China’s State Hackers Operate On The Darknet

keyboard_chinese_flag-100525260-primary.idgeThe Chief Information Security Officer for a Californian-based firm, DBI, which specializes in gathering intelligent information about criminal activities on the Darknet, has announced the existence of secretive marketplaces run by Chinese online spies. Ed Alexander said in a phone interview that these Darknet portals are where most of China’s state hackers do their part-time job, and then sell stolen information to the highest bidders. He stated that their primary allegiance is to China, apart from themselves.

DBI trains and administers Darknet investigators-for-hire who perform human intelligence operations (HUMINT) on the Darknet, with Alexander overseeing some of the world’s largest CyberHUMINT groups. Despite reports saying that China’s state hackers are sluggish and not well skilled, Ed begs to differ with this opinion. Instead maintaining they are the most technical people he has ever come across in his 10 years since running CyberHUMINT operations. Even hackers from other nations, such as Syrian Electronic Army, do not match their level of expertise.

There are two parts of the Internet that people use today, the most popular one which can be accessed by anybody is called Surface Net or Clearnet. It includes all sections of the web that are available on search engines. However, a more concealed side is also in existence known as Deep Web. It makes up 94% of all Internet activity including data which standard search engines cannot search.

Further within the Deep Web, there are hidden sites that can only be reached through specialized tools like the Tor browser; this part of the Internet is the Darknet. While there are few legit websites operating here, there are also online black market sites such as the now defunct Silk Road marketplace. However, DBI deals with an even deeper portion of the Darknet where it gathers intelligence information from private forums where real underground Darknet criminals conduct their business here.


DBI’s approach to investigating cybercrime is different from other intelligence gathering startups, most of which only retrieve data off from open Darknet forums. Moreover, DBI is currently the only company providing Cyber-HUMINT services for hire. With operatives already employed by Fortune 500 companies, military, law enforcement and intelligence networks worldwide.

Alexander compared the Darknet setting to that of a gang operating within the prison ecosystem. New entrants are not considered part of these gangs, but rather just outsiders peeking around. They remain oblivious to discussions taking place amongst organizations running the act. He further stated that DBI has the technology to see discussions targeting state and business networks, including data that has already been breached by hackers and sold to online bidders.

In China’s Darknet environment, public discussion forums are mostly used by less experienced hackers. The state hackers work on difficult to access marketplaces. Alexander said that these data thieves are state sponsored since some of them have divulged this information to his operatives.

10-most-notorious-hackers-of-all-time-400x282The state hackers use a 3-step, invites-only Darknet marketplace where users follow a laid down procedure before accessing the site. Interested prospective members must first be recommended by a known member, and then approved by site admin. Next, he should be backed by at least 5 trusted Darknet citizens of high status. Finally, every individual must prove that they own at least $100,000 worth of bitcoins in a virtual wallet and also demonstrate control over this particular account. It’s only after completing these steps that a new member can be allowed to shop and interact freely with other Darknet members.

Most data hacking clients are representatives from various countries around the world, with buyers sourced from international markets such as Russia and Iran. These Chinese Darknet hackers will sell their wares to any nation that has enough financial resources to purchase them, though they won’t conduct business with those working for terrorist organizations.

Stolen data can cost anywhere up to $75,000 depending on its significance, while access to a state or business network might reach even prices of $100,000. Additionally, if a client wants to hire hackers for a specific target they charge in excesses of $1 million. The CISO head further confirmed that most Chinese hackers run their Darknet activities as side projects.