(Chinese Version)

Almost one month after the lockout of the largest online loophole report platform in China WooYun, the annual China Internet Security Conference was officially held at the National Convention Centre, making the cyber security once again a trending topic both online and offline.

On August 16th morning, CEO of QIHU 360 (the event organizer) Zhou Hongqi appeared at the National Convention Centre. If WooYun didn’t go into trouble, Fang Xiaodun would be at the event too. Topics relevant to the relationship between enterprises and the government, white-hat hackers, and cooperation have been heatedly-discussed on the China Internet Security Conference. QIHU 360’s chairman of borad Zhou Hongqi made his very first speech after the company’s delisting.

TMTpost interviewed Zhou Hongqi after the speech, covering topics such as the dilemma white-hat hackets are in, the delisting of QIHU 360 and the developmental tendency of the cyber security environment in China.

Zhou Hongyi stated that after the delisting QIHU 360 would become a domestic capital company and would have more developments in the security market.

“We decided to exit from the stock market considering matters regarding the national security instead of issues occurred in capital. It’s not easy for large-scale companies like QIHU 360 to get delisted from the market. The amount of capital involved in the delisting was about $10 billion. But as the largest cyber security company in China, it’s not appropriate for the company to be funded by foreign capital and listed on the American stock market,” Zhou Hongyi explained the reasons behind the delisting.

Furthermore, Zhou revealed that QIHU 360 is now working on some military business lines and cooperating with the law enforcement. Without a doubt, becoming a domestically funded company is the only way to gain access to these opportunities.

Zhou Hongyi is disappointed with the fact that WooYun and many Chinese enterprises are neglecting the importance of cyber security and has voiced out for several times for white-hat hackers. He appeals that relevant policies would be introduced to protect white-hat hackers since white-hat hackers are crucial to safety on the Internet.

New rules and regulations should be implemented for white-hat hackers and raising enterprises’ awareness on cyber security

Founded in 2005, QIHU 360 has learned from its over a decade of operation that Chinese enterprises are still not taking cyber security seriously. “Sometimes a few small websites would find some loopholes on their sites. But they wouldn’t really try to fix them if they didn’t affect process involved cash transactions,” Zhou Hongyi said. “But hackers will grasp every loophole they can find to attack those sites to loot user information such as user name and password, which they can use to attack other websites. If one website is compromised, then others will fall like a domino.” According to Zhou, they once found a loophole on the official site of an university, which the university failed to fix even one year after QIHU 360 had warned the university about it for several times.

Zhou Hongyi then went on about the lack of relevant policies on cyber security in the country. Besides some special departments, most enterprises don’t have rules or regulations to follow to fix loopholes even if the attack haven’t appeared yet. On the other hand, enterprises themselves are also short of the awareness on cyber security. “If things haven’t gone wrong yet, then it wouldn’t happen,” this mindset has become very common among most enterprises.

Attacking systems in simulations is a common method white-hat hackers use to find loopholes. However, most of these simulations take place without the enterprises knowing. It’s no deny that such activities are indeed an act of playing with fire in the gray area, but they do bring unknown loopholes to enterprises’ attention. That’s why such simulations have become a controversial topic in the industry.

Similar to WooYun, QIHU 360 also has its own loophole report platform, BUTIAN. However, unlike other loophole platforms, BUTIAN doesn’t make reported loopholes public, but rather provide them for enterprises for free. Despite all these efforts, Zhou Hongyi is still powerless about some cases in which enterprises suited the white-hat hackers that found their loopholes. “White-hat hackers hunt for loopholes not to make profit. The dilemma is that their method is in the gray area even though they mean well. Some enterprises just can’t accept that,” Zhou Hongyi explained.

“In my opinion, enterprises can learn from the pentagon and offer cash rewards to encourage white-hat hackers to find loopholes and fix them,” Zhou Hongyi said. “In the worst scenario, white-hat hackers can turn black and engage in the black industry if they continue to do things that are considered as illegal.” Zhou Hongyi reiterated for multiple times in the interview that the best solution to this problem for enterprises and white-hat hackers is to launch relevant policies to authorize, manage, and register white-hat activities.

Cyber security no longer just means fierce battle between software and software, or computers against computers, but people VS people

In Zhou’s opinion, the lack of security awareness can be mostly attributed to the fact that most enterprises’ understanding of hackers is years behind. “Nowadays, insuring cyber security no longer just means fierce battle between software and software, or computers against computers, but people VS people,” Zhou Hongyi stressed, stating that the era in which users only need a set of software or hardware to secure their system has gone.

He told TMTpost the example of a famous anti-terrorism organization in the U.S. that has over 4000 data experts and intelligence experts, which shows that behind the big data stand many labor-intensive organizations. “In the past China couldn’t make the security market happen for the lack of security service,” Zhou said, stressing about the notion that cyber security consulting service is actually more important than hardware and software, which is exactly what white-hat hackers are good at.

However, BUTIAN runs on a free model and therefore white-hat hackers can make little money from it. So what’s the appropriate way for these hackers to make a living? From the perspective of business mode, according to Zhou Hongyi, white-hat hackers can charge enterprises since they provide them with valuable information.

In Zhou’s vision, signing service contract might be a feasible method to solve this problem. “Compared with firewalls, hardware, and software, white-hat hackers and cyber security consultants are better options when it comes to dealing with cyber security issues,” said Zhou.

The Chinese cyber security market will enter a booming age in five years

If Zhou Hongyi’s vision is going to happen, then Chinese enterprises must start to realize the importance of cyber security. In reality, the change of mindset usually is the hardest step when making a change.

To expand the market, Zhou Hongyi decided to roll out 360 Threats Intelligence Sharing Project and subsequently start to offer the company’s data and capabilities. The first weapon QIHU 360 made available is the 360 Global Network Real-time Scanning and Surveillance System. It’s reported that this system can scan whole net for malware sources real-time and blocked the sources found, decreasing the chances of getting attacked.

According to Zhou Hongyi, they made the surveillance system public for cooperation among the industry, which is essential to cyber security. Nowadays, it’s quite impossible to determine the source of attack from looking into one router. The whole net has become the breakthrough, which is backed by big data intelligence on the could. “A terminal without a radar is just a piece of metal,” Zhou Hongyi illustrated with an analogy.

However, in the current security industry every company wants to build their own industrial chain and sees each other as rivals. It’s very common to find these companies have complete product lines but without any killer ones.

In Zhou Hongyi’s vision, every cyber security companies will have their own logical positioning in the future, contribute to big data and share the result. In addition to that, private companies will also partner with the military and mobilize the power of marketization through policies.

Zhou Hongyi believes that the central government will expand the investment in cyber security and relevant service industry will rise accordingly, and that in five years the cyber security industry in China will enter a booming age.

At present, QIHU 360 has finished up some of the preparation work for that. For instance, QIHU 360 has been massively applying AI technology and deep learning technology to mark, identify, monitor and analyze files, links, data flow, and fundamental network data so as to predict risks. The platform has rolled out visualized big data systems such as DDoS real-time tracking, Trojan real-time surveillance, fishing attack tracking, vulnerability detection for the whole network, and false base station tracking etc.

…………………………………………………………………………………………………

(Like our Facebook page and follow us now on Twitter @tmtpostenglish, Medium @TMTpost and on Instagram @tmtpost_english.)

[The article is published and edited with authorization from the author @Han Pei, please note source and hyperlink when reproduce.]

Translated by Garrett Lee (Senior Translator at PAGE TO PAGE), working for TMTpost.