Naivete makes China’s new netizens the sitting ducks of cybercriminals

In China, some of the most successful cyberthreats are frighteningly simple.

在中国，一些最成功的网络威胁常常简单得出奇。

One recent viral mobile message offered free Golden Retriever puppies to lure users into giving away personal information. Another online scam took thousands from a woman who wired money to an impostor she thought was her son's teacher.

最近一则含有病毒的手机短信声称免费赠送金毛猎犬幼仔，诱使用户提供个人信息。在另一个网络骗局中，一名妇女给骗子汇款数千元，因为她以为骗子是自己儿子的老师。

A current favorite of Chinese cybercriminals, according to Pei Zhiyong, the senior security researcher of the antivirus company Qihoo 360 Technology, is to simply program malicious code that asks users to disable their antivirus software.

奇虎360科技有限公司的高级安全研究员裴志勇说，"中国网络犯罪分子现在最喜欢的就是编写简单的恶意代码程序，要求用户关闭防病毒软件。"

"It will say their security program is incompatible with whatever they're trying to do," he said. "We call it a 'Candy Trojan Horse,' and 30 percent of users will actually respond by turning off their antivirus system."

他说："这个恶意代码程序会说，用户的安全程序与将要运行的程序不兼容。我们称之为'糖果特洛伊木马'病毒。有约三成用户真的会关掉自己的防病毒系统。

Over the last decade, the Internet has gone mainstream in China. More than 600 million residents regularly go online, and China is also the world's largest smartphone market. And domestic companies like the Alibaba Group are among the largest Internet companies in the world.

近十年来，互联网已经在中国成为主流，中国的网民数量超过6亿人。中国也是世界上最大的智能手机市场，阿里巴巴等中国公司已经跻身全球最大的互联网企业行列。

In its early days, China's Internet market was plagued by malware and viruses. Popular free antivirus software offered by many companies has since helped stem that problem, but has led to a new one: Many PC users have become so comfortable that they are now easy prey to attacks that involve simply tricking them, instead of having their accounts breached by complex software. At Chinese companies, experts say, awareness lags that of their counterparts in developed nations.

中国的互联网市场在早期曾经饱受恶意软件和病毒之苦。在那之后，许多公司提供的免费防毒软件帮助阻止了这个问题，但同时也带来了一个新问题：很多电脑用户现在太安逸，成为网络犯罪分子很容易得手的猎物。只需要通过简单的骗局，无须复杂软件就可以破解他们的账户。专家还指出，中国企业的网络安全意识也滞后于发达国家。

In 2013, cybercrime cost Chinese companies and individuals $37 billion, according to a research report by the security firm Norton, putting the nation second behind the United States at $38 billion, and well ahead of the $13 billion that cybercrime cost Europe or the $1 billion for Russia.

诺顿公司的一份研究报告显示，2013年，网络犯罪活动给中国企业和个人造成370亿美元的损失，仅次于美国的380亿美元而排在第二位，远高于欧洲的130亿美元和俄罗斯的10亿美元。

Security analysts offer many reasons for this, but top among them is the naïveté of China's myriad new Internet users, as well as government policies that have emphasized the growth of the Internet industry above all else.

网络安全分析师对此给出了很多理由，但其中最重要的原因是，中国无数新网民幼稚轻信，中国政府的政策曾经过于强调互联网产业的增长。

At the same time, many businesses have no consistent approach to ensure employees do not inadvertently compromise corporate networks. Companies also are often reluctant to pay for security software.

与此同时，许多企业并未采取一贯措施防止员工在不经意间危害公司的网络，而且它们通常都不愿花钱购买安全软件。

And the prevalence of pirated software in the country — and the back doors and other security holes in those programs — makes many businesses, and individuals, unwittingly vulnerable.

此外，盗版软件在中国盛行，此类软件中存在的"后门"和安全漏洞也使许多企业和个人在不知不觉中成为易受网络犯罪分子攻击的目标。

Beijing has focused far less on stopping cybercrime or punishing companies that enable or encourage attacks. As a result, China's companies tend to focus on attracting users above all else, and therefore a consensus among Chinese Internet companies on mitigating attacks has been slow to emerge.

中国政府在制止网络犯罪和处罚那些纵容或鼓励网络攻击的企业方面的重视程度远远不够。因此，中国企业最关注的往往只是如何吸引用户，中国互联网企业也迟迟未能就阻止网络攻击达成共识。

Things could get worse for China as new users take to the web on smartphones. According to the Norton report, 75 percent of Chinese smartphone users have experienced mobile cybercrime in the 12 months leading up to the 2013 survey, compared with a global average of just 38 percent.

随着新一代用户转而使用智能手机上网，情况可能会变得更加糟糕。诺顿公司在报告中说，中国75%的智能手机用户在过去12个月内曾碰到过手机网络诈骗，而全球平均水平仅为38%。

"The ability to access Google Play is not there, so Chinese go to alternate app stores that don't have the security capabilities" of Google's official app store, said Michael Sentonas, the global chief technology officer for Intel Security.

英特尔计算机安全公司全球首席技术官迈克尔·森托纳斯说："在中国没法使用谷歌电子市场，所以中国人转向了其他应用商店，而这些应用商店并不具备谷歌官方应用商店的安全能力。"

A 2013 study by the Data Center of China's Internet showed that 35 percent of China's most popular 1,400 apps tracked user data that had no connection to the function of the application.

中国DCCI互联网数据中心2013年的一份调查报告显示，在中国最受欢迎的1400种手机应用中，有35％会跟踪与其功能无关的用户信息。

When customers then bring their phones into work, the situation becomes dangerous for companies as well, Mr. Sentonas said.

森托纳斯指出，当用户把手机带到工作单位后，企业也将面临风险。

The huge cost of attacks on companies has led to growing awareness among executives, though analysts say many companies still lack a high-level executive charged with security.

网络攻击造成的巨大损失已经引起企业高管的日益关注，但分析人员指出，许多企业仍然没有设置负责网络安全的高管职位。