For years, China and Korea have been prime targets for hackers and spammers. In both countries, it's pretty easy for foreigners looking for proxies to use in attacks on computer users in the U.S. and elsewhere to hijack local computers. I've written my share of pieces about this (for instance, see this BW story). But it's been a while, and since last I heard companies like Microsoft and AOL were working with Beijing and Seoul to address the problem, I figured things were probably getting better and that the bigger problem from China was the country's role as a base for click fraud.
Wrong, according to Ken Lo, the security marketing director in Asia Pacific for Tipping Point, a division of 3Com that focuses on Internet threats. I spoke with Lo today and he says that the problem is only getting worse. When it comes to phishing, China is No. 1, with over 2 million sites, and Korea is No. 2, with 1.5 million. Coming in a distant No. 3 is Russia, with 638,000 sites. Lo blames protectionism in Korea, where he says the government requires companies offering Internet security programs to hand over their source code to the government. That "is as good as giving away your product," says Lo. As a result, Koreans are less likely to use foreign software from Tipping Point. Does that translate into inferior security? Lo says yes, but of course he works for Tipping Point, which has an interest in getting the rules changed.
As for China, Lo says the phishing phenomenon is simply a matter of neglect. "The main problem is that they are not at the same level of technology sophistication as the developed countries like Japan, Korea, Singapore, Hong Kong," he says. "China is a low-cost production country, so Internet security is not tops on their list of priorities." As I wrote last week here on the Asiatech blog, Hu Jintao is speaking out about cleaning up the Internet in China because of the government's fear that it's losing control of Chinese online. That's also why the Chinese press devotes so much attention to stories about Internet addiction amond Chinese youth. If phishing and other types of fraud are mostly outwardly focused and looking for victims overseas, then Lo is right, Beijing has other fish to fry. But with China on track to become the world's largest Internet country, there are tens of millions of Chinese going online for the first time, and many of them are prime targets for phishing scams. As the problem becomes a domestic one, Beijing might be willing to take some action.