Archive

Posts Tagged ‘chinese hackers’

Google Whacked

January 13, 2010 2 comments

There’s a myth that China needs saving from evil dictators, or that Chinese people need to be somehow civilized.  That’s simply not true.  The truth is that there’s little in the way of mass oppression as there once was, and most of the so-called political maneuvers are more than likely to be economically motivated than political – so much so that that when the Chinese government blocked the movie portal IMDB in China, I instantly commented that there must be a Chinese–backed version of the site to open in mainland China soon.

I don’t think that western countries have the best way of doing things, (in much the same way that I don’t think the Chinese way is the best way) as anyone who has been through an election year in the UK can testify.  No, it’s just that when I see a good idea rejected for no good reason, I don’t really see any reason to waste time, energy and money on getting the idea accepted.  I don’t think, for example that IMDB should be blocked in mainland China, I don’t think that “because of the Korean War” is a good excuse to give to me when I ask why can’t I exchange Won in Beijing and I don’t think that the answer to winter heating is to sling another block of coal on the Aga.

All of these things and more hurt China and Chinese people, and they hurt China in the worst possible way, they are rules enforced for the good of the minority that will benefit only in the short term.  The foreigners sure as hell aren’t going to hang around if Beijing air starts to melt their fillings, but thanks to the shortsighted government policies, Chinese people have little choice but settle back in with a bottle of Tsigntao to watch The Happy Show while their face melts.  Sure, the laowai are going to uproot their families and they may never eat gong bao chicken ever again, but then again, who wants to drink milk that could land you in the emergency room?

The one reason why I like the Internet is that it’s a major pain in the ass for the Chinese government.  The Internet is a problem, not only because it allows the free flow of ideas, but because it allows people to easily compare their living standards.  At one time in China it was easy to tell people that they were doing good work and that they were beating the evil Americans when it comes to wheat production.  Nowadays, it’s not so easy.  The Internet is open and accessible to everyone.  Peer review has never been so easy – anyone can look at it, and anyone can poke holes in it, sniff it, lick and get up close and personal to it.  The only problem is that the Chinese are not really used to people being able to look at it and poke holes in it.  Only last week a large fraud was discovered by an obscure science journal in papers that were authored by Chinese scientists.  Acta Crystollographica Section E found that all that Chinese researchers had done was to alter certain, existing crystal structures by one or two atoms with the intention of making the structure seem entirely new.  The discovery led to the withdrawal of the papers by the two groups that submitted them in the first place – a total of 70 between them.

The big money in China these days is to be made in the online sector – after all, it’s the largest in the world.  The problem is, there isn’t one large Chinese dotcom that isn’t a copy of an existing western site – Facebook has Kaixin, Flickr has Yupoo, Google has Baidu and Youtube has Youku.  The sad truth is that the Chinese can’t do much on their own.  They can’t even make a good movie with a panda in it.  Nowhere is this more evident than in the Chinese cyberspace.  Chinese companies take and existing western idea, add various China-centric bells and whistles to it (for example, Kaixin has a hugely popular car-park based game that would only be successful in China) and then market it with the usual censorship and the all important Chinese character set.  Even the censorship software that was produced at the government’s behest used a blacklist and source code that was pirated from an American company.  It’s a game that been well played in the US movie industry – we suffer endless remakes of Mission:Impossible, Spiderman, The Incredible Hulk, ad nauseum – good ideas that worked in the past are much safer to invest in.

American companies have taken a lot of heat for even setting foot in China.  Yahoo!, Cisco and Google have all been hauled up in front of the US senate to explain just what the hell they’re up to in China.  Getting into bed with the commies still rattles some cages up on Capitol Hill.  Cisco has been suspiciously quiet about supplying hardware and software that runs the Great Firewall, Yahoo! handed over emails that got a human rights activist thrown in the slammer, and as for Google.  Well.

Google made a convincing argument when they started running Google.cn.  They pointed out that a limited search engine is much better than no search engine at all.  For a long time, they had me convinced.  They spouted at length the need to comply with local laws, as did Yahoo!  But that was before they felt the sharp end of Chinese business practices.  But that’s all changed for the time being.  For the time being, it’s Google vs. China.

