Subscribe to our newsletter

     By signing up, you agree to our Terms Of Use.


    • About Us
    • |
    • Contribute
    • |
    • Contact Us
    • |
    • Sitemap

    Chinese Hackers Behind World’s Worst Cyberattack Arrested

    Suspects earned nearly $12 million from hijacking web browsers on an estimated 250 million computers.

    Eleven hackers have been arrested in Beijing for unleashing a virus known as “Fireball,” Beijing Youth Daily reported Tuesday. Worldwide, the virus has ravaged hundreds of millions of computers, hijacking users’ web browsers and generating millions of dollars in ad revenue.

    Tipped off by a netizen from a community of civilian whistleblowers on June 3, the Beijing police arrested 11 suspects, nine of whom they plan to charge with the crime of “sabotaging computer systems.” The suspects, all of whom reportedly work for Beijing-based digital marketing company Rafotech, are believed to have earned more than 80 million yuan ($11.8 million) from tampering with web browsers on some 250 million computers, mostly in Indonesia, India, Brazil, and the U.S.

    According to Check Point Software Technologies Ltd., an Israeli internet security company that reported on Fireball on June 1, the virus is estimated to have infected 20 percent of corporate networks worldwide, making it possibly the largest malware infection of the digital age. Now that Rafotech has obtained troves of sensitive corporate information, Check Point wrote, the possibility that they could abuse it for profit is hard to ignore.

    Sixth Tone was unable to find an official website or contact information for Rafotech or its employees on Tuesday afternoon.

    “Even without the user’s permission, Fireball can change their home page or open a new browser tab,” Liu Haisu, an anti-virus specialist from Chinese internet security company Qihoo 360, told Sixth Tone. “This is why it’s important to download software through legitimate channels or official websites.”

    But many net users find it hard to differentiate between legitimate and illegitimate channels. In May of this year, the “WannaCry” ransomeware virus, transmitted via a seemingly harmless email attachment, locked and held hostage 400,000 computers worldwide.

    Fireball, on the other hand, can be found in installation packages containing legitimate software. Once installed, it imbeds malicious codes that open the system up to hackers, who can then alter or lock browser settings. Users may be directed to fake search engines that are nearly indistinguishable from Google, Yahoo, or others they recognize. With each search, their activities, habits, and preferences are monitored, and used to generate personalized ads that can prove lucrative for hackers.

    In March 2017, the Ministry of Public Security launched a mission to crack down on hacking and other cyber-crimes that violate netizens’ privacy. Since then, 4,800 suspected hackers have been arrested, and over 50 billion entries of personal information were saved from abuse.

    Perhaps the suspects believed they could escape punishment since most of their victims were overseas, Ding Dalong, a lawyer specializing in criminal law, told Sixth Tone. “But as long as they are engaged in illegal activity on Chinese soil, they’ll be held accountable according to Chinese law — which in their case should amount to at least five years in prison,” he added.

    Editor: David Paulk.

    (Header image: Moment Mobile/VCG)