Google attack puts spotlight on China's "red" hackers

Reuters
Wednesday 20 January 2010 11:26 EST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

They are cloaked by pseudonyms and multiple addresses, but China's legions of hackers were thrust into the spotlight last week after Google said it suffered a sophisticated cyber-attack emanating from China.

There are tens of thousands of Hong Ke, or red visitors, as they are known in China. Many are motivated by patriotism, although it is more difficult to establish their relationship with the Chinese government or military, which some experts suspect as being behind the attacks.

The Honker Union, China's most famous group of Hong Ke, shows the grey area between patriotic hackers and the state. The group has denied involvement in the Google attack.

"The Honker Union ... has no interest in getting involved in politics. We work only for the security of Chinese websites," one of its core members, Lyon, said in a telephone interview. Lyon, his hacker handle, is the head of a department in a major state-owned telecommunications firm and declined to disclose his real name.

Founded in 2001, it was involved in cyber-warfare with US hackers over the Hainan spy plane incident in 2001 and last week attacked Iranian websites in retaliation for the Iranian Cyber Army's temporary takeover of Chinese search engine Baidu.

"It is pretty clear that many Chinese hackers are motivated by patriotism," said Trevor T, the pseudonym of an American who helps run Dark Visitor, a U.S.-based blog about Chinese hackers.

"China may not be where the U.S. is militarily, but it clearly has invested a lot of brainpower in developing capabilities that can offset the US advantage in force-on-force conflict," he said.

Google announced last week that a "sophisticated" attack coming from China resulted in the theft of its intellectual property. It cited the hacking episode, as well as censorship, as reasons it may leave China.

Google did not specify how it knew the attacks came from China, or why it and an estimated 34 other companies were targeted. Cyber experts say source codes may have been the prize.

The popularity of hacking in China, and hackers' use of multiple addresses and servers, in Taiwan and elsewhere, makes it hard to prove how or by whom they are coordinated. Would-be hackers in China don't have to look far to figure out how to do it, thanks to a healthy hacking industry.

For $150 (£92), a keen student can buy all the modules online, from programing Trojans to evading anti-virus programs. Tutors are available via instant-messaging and interactive tutorials.

The market for malware in China includes a software known as Grey Pigeon, originally designed to remotely control users' own computers, that turned out to be an ideal tool for hacking.

Grey Pigeon's homepage says it was discontinued in 2007, because of rampant misuse for illegal activities, but the 2010 version of Grey Pigeon is easily found for sale online in China.

That market helps hackers quickly exploit any opening.

"Malware groups out of China have been very quick to adopt zero-day exploits," software flaws for which there is no patch, said Nart Villeneuve, chief research officer at SecDev.cyber.

"They may be operating independently but there may be some sort of market for selling the information that they get."

Some Chinese hackers train at schools like the Communication Command Academy in Wuhan to get sensitive information, cyber expert James Mulvenon told a congressional commission in 2008.

China now may have up to 50,000 military hackers trained or in training, he said. This could not be independently confirmed.

"Who is most likely to become the leading protagonist ... of the next war? The first challenger who has appeared and is the most well known is the computer 'hacker'," two People's Liberation Army (PLA) colonels, Qiao Liang and Wang Xiangsui, wrote in a 1999 book, "Unrestricted Warfare."

Developing countries can beat more developed countries with war tactics that transcend boundaries, they argued.

"We urgently need to expand our field of vision regarding forces which can be mobilized, in particular non-military forces," they wrote.

One of the best documented, and coordinated, hacking attacks out of China was reported last year. It took place against exiled Tibetans, an attack that seemed motivated by politics, not profit.

"It's the political connection that many use to provide the link to the Chinese government," Villeneuve said.

Similar attacks have targeted foreign reporters in China, and individuals and groups pushing for greater human rights.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in