YOU ARE HERE: LAT HomeCollections

Google threat to leave points up China-linked cyber attacks

Since at least 2002, activists have accused authorities in China of hacking into their computers as well as those of private firms and nongovernmental groups. The government denies involvement.

January 15, 2010|By Barbara Demick

Reporting from Beijing — "Your Honourable institute is invited," read the e-mail sent a few days ago to Sharon Hom, director of Human Rights in China, urging her participation in the eighth international summit of nongovernmental organizations.

Hom immediately smelled a rat. The stilted wording and a few misspellings alerted her that the invite to this purported summit in "California, USA" was just the latest ploy to trick her into opening an e-mail attachment meant to compromise her computer.

For years, cyber attacks have targeted human rights advocates and others critical of China, including academics, journalists, Tibetan groups, supporters of the Uighur minority and the banned Falun Gong movement -- in fact, anybody whose work might have irked the government.

"Everybody used to say we were paranoid if we talked about this," Hom said. "But now you can see, it's not just the NGOs -- it is the academics and the business community as well."

Google's announcement Tuesday that it might pull out of the Chinese market has cast a sharp focus on long-standing accusations about the shadowy world of Chinese hackers.

Since at least 2002, human rights activists have accused the Chinese government and military of infiltrating their computers as well as those maintained by private companies and nongovernmental organizations. The activists say the attacks have increased during politically sensitive periods -- Tibetan protests in March 2008, the 2008 Summer Olympics in Beijing and clashes with Uighurs last summer.

The culprit, they add, seems obvious.

"I don't want to point fingers without evidence, but I know that there are only so many parties who are interested in my e-mail," said a Guangzhou-based blogger and social critic who writes under the name Bei Feng.

Government officials deny responsibility.

In Beijing, Foreign Ministry spokeswoman Jiang Yu told reporters, "China's law prohibits cyber crimes, including hacker attacks." Yu, in the government's first public statement since Google's announcement, added that allegations about such attacks would be referred to "competent authorities."

But officials also defended the practice of censoring the Internet. Wang Chen, information director for China's State Council, or Cabinet, said in a statement that such action is a "prerequisite for economic development, cultural prosperity, social stability and harmony."

Blogger Bei Feng says that for four days in August, all of the e-mails he sent via Gmail were inexplicably forwarded to another e-mail address. "I found out only when some of my e-mails were returned with a message that the other account was full," he said.

Often the attacks have been easy to spot.

"I'd get these e-mails pretending to be from Amnesty or somebody I knew written in Chinglish," said Hom, using a slang term for distinctive Chinese malapropisms in the English language. "Sometimes it was so obvious I'd laugh out loud."

The recent "summit" invitation, for example, read: "We kindly plead you to find the Invitation Message in your attachment file."

The recent attacks directed against Google, one of 34 companies targeted, were far more sophisticated. Not only were the e-mails in flawless English, but they also used insider jargon that fooled even Silicon Valley technicians into opening attachments containing so-called Trojan horse malware.

"The organizational sophistication and scale were to a degree we haven't seen before. The attacker was going up against the brightest minds in computer security outside of U.S. intelligence," said Greg Walton, an expert on cyber espionage with the Information Warfare Monitor. "If the top names in Silicon Valley can be hacked, who can't be?"

The Monitor, a cyber attack research center affiliated with the University of Toronto, released the findings of one of the most extensive, unclassified investigations of allegations of Chinese cyber espionage last year. Given access to 1,295 infected computers, including those in the private office of the Dalai Lama, Tibet's exiled spiritual leader, the researchers concluded that 70% of the attacks originated in China. Some, they said, came from a local government server on the Chinese island of Hainan.

But the investigators couldn't pin the blame -- at least not beyond a shadow of a doubt -- on Chinese authorities because of the possibility that the culprits were organized criminals or overly zealous nationalists who had gained access to government servers.

"The motivation of those behind the attacks, despite conjecture, is unclear," the report said.

Some victims of cyber attacks have been reluctant to speak out for fear of affirming their vulnerability and inviting additional attacks and, in the case of corporations, hurting stock prices and undermining customer confidence.

Since Google's announcement, however, several major firms have stepped forward to cite attacks. They include Adobe Systems Inc., Rackspace US Inc. and a law firm that is representing a U.S. software company, Cybersitter, in a $2.2-billion lawsuit against China.

"This is not just about whether Google stays in China or not," said Hom of Human Rights in China. "The Chinese government now has to reassure the business community that they can work with China in an environment that's safe, predictable and legal."

Times staff writer David Pierson contributed to this report.

Los Angeles Times Articles