Young cyberwarriors help to keep Web safe

More than 40 white-hat hackers attend the final of a national competition designed to find new talent to work in the network security sector in Nanjing, Jiangsu province, on May 2.A total of 2,500 people from home and abroad entered the competition. Sun Can / Xinhua

White-hat hackers safeguard government and company websites from attempts to attack them

A team of young hackers from Shanghai will be going head-to-head with others from around the world at the weekend.

The group is taking part in the final round of SECCON, a major competition for hackers, for the first time. The members are all from the post-1990 generation.

"We're young and interested in information security. We hope to have fun in the final competition in Tokyo," said team leader Zhang Siyu, 25, who trains the hackers at Shanghai Jiao Tong University.

This is the first time that teams from outside Japan have been invited to take part in the final, a move intended to find more talent to join the fight against Internet threats and crimes.

Twenty-four teams, including contestants from the United States, will compete in a number of sections such as cryptanalysis - analyzing computer systems to detect hidden weaknesses - and programming.

The competition is run by the Japan Network Security Association, and more than 1,300 people entered last year. Fifty-five percent were students.

Jiang Kaida, a teacher at the Shanghai university's network and information center, said: "I'm glad to see more young people becoming interested in security issues. Some of them are even middle school students."

The young IT security enthusiasts taking part in the competition are often called "white-hat hackers" to distinguish them from malicious individuals or groups that identify and attack security loopholes. White-hat hackers advise businesses and government departments about Web security risks.

A report issued last month by Qihoo 360, the country's largest security software provider, said the number of ethical hackers has increased rapidly over the past three years.

Almost 70 percent were born in the 1990s, and 2 percent were born after 2000 - a reflection of the way younger people are becoming interested in the IT security industry, the report said.

Jiang welcomed the trend, but said the provision of suitable guidance and education for youngsters is a key element in the country's security development.

Yan Hanbing, deputy director of the operations department at the National Computer Network Emergency Response Technical Team and Coordination Center, said it is important to widen youngsters' horizons.

"Exploring ways to uncover security loopholes as well as protecting enterprises' privacy should also be taken into consideration," Yan said. The center leads efforts to combat cybersecurity threats.

Zhang studied information security for six years, and believes the SECCON final on Saturday and Sunday will be a good opportunity to learn more advanced skills from developed countries.

The experienced US contingent is strong, but Chinese hackers have become more skilled as the number of cyberattacks and awareness of cyberspace security have grown in recent years.

According to the Qihoo 360 report, 617,000 of the 1.64 million websites it monitored in 2014 suffered from online security loopholes, of which 17 percent were regarded as "high risk".

The youngest white-hat hacker in the country is Wang Zhengyang, 13, a middle school student from Beijing who studied programming and code when he was 8, according to the report.

Another white hat, Yang Wei, 24, became interested in seeking out and reporting security risks while at college.

"I wasn't doing well in my manufacturing courses, and spent my time searching for website loopholes day and night," said Yang, from Hunan province. "I was feeling my way around, and realized I liked information security."

He quit university in 2010 and moved to Shenzhen, Guangdong province, where he hoped to embark on a career in the security field, but found this difficult without a degree.

"I was confused at that time. I love security, but no one told me how to go about doing it," he said.

He was turned down after several job interviews for security positions, but soldiered on. To fill his time, he submitted security risk reports to WooYun, the country's largest online community for white-hat hackers.

In 2012, a Beijing security company agreed to employ him after noticing his contributions to WooYun.

"Since then, I've had several opportunities to meet WooYun's founder, Fang Xiaodun, to talk about security work," he said.

"I gradually realized my direction after I made friends with Fang. I found so many young white hats like me who are still feeling their way around in the industry. But they are still fond of it."

To help them, Yang joined Fang's team in March last year and became a link between white hats and enterprises or governments.

WooYun was founded in 2010, and since then more than 7,200 white hats have used the platform to tackle 90,000 loopholes.

Most white hats are college students, but the number of primary and middle school students has been rising sharply recently, according to WooYun.

Yang added: "The white hats are young and sometimes they're not good at talking to companies or governments after they find security loopholes. So my job is to help them present their reports to the organizations."

Enterprises and government departments pay more attention to security risks if the reports are submitted by a security platform rather than an individual white hat, he said.

"The younger the white hats are, the more guidance they need."

caoyin@chinadaily.com.cn