Cyber-threats to China's
e-commerce By Frederick W
Stakelbeck Jr
It has been several years
since Chinese businesses first tried to persuade
their customers to use the Internet to conduct
electronic transactions. Since that time, Internet
use in China has expanded dramatically and is
expected to continue its meteoric rise.
According to the China Internet Network
Information Center's 15th Annual Statistical
Survey Report on the Internet Development in
China, released last January, some 94 million
Chinese citizens had access to the Internet by the
end of 2004, up 18% from the previous year. In
December 2004, Internet research firm e-Marketer
noted in its China Online Report that China will have
more
than 200 million Internet users by 2008, with an
additional 700 million to 800 million users
connected at some point in the next decade. The
day when China has more netizens than the United
States has citizens is not far away, according to
these projections.
But even as usage
numbers spiral ever upward, tangible threats from
cyber-criminals in the form of phishing attacks,
spam, adware and spyware have also materialized -
placing added pressure on the country's emergent
e-business sector and nascent online consumer
population.
In general cyber-crime, or
online fraud, occurs in series of steps or stages.
In the first stage, cyber-criminals establish a
functioning electronic apparatus that includes
code writing, counterfeit e-mails and illegitimate
websites. The second stage involves the targeting
of unsuspecting online consumers who are then
tricked into providing authentication data,
usually a proprietary account number or password.
Finally, cyber-criminals surreptitiously use the
information collected to access the victim's
account, government databases or business records.
Recent high-profile security breaches at
some of the world's largest and most complex
institutions have raised new concerns among
China's business community and online consumers -
generating important questions as the country
moves slowly to adopt a more diverse e-commerce
environment. "We are very concerned about how
Chinese consumers perceive these incidents. We
really hope security breaches will not thwart our
efforts in nurturing China's markets," one
business spokesman said.
To the dismay of
the country's information-technology (IT) experts,
however, a series of diverse, well-coordinated and
malicious cyber-attacks on the country's sensitive
e-commerce infrastructure may have already begun.
A joint survey of 700 Chinese IT experts,
conducted last year by Accenture Global
Information Security and InformationWeek, showed
that 79% of Chinese businesses had been victimized
by viruses and 70% had been by attacked by
computer worms. Both pose serious threats to the
country's immature e-commerce infrastructure.
Other unresolved issues are contributing
to an increase in the country's risk profile. In
November, industry experts noted that many of the
new office buildings, research parks and other
projects rising throughout China are not keeping
pace with Internet threats, making them soft
targets for online hackers. Critical
vulnerabilities in instant messaging programs, Web
browsers, file-sharing applications, operating
systems and media players continue to threaten
China's developing e-commerce enterprises.
"Attackers are now targeting the whole
range of applications that users are installing on
their systems," said Alan Paller, director of
research at the SANS Institute, a leading Internet
research and security organization.
To
combat threats from a growing cadre of
well-organized cyber-criminals, Beijing has taken a
proactive and targeted approach, calling together
some the world's most experienced IT experts to
discuss ways to mitigate cyber-crime. At the 17th
annual Asia-Pacific Economic Cooperation forum
held in Busan, South Korea, in November, the APEC
Privacy Framework was endorsed by China and the
ministers of the other 20 member countries and
territories.
In principle, the APEC
Privacy Framework provides guidance for businesses
in APEC member economies concerning information
management and the development of business model
strategies with the hope of improving information
sharing among government agencies and regulators.
As a result, the global transfer of information
among economies is better secured - adding trust
and confidence in the world's e-commerce
marketplace.
"Our economy is dependent on
having functional information networks, and the
APEC Privacy Framework boosts the security and
integrity of this vital infrastructure," noted US
Under Secretary of State Josette Shiner.
In addition to the important work of APEC
in the area of cyber-crime, privacy and
information sharing, China's most important
anti-spam summit to date was held in September, to
discuss topics such as unsolicited e-mail, the
development of effective e-commerce legislation
and standards, and ways to promote international
cooperation. Attending the Beijing summit were
delegates from America On-Line, Microsoft and
Yahoo, as well as delegates from China Telecom,
China Netcom and China Mobile. Chinese Internet
regulators continue to discuss other areas of
importance, namely the development of a secure
supporting network infrastructure for the
country's domain-name registry, the creation of an
information-security indexing system, and the
publication of several annual reports for the
information-security industry.
Recognizing
the ominous threat posed by cyber-crime, Chinese
businesses have accelerated their investment in
online fraud-mitigation programs - spending
hundreds of millions of US dollars to upgrade
computer systems and educate staff. In this
regard, international giants such as IBM and
Germany's SAP have been called upon to provide
detailed training to a variety of Chinese
businesses seeking to use the Internet as a
catalyst for growth. In addition to efforts by
Chinese businesses to promote a sound e-commerce
environment, the development of two-factor
authentication systems, the creation of targeted
fraud-mitigation units within business lines, and
the development of consumer/government/industry
alliances and partnerships will also be necessary.
At the highly charged World Summit on the
Information Society held in Tunis in November,
United Nations Secretary General Kofi Annan called
on the 23,000 participants to recognize the
Internet and information technology as means to
build a better life for all people. "There is a
tremendous yearning, not for technology per se,
but for what technology can make possible," he
told delegates from the 170 countries gathered.
To meet Annan's vision of a universally
benevolent and interactive Internet, today's
Chinese businesses, consumers and government
policymakers will need to work in unison to
protect the integrity of the country's emerging
e-commerce infrastructure. Without clear and
decisive action to mitigate the threats posed by
online fraud, future generations in China may
never experience the full benefits of the
Internet.
Frederick W Stakelbeck
Jr is an expert on bilateral and trilateral
alliances as they relate to China's foreign
policy. His writings address the implications of
China's emerging regional and global strategic
influence and relationships upon US national
security. Comments can be forwarded tofrederick.stakelbeck@verizon.net.
(Copyright
2006 Asia Times Online Ltd. All rights reserved.
Please contact us for information on sales, syndication and republishing
.)
