14 DAY TRIAL // Chinese authorities arrested last week ten white hat hackers from the WooYun ethical hacking group, a community of security researchers from China who were reporting security bugs to companies for free, Caixinwang informs us.
Fang Xiaodun, WooYun's leader, is among the ones arrested by authorities, who have not bothered to offer any details regarding the arrests.
WooYoun's is China's biggest infosec community
WooYun is a loose community of security researchers who perform security audits on Chinese companies and government infrastructure and then report the vulnerabilities they find with no need for monetary rewards.
Usually, the companies and agencies that receive these reports fix the issues, and everything is fine and dandy. Sometimes companies ignore the vulnerabilities researchers discover, and then the WooYun members post the details of their security research online, on their website.
According to the Hong Kong Free Press, some companies for which WooYun had reported vulnerabilities were hacked, soon after the flaws had become public. It is not confirmed that the flaws were used to breach the networks of the said businesses.
WooYun website down for maintenance at the same time
Suspiciously, the WooYun website was taken offline on July 20, showing a message that says the portal is undergoing maintenance operations. This happened before Fang's arrest. The website is still displaying the same message at the time of writing.
Members of the 5,000-strong WooYun community said Fang did not reveal anything about a police inquiry or related to being under pressure by authorities.
Fang was scheduled to give a speech at a security conference in early August. His appearance was also canceled.
There is speculation that Fang and the other WooYun members illegally carried out security audits on government platforms without asking for permission in advance, which triggered an immediate response from Chinese authorities, who treated them as any other hackers.