Cybercrime Statistics: What Are The Chinese Counting?

Posted on 30 July 2012 by

4


Over the weekend I read a piece in the US version of China Daily on some of the cyber crime issues being faced by China. The article reveals some interesting statistics about what China considers to be cyber crime.

Apparently, in addition to traditional cyber criminal targets such as account details and personal information, the Chinese Ministry of Public Security is seeing increases in online sales of illegal firearms, ammunition, wiretapping devices and fake professional certificates.

Long-time readers of this blog may know that in addition to law enforcement work, we’re regularly engaged in corporate cyber incident response consulting services, in which we see attacks coming out of China targeting American and European firms. So it is with no small amount of ironic bemusement that we address the issues of Chinese domestic cyber criminal activity.

But since we’re constantly calling for metrics in the fight against cyber crime in the US, it is highly telling to see that the Chinese MPS at least makes the claim that:

(a)  it has a definition of what is cybercrime (we ourselves do not) and

(b) apparently, the Chinese government tracks cybercrime investigations nationally.

Of course, we’re not so naive that we haven’t considered the possibility that they’re just making this all up – those of us old enough to remember the USSR may recall the Soviet propensity to throw statistics around at the drop of a hat about things more random than photographic targets of a Japanese tour group.

There’s no doubt that the statistics being proffered by the Chinese MPS have been cooked.

But, let’s be fair, they claim that they have statistics. More to the point, the Chinese government is putting forth some of the things they believe seem like good things to be counting. Again, this is more than the US government has done to date.

Among them:

  • Police found 600 online criminal gangs, destroyed 500 illegal firearms factories selling guns over the Internet and detained 10,000 suspects
  • Between March and June of this year, Chinese police investigated 5,600 cybercrime cases.
  • Without elaborating, the MPS states that it “removed 3.2 million pieces of illegal and harmful information from the Internet” and “cut” 5,000 channels of communication (by which it means e-mail and instant messenger accounts) used by suspected criminals.

Here’s the best statistic:

83.5 percent of the illegal websites discovered were unregistered or falsely registered.

That would be a far better statistic if they’d break it down for us. False registration is a serious issue – and actually false registration data helps law enforcement, for a number of reasons I won’t get into here. I have no idea what laws China has about registration of websites, but I bet it’s not too hard to run afoul of regulations.

The article also quotes the MPS director of network protection as saying that “cases of cybercrime have increased by an average of 30 percent each year since 2008.”

That number is suspiciously low. When I crowdsourced this question back in April 2012, at the Infosec World Conference and Expo, the audience of information security professionals estimated that cyber crime in the US is growing by “hundreds of percent” a year.

That China can say that their cybercrime is increasing by 30% annually is more than a little unbelievable, but the fact of the matter is that with their police investigating more than 5,500 cases of it – along with, we’re told, “2,600 public order violations” – they have a way to claim, with a straight face, a statistical baseline. Here in the US, we have no such statistics available.

To paraphrase Ferris Bueller, “We can’t even have a fantasy statistical baseline. We have to covet theirs.”