TOKYO -- Users on the dark web in China trade hacking tips and other information that help drive a rising wave of data theft and other cybercrimes, experts say.
"Seeking people who can hack South Korean or Japanese websites. No need to reply if you don't have the technique or experience," said a post on a Chinese dark website. The request was discovered Jan. 25 by CNsecurity, a South Korean information security service provider.
The post listed job search and staffing websites as targets, including those run by Tokyo companies Mynavi and Recruit as well as Japan's public employment service network, dubbed Hello Work, according to CNsecurity.
The Chinese internet stands apart in a number of aspects, partly the result of authorities' attempts to shut out foreign information and platforms. This has given rise to a specialized online ecosystem inhabited by hackers.
Dark websites in China are unique in two ways, according to SouthPlume, the Japanese agency for CNsecurity. First, Chinese hackers communicate with one another through local social media. This creates what amounts to a members-only organization that differs from the general darknet, where websites are accessed only through anonymizing browsers such as Tor.
Chinese dark websites also lack the typical underground listings of drugs, weapons or child pornography. Instead, they mostly traffic in personal information and tips on hacking corporate sites, according to SouthPlume.
Mynavi reported in February that unauthorized logins were made for over 210,000 resumes on its website between Jan. 17 and Feb. 9, though the company said it had not confirmed that Chinese hackers were responsible.
Credit card fraud has increased in Japan since around 2017. This coincides with the surge in Chinese tourists visiting the country, though any link between the trends remains difficult to prove.
Sompo Risk Management, a unit of Japanese insurance group Sompo Holdings, has reported a July 2020 post in which an individual self-identifying as the head of a data analysis department at a listed Chinese company sought to trade leaked data.
Information on dark sites changes constantly, making it difficult to combat a data breach afterward.
"The only way for risk-minded businesses to deal with this is for each one of them to take some kind of preventive measures," said Toru Atsumi, a senior fellow at Sompo Risk Management's cybersecurity division.