BEIJING – “Your Honourable institute is invited,” read the e-mail sent a few days ago to Sharon Hom, director of Human Rights in China, urging her participation in the eighth international summit of non-governmental organizations.
Hom immediately smelled a rat. The stilted wording of the message and a few misspellings in it alerted her the invite to this purported summit in “California, USA” was just the latest ploy to trick her into opening an e-mail attachment meant to compromise her computer.
For years, cyberattacks have plagued human rights advocates and others critical of China. Academics, journalists, Tibetan groups, supporters of the Uighur minority and the banned Falun Gong spiritual movement – in fact, anybody whose work might have irked the Chinese government.
“Everybody used to say we were paranoid if we talked about this,” said Hom. “But now you can see, it’s not just the NGOs; it is the academics and the business community as well.”
Google’s announcement on Tuesday that it might pull out of the Chinese market has cast a sharp focus on long-standing accusations about the shadowy world of Chinese cyberhackers.
Since at least 2002, human rights activists have accused the Chinese government and military of infiltrating their computers as well as those maintained by private companies and non-government organizations. The activists say the attacks have spiked during politically sensitive periods – the summer Olympics in Beijing, Tibetan protests in March 2008 and clashes with Uighurs last summer.
The culprit, they add, seems obvious.
“I don’t want to point fingers without evidence, but I know that there are only so many parties who are interested in my e-mail,” said a Guangzhou-based blogger and social critic who writes under the name Bei Feng.
Governnment officials deny responsibility.
In Beijing, foreign ministry spokeswoman Jiang Yu told reporters: “China’s law prohibits cyber crimes including hacker attacks.”
Often the attacks have been easy to spot. “I’d get these e-mails pretending to be from Amnesty or somebody I knew written in Chinglish,” said Hom, using a slang term for distinctive Chinese malapropisms in the English language. “Sometimes it was so obvious I’d laugh out loud.”
The recent “summit” invitation, for example, read: “We kindly plead you to find the Invitation Message in your attachment file.”
The recent attacks directed against Google – one of 34 companies targeted – used far greater sophistication. Not only were the e-mails in flawless English, they used insider jargon so convincing that even Silicon Valley techs were fooled into opening attachments containing so-called “Trojan Horse” malware.
“The organizational sophistication and scale were to a degree we haven’t seen before. The attacker was going up against the brightest minds in computer security outside of U.S. intelligence,” said Greg Walton, an expert on cyberespionage with the Information Warfare Monitor. If the top names in Silicon Valley can be hacked, who can’t be?”
The Monitor, a cyberattack research center affiliated with the University of Toronto, released one of the most extensive, unclassified investigations into allegations of Chinese cyberespionage last year. Given access to 1,295 infected computers, including those in the private office of the Dalai Lama, Tibet’s exiled spiritual leader, the researchers concluded that 70 percent of the attacks emanated from China. Some, they said, came from a local government server on the Chinese island of Hainan.
But the investigators couldn’t pin the blame – at least not beyond a shadow of a doubt – on the Chinese government, since there remained a slim possibility that the culprits were organized criminals or overly zealous nationalists who had gained access to government servers.
“The motivation of those behind the attacks, despite conjecture, is unclear,” the report concluded.