Chinese cybercriminals have technology that can steal your credit card number as soon as you swipe, and that's just one of many ingenious and scary methods they have for stealing everything from identies to cash.
"Today, the Chinese underground is thriving more than ever," writes information security firm Trend Micro in the introduction to a November paper on Chinese cybercrime, while noting that cybercriminals have quickly adapted to technological advances.
Cybercrime costs the global economy around $445 billion every year, and with attackers hitting targets everywhere from major movie studios to children's toy companies, the problem seems like it's getting worse.
So what are cybercriminals doing in 2015? According to the report, it boils down to trading stolen data for cash, using sophisticated tools to fool unsuspecting internet users into giving away information, and "skimming" credit card data as soon as a person makes a purchase.
If a major data breach occurs, like the 2013 dump of customer of data from Target for instance, chances are it'll show up for sale on forum websites like CnSeu or SheYun. The database on SheYun hosts everything from bank credentials to account information of online poker players, and it's all easily searchable.
Then there is software like Social Engineering Master, which gives cybercriminals fake identities and templates that make it easy to send out phishing emails for user data, like passwords and personal information.
But perhaps the scariest detail from the report comes from a section on point-of-sale "skimmers" — devices that look like or attach to a credit card terminal. The devices often look just like the real thing and work the same, but they also contain chips that upload the stolen credit card data straight back to criminals.
Interestingly, they are often installed at retail outlets not by criminals, but by the businesses themselves. "Such was the case that made the news this August," the report says. "A company reportedly sold the modified devices to a number of small restaurants and hotels. Investigators found 1,100 sets of stolen card information stored in the company's servers."
China is not the only country hosting cybercriminals, of course. Plenty of major data breaches and website shutdowns can be linked back to Russia, Brazil, Vietnam, and even the United States. But China is unique in that its government is often pulling the strings, according to the report.
"This isn't a mild irritation," US National Security Advisor Susan Rice said of Chinese government hackers in September. "It is an economic and national security concern to the United States."
The problem has led to high-level talks between the US and China to develop a "cybercrime truce." But the truce didn't seem to last long.
Just weeks after Chinese President Xi Jinping met with President Barack Obama to work out a deal, at least seven American companies detected attacks from hackers associated with the Chinese government, according to South China Morning Post.
Still, the Chinese government claims it has been cracking down on cybercriminals. In August, police arrested roughly 15,000 people for crimes that "jeopardized internet security" and investigated 66,000 websites, The Guardian reported.
But with much of the internet underground residing on the anonymous "dark web," shutting them down is much easier said than done.
