Pierluigi Paganini August 01, 2016

The Chinese authorities have arrested 10 members of the popular Wooyun ethical hacking community, including the founder Fang Xaiodun.

Chinese authorities have arrested popular white hats operating in the country, including the founder of one of the larger online ethical hacker community. The reason behind the arrest is still a mystery, the news was reported first by the Chinese website Caixinwang and spread by the Hong Kong Free Press (HKFP).

The young hacker, Fang Xaiodun, is the founder of the Wooyun community, he was arrested with other ten senior members of the group on July 22, a couple of weeks after the group held its annual convention in Beijing. The convention is considered one of the most interesting in the country and attracted that captured the interest of high-profile organizations.

“Around ten senior members of Wooyun – including Fang – were taken away by police without specific charges being made a week ago, according to a source cited by Caixinwang.” reported the Hong Kong Free Press.

“Everything happened very abruptly, even members within Wooyun were kept in the dark,” said the source. “People from Wooyun said there was no administrative procedures nor prior notice for the arrest,” the source added.”

Fang founded the hacking community in 2010, previously he was the head of security at Chinese search engine Baidu.

The Wooyun was known for its bug hunting activity, as similar groups worldwide its members only disclosed vulnerabilities if they were unable to receive a satisfactory answer from the vulnerable system operators.

Xaiodun is literally disappeared since July 18, he hasn’t posted any content to his WeChat account, and the official website of the Wooyun group has been suspended since July 20.

The Hong Kong Free Press speculates that the Wooyun group has shut down the website as a precaution fearing possible repercussions.

At the time I was writing there is no official statement of the case, experts speculate the members of the Wooyun group may have targeted a government entity for testing purpose, causing the reaction of the authorities.

“Multiple theories regarding the arrest have surfaced in the community. Some speculate that Wooyun was involved in legal issues after publicising certain websites’ system loopholes shortly before they were hacked by a third-party. Others suspect that Wooyun members were involved in testing the vulnerabilities of government networks without authorisation.”

The Internet Society of China’s legal consultant Zhao Zhanling told HKFP the Wooyun site was used only as the disclosure platform.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Wooyun group,  Hacking)