So, Exactly, What Do Hackers Do?

Hacking for Fun and Profit in China’s Underworld is a NYTimes story and extracts:

CHANGSHA, China — With a few quick keystrokes, a computer hacker who goes by the code name Majia calls up a screen displaying his latest victims.

“Here’s a list of the people who’ve been infected with my Trojan horse,” he says, working from a dingy apartment on the outskirts of this city in central China. “They don’t even know what’s happened.”

As he explains it, an online “trapdoor” he created just over a week ago has already lured 2,000 people from China and overseas — people who clicked on something they should not have, inadvertently spreading a virus that allows him to take control of their computers and steal bank account passwords.

...He operates secretly and illegally, as part of a community of hackers who exploit flaws in computer software to break into Web sites, steal valuable data and sell it for a profit.

...In addition to independent criminals like Majia, computer security specialists say there are so-called patriotic hackers who focus their attacks on political targets. Then there are the intelligence-oriented hackers inside the People’s Liberation Army, as well as more shadowy groups that are believed to work with the state government.

...For less than $6, one can even purchase the “Hacker’s Penetration Manual.” (Books on hacking are also sold, to a lesser extent, in the United States and elsewhere.)

...[Majia] showed how he hacked into the Web site of a Chinese company. Once the Web site popped up on his screen, he created additional pages and typed the word “hacked” onto one of them...He is consumed by the challenges it presents. He reads hacker magazines, swaps information with a small circle of hackers and writes malicious code. He uses Trojan horses to sneak into people’s computers and infect them, so he can take control.

“Most hackers are lazy,” he says, seated in front of a computer in his spare bedroom, which overlooks a dilapidated apartment complex. “Only a few of us can actually write code. That’s the hard part.”

...Partly, he admits, the lure is money. Many hackers make a lot of money, he says, and he seems to be plotting his own path. Exactly how much he has earned, he won’t say. But he does admit to selling malicious code to others; and boasts of being able to tap into people’s bank accounts by remotely operating their computers.

...Scott J. Henderson, author of “The Dark Visitor: Inside the World of Chinese Hackers,” said..."They make a lot of money selling viruses and Trojan horses to infect other people’s computers,” Mr. Henderson said in a telephone interview. “They also break into online gaming accounts, and sell the virtual characters. It’s big money.”

...he works from about 6:30 p.m. to 12:30 a.m., starting every evening by perusing computer Web sites like cnBeta.com....He even claims to know details of the Google attack. “That Trojan horse on Google was created by a foreign hacker,” he says, indicating that the virus was then altered in China. “A few weeks before Google was hijacked, there was a similar virus. If you opened a particular page on Google, you were infected.”

...Majia and his fellow hackers keep secret their knowledge of certain so-called zero-day vulnerabilities — software flaws — for future use, he says.

“Microsoft and Adobe have a lot of zero days,” he said, while scanning Web sites at home. “But we don’t publish them. We want to save them so that some day we can use them.”

When asked whether hackers work for the government, or the military, he says “yes.”

Does he? No comment, he says.