It’s not the first time that big business has gone head-to-head with the Chinese government.  Green Dam/Youth Escort (remember that?) was effectively retired after a number of Chinese companies complained that the deadlines imposed by the Chinese government were impossible to abide by, and that the software itself was buggy beyond belief.  It was the first time that business had won out over the mandate of the Chinese government.  Now it looks like Google is trying to do the same thing.

There’s a lot riding on this.  Apart from the thousands of people that are employed at Google China – and it’s a good bet that a number of fine upstanding party members have sons and daughters working there – a growing number of businesses and individuals have become increasingly reliant on Google technology.  The grievances that Google has are pretty serious, it’s been well known that Chinese hackers have not been shy in recent years, to the point that they’re now posing a serious threat to the US.  The problem is that that Google has discovered that at least 20 other countries that have had major security breaches inflicted upon them that originated in the Chinese mainland.  While these companies haven’t yet been named, what should concern the Chinese is if Google has enough clout to convince the others that operating within Chinese law and getting your hand bitten for your trouble simply isn’t worth it.

UPDATES

Since the above was put together while I was waiting to make phone calls to some of the good folk of Beijing, much has beeen written in the last 8 hours, so here is a short collection of links that didn’t exist at the time of writing.

Imagethief
James Fallows (The Atlantic)
Global Voices Online
The Peking Duck
Shanghaiist
China Hearsay

Advertisements

Cyber Spies and Heinous Lies

April 23, 2009 Leave a comment

“I could hardly stop It was so exciting,” the boy mumbled. “I went to the Internet cafe almost every day, and was dreaming of making girlfriends.” Half drunk one night, Xiao Yi sneaked into the student dormitory and raped a 15-year-old girl. “If I had not seen the porn websites, I would not have done such a thing,” the teenager says wistfully. Sadly, Xiao Yi is not an exception. Jin Hua, deputy director of the Beijing juvenile facility, said about 20 percent of the offenders last year committed rape, and almost all of them said porn websites were to blame.

In 2006, an article appeared in the China Daily (and subsequently on the China Daily website) that told the story of Xiao Yi, a seventeen year old who had been jailed for 10 years for raping a fifteen year old girl. “If I had not seen the porn websites, I would not have done such a thing,” he told a reporter.

The CCP began its campaign to “purify the internet environment” with a crackdown on porn sites in April 2007. As AP reported, Zhang Xinfeng, deputy public security minister, was under no allusions as to where the roots of the darker side of the Internet reside. “The boom of pornographic content on the internet has contaminated cyberspace and perverted China’s young minds. The inflow of pornographic materials from abroad and lax domestic control are to blame for the existing problems in China’s cyberspace.” What followed were a few arrests for hosting “cyber strip shows” and a major clampdown on the myriad blogs and search engines hosting in China. Cai Wu, director of the Information Office of China’s Cabinet, told Xinhua that as more and more illegal and unhealthy information spreads through the blog and search engine, we will take effective measures to put the BBS, blog and search engine under control.”

Throughout the year, the government produces a list of guidelines for ISPs and Internet companies to follow. China Digital Times publishes translations of the latest set of rules, which says that posts the criticize the Chinese political system should be “absolutely blocked or deleted” – information about the tiger being skinned and beheaded should be deleted, and all sorts of other rather distasteful stuff, including the rather chilling “Strengthen positive guidance. Web sites should proactively guide public opinion in a positive way, highlight positive voices and create a pro-NPC online environment.”

The technological savvy of the CCP is its strength. While the Soviet Politburo aged into a distant and disconnected leadership, the CCP has not only seen how technology can be of benefit to the country’s economy, but they are also very aware of how a technology could be subverted into a tool that, in a worst case scenario, could lead to them losing power. The Party has long since acknowledged that controlling the Internet is crucial to maintaining their political supremacy. Western investments and web companies therefore face something of a dilemma – they must fall in line with the draconian censorship laws that exist in mainland China in order to capitalize on the largest market in the world. Fortunately, the American companies that supply hardware to the Chinese government to facilitate censoring have already made their decision, as well as Yahoo, and now, Google – the company that once prided itself on not being evil – is now under the thumb of a totalitarian dictatorship.

The initial motivations of preventing the perversion of political ideals have been the basis of the argument in favor of policing and restricting activities on the Internet. That’s what some people would argue. Other people make a slightly more convincing argument, and it has nothing to do with keeping the people pure of thought. The pervasive theory is that while media websites such as Youtube and Flickr have captured a large portion of worldwide users, Chinese copycat start ups have been having a hard time establishing a user base. The answer was fairly obvious – block access to the foreign sites which would force users to use the Chinese sites, and essentially poach business from existing companies.

