotong University.
However, such a law seems not to be on the legislature's agenda so far.
"So we must be more careful when we upload information on the cloud and enhance security awareness," said Qin Xiongning, a security researcher at China Telecom's Guangxi branch.
Qin suggested that people read contracts carefully before they download an app and avoid using the same password for different accounts.
Contact the writers at firstname.lastname@example.org and email@example.com