Police in South China have detained a gang of hackers they believe are responsible for attacks on 185 government websites.
Police in Jieyang, Guangdong province, said the case is the biggest of its kind in recent years.
Suspects are accused of invading sites managed by authorities in 30 provinces, municipalities and autonomous regions to help them to make and sell fake professional certificates.
"The gang tampered with official databases or added links to external databases so that if anyone checked up on the fake certificates, the client's name would appear," Chen Xiaoping, head of Jieyang police's cybercrime unit, said at a news conference.
"This caused great damage to the image of the government. Cracking the case has helped restore their reputation," said Xie Yaoqi, director of the public security bureau in Jieyang.
The city's office of personnel and examinations reported an attack on its website on Dec 8, after finding a link had been illegally added.
This led police to seven suspects selling fake certificates in Nanjing, Jiangsu province, and in Guangdong's Heyuan. This in turn led to the discovery of a network of connected hackers, certificate forgers, advertisers and personal data collectors scattered across at least 12 provinces.
As of July 12, police had arrested 165 people, confiscated more than 7,100 fake certificates and at least 10,000 fake seals, and are still hunting for more members of the gang.
The fake certificates were sold at between 4,000 and 10,000 yuan ($626 and $1,565), police said. The profits generated surpassed 300 million yuan.
Chen said 14 principal suspects were under the age of 30.
"They have a strong idea on how not to get caught," he said. "They used overseas servers and bank accounts of strangers, whose details were bought online."
One of the suspects, Luo Pangjie, who has admitted being a part of the gang, said he had been earning 3,000 to 5,000 yuan a month for transferring personal data to hackers since mid-2010 but he claimed he had no idea it was being used to sell fake professional certificates.
"It was easy money," the 24-year-old from the Guangxi Zhuang autonomous region said during an interview with reporters at a detention house.
Xu Haibin from the Ningxia Hui autonomous region, who at 18 is the youngest suspect, admitted hacking government websites for 300 to 1,200 yuan a time, according to police.
Chen said hackers in the past attacked government websites to show off their skills but now do it to make money.
Cracking down cybercrime calls for efforts from not only the police, according to Xu Jianzhuo in the Ministry of Public Security's network security bureau.
"We need stricter supervision," he said. "We need laws and regulations to strengthen the obligations of Internet service providers to verify users' information.
"It's difficult to collect evidence for cybercrimes." Xu said real-name registration has not been genuinely put into practice. A user can still get registered with a fake name and someone else's ID number. The online service provider will not verify the name and the number.
While websites in Europe and the United States are required to maintain records of visits for 12 months, websites in China are only required to maintain records for 60 days, Xu said.
The large-scale hacking of government websites has also exposed the huge market for fake certificates in China. Jieyang police claimed that more than 30,000 people bought fake qualifications made by the gang, which specialized in certificates including medical care, financial services and architecture.