China has inadvertently raised a private army of hackers to help it discover vulnerabilities in overseas computer networks thanks to a cybersecurity law that makes it mandatory to first inform the Chinese government.

Under the rule, the Chinese state institutions issue rewards for finding the cybersecurity vulnerabilities in software that is often used by foreign governments, in what may be a subtle new form of state-backed cyber warfare.

Cary, who is a non-resident fellow at the Atlantic Council think tank’s Global China Hub, believes the requirement has fostered both collaboration and competition among the agencies, leading to efforts to outperform each other.

Major technology giants such as Google and Facebook pay so-called “white hat,” or good faith, hackers to find these points, which have the potential to undermine software companies.

China had more than 170,000 white hats in 2021, the majority of whom were young men born between 1990 and 2009, according to research conducted by Chinese cybersecurity forum FreeBuf and the internet security companies 360 and QAX.

Cary told The Record that there was considerable overlap in the Chinese industry ministry’s vulnerability database and that of companies that service the People’s Liberation Army and the country’s intelligence agencies.

Saved 70% of original text.