The motivation for blocking access are therefore little to do with politics and more to do with commercial concerns, after all, Yahoo has helped to track down and jail online dissidents by handing over emails that were held on their servers in mainland China. Since Flickr is owned by Yahoo, it seems unlikely that the Chinese authorities would block a site that is owned by a long time collaborator of the Chinese regime. Flickr had plans to establish version of it’s photo hosting site specifically for Chinese users, but this would be based in Taipei, something of a smart move to evade the CCP’s demands for Internet censorship in the mainland. In the case of Victor Koo’s Youku service, a copy of Youtube’s video hosting site with the added advantage that due to China’s lax enforcement of copyright laws it hosts full length movies and TV shows.

Far from being terrified into not using the Internet, Chinese internet users have taken over the medium. Today, there are more Internet users in China than in any other country. How Chinese people use the Internet is much different from the way that westerners use the Internet. Instant messaging and streaming online music and video are the most popular pastimes for Chinese netizens.

Cyberspace is also where you can find the worst side of Chinese mob mentality. Incensed by the poor design of the Chinese Olympic Team’s official uniform, Internet users swore to hunt down the designer and ruin his career, and the online reports of Chinabounder, who wrote about his casual sexual encounters with Chinese girls, most of whom where his students, caused a national outrage – the protest was led through an article posted on a weblog. The online voices are the most extreme, and sadly, the ones that always seem to make the headlines, it appears that while no one seems to put much stock in the online opinions of Americans or British ‘net users, people are quite ready to accept the online comments of Chinese people to be something of a barometer of public feeling in China. The Chinese press has certainly leapt on the helpfully nationalistic outrage that seems to stream constantly from Chinese netizens.

Stories of Chinese hackers breaking into US computer systems are nothing new. The Chinese have taken the blame for everything from stealing World of Warcraft passwords to the numerous zero-day vulnerabilities in Windows Vista and Office 2007. A recent CNN story detailed one particular hacker team that claimed to have gained access to the Pentagon’s internal networks, more tellingly, they said that they were hired by the Chinese government to penetrate secure networks in America. Rather than being hired electronic terrorists, the Chinese government might just be protected its own networks – if the security at the Pentagon can be breached, then surely the software that runs the Great Firewall of China wouldn’t present much of a challenge – by giving encouraging overseas targets, attention is deflected from Chinese Internet infrastructure.

So what of the discovery of Ghost Net? The covert network was discovered by a Canadian research team called InfoWar that was asked to investigate suspected breaches in the security of the Tibetan government-in-exile.

Over a period of 10 months, InfoWar uncovered a large-scale cyber-spying organization based on the worm Gh0st Rat. The Gh0st Rat Trojan enables, amongst other things, a hacker to control the sound and webcams of a remote computer. Although the network was mostly based in Hainan, China, there was no conclusive proof that the Chinese government was directly involved, independent research has shown that the Chinese government made decisions that could only have been influenced by information gathered by the network.

Using unique IP addresses, information was traced back to government servers that were owned and operated by the People’s Liberation Army intelligence arm. The Chinese embassy in London countered the cyber-spying allegations, saying that “China is opposed to and would seriously deter hacking activities, and had enacted clear laws against hacking. Rumors about Chinese cyber-espionage are completely unfounded, and those attempting to smear China in this way would not succeed.” This comment was made despite 300 businesses being alerted to Chinese infiltration by the Director-General of MI5, Jonathon Evans.

According to the results of the investigation, published in the InfoWar Monitor, embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan and the office of the Prime Minister of Laos had been penetrated and the foreign ministries of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan were also targeted.

While the vehement denials of any involvement with any kind of cyber-espionage have poured forth from both Beijing and Chinese embassies, the truth is that the Chinese government is probably as involved with country-to-country hacking as any other government is. The report from the investigative team itself says “Attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading… The most significant actors in cyberspace are not states…. In China, the authorities most likely perceive individual attackers [ie, teenagers in internet cafes] as convenient instruments of national power.” It’s just fashionable to accuse the Chinese of secretly and stealthily taking over the world one computer at a time, and the delicious irony that a country synonymous with Internet censorship should be famous for using it as a tool for world domination is just too hard for western hacks to ignore.