In late March, Infowar Monitor revealed the existence of GhostNet, a computer spying network that had inflitrated at least 1295 hosts in 103 countries. According to the report issued by the investigators, ownership of the network was unclear, but “circumstantially” pointed to China. For media more accustomed to reporting on computers than China, “China” in the case of GhostNet, meant the Chinese government. And so, in the weeks following the report, it became a truism in some corners of the media and internet that the Chinese government was operating a vast computer spying network.
However, among a smaller, more knowledgeable group of researchers and reporters, a much different story was being told. And that story had nothing to do with the Chinese government, and everything to do with a half-decade’s worth of research into independently operating patriotic hackers in China. However, telling such a story is complicated: not only does it require a certain level of technical understanding, but – if done well – it requires some understanding of how Chinese people interact with the Chinese government, and at least a cursory knowledge of China’s young nationalists (not to mention, the ability to read Chinese hacker blogs). My friend Mara Hvistendahl, a Shanghai-based correspondent who writes for Science, Scientific American, the Chronicle of Higher Education, the New Republic and other publications, is just that reporter.
Late last week, Popular Science published Hvistendahl’s “Hackers: the China Syndrome,” a carefully reported story that focuses on Scott Henderson, a private researcher with an expertise on the Chinese hacking community. The story was completed before the GhostNet investigation was revealed, but the reporting is no less relevant and interesting for its very clear picture of how and why China’s ‘patriotic’ hackers operate, and what – structurally – they might look like. Highly recommended.
Over the weekend Mara answered a few of my questions about the PopSci piece, Chinese “patriotic” hackers, and the challenges and risks inherent in doing this kind of reporting (especially if you don’t know what you’re doing). She’s one of the very best and most original reporters working in China today, and I think her answers are a worthy read, both in their own right, and as a supplement to the PopSci piece.
Q. In the aftermath of the “GhostNet” report, people were quick to point their fingers at “China” – with the idea, I think, that some aspect of the Chinese government was behind it. However, your article seems to suggest that such an approach might be misguided, and that investigators need to be paying more attention to independent operators sympathetic to, but not necessarily part of, nation states. To me, this sounds a bit like the readjustment that the US Defense Department had to make when dealing with al-Qaeda as opposed to national entities. Is that a fair assessment?
A. That’s an astute analogy. In the GhostNet report, the people at Infowar Monitor were actually very careful not to blame the hacking web they uncovered on the Chinese government. They went out of their way to explain that as complex as it sounds, GhostNet could easily be the work of independent hackers. There are some great lines in there about how the Internet gives individuals to carry out the sort of intelligence operations that were once reserved for governments. They call it “do-it-yourself signals intelligence.” But you wouldn’t know it from reading some of the press on the report.
Probably the most ridiculous thing I’ve read in the past few weeks is the assertion that Chinese Internet cops double as hackers. That level of organization and sophistication is absurd to anyone who has had actual experience with local bureaucracy in China.
We make serious errors by jumping to conclusions so quickly. The U.S. got itself into an unnecessary war by believing we could fight terrorism by targeting governments.
At the same time, I do not think we should discount the role the Chinese government might play in hacking. One of the points I make in the article is that Americans often misunderstand the interplay between the government and citizens in China. That probably doesn’t need explaining on a China blog. In any case, the relationship is far from black and white.
Q. Prior to this piece, you’d done quite a bit of writing and reporting on young Chinese nationalists. Did this piece arise out of that work?
A. The hacker article came out of a piece I did on youth nationalism. I was reading about the anti-American protests that followed the NATO bombing of the Chinese embassy in Belgrade in 1999. People were attacking KFC and gathering outside U.S. consulates here, and those demonstrations spilled over into cyberspace. A hacker plastered the U.S. embassy page in Beijing with “Down with the Barbarians!” What struck me in accounts of the event was the phrase “patriotic hacking.”
After witnessing a few protests, I’d already decided that nationalism in China didn’t quite work the way it’s often portrayed in the Western press, which is as a government-sponsored force. In 2005, the anti-Japanese protests converged on my street. They didn’t look like a staid government demonstration. The government bears responsibility for skewed history books and persistent spin doctoring, but assuming that Chinese simply swallow government dictates denies them agency. So it occurred to me that maybe hacking was similar. There were a few people out there writing about patriotic hackers — Scott Henderson was one, and Jack Linchuan Qiu at Chinese University of Hong Kong was another – and their papers just made a whole lot of sense to me. So yes, online nationalism and hacking are very much linked for me.
Q. I believe that you’ve spent some time with Chinese hackers in preparing this piece and other work related to this subject. Is there anything you can or want to say about how you make those contacts? Why, exactly, would a Chinese hacker want to talk to an American reporter?
A. No, I didn’t manage to trail a hacker for this piece. Chinese hackers used to love to talk to American reporters. They’re in competition with one another, so they court press coverage as a means of self-promotion. Then last spring CNN came out with a segment featuring interviews with a hacker from Ningbo named Xiao Chen. The report said Xiao Chen had confessed to hacking into the Pentagon and being paid by the Chinese government. That pissed off Xiao Chen – and other hackers. A few weeks later, they launched a strike on the CNN site. They also stopped talking to the press, at least for the three months I was reporting this piece. So you could say CNN ruined it for the rest of us.
That said, I was mainly interested in speaking to one hacker for this piece. I’d asked Scott Henderson, the intelligence analyst featured in the story, whom he thought the most interesting hackers out there were, and he gave me Peng Yinan’s name. Peng had participated in a strike on the White House site in 2001, then bragged about it in a Shanghai Jiaotong University forum. He was, presumably, in Shanghai. And Scott and Peng had had a little spat on Scott’s blog, which intrigued me.
Peng left an amazingly long cybertrail. Just by Googling him, I pulled up his dianping.com posts, his posts on friend’s blogs, his own blog (which is, interestingly, about esoteric Buddhist texts), and a few photos. Along with those came six or seven email addresses. I managed to exchange a few emails with a woman in Peng’s Shanghai Jiaotong hacker group. She told me Peng Yinan had given up “information security” and was not interested in taking interviews. But this was right before the Olympics. So the climate may have changed since then.
Q. The Pop Sci piece leaves unanswered the question of just how much interaction and support there is between Chinese hackers and the government. Are you able to assess that in any way? Do you get the sense that the governmentt might become edgy about the technical sophistication and goals of the hacker groups?
A. There’s an unwritten rule that you don’t hack within China. Occasionally, hackers have broken that rule to draw attention to poor security on the Chinese government sites (though they sometimes plaster the sites with images of scantily clad women, so who knows where the real motivation lies). Lately, though, hackers’ targets have been all over the map. During the Sichuan earthquake last year, a hacker broke into the Chinese Red Cross site, changed the bank account number listed there, and siphoned off donations.
So is the Chinese government worried? I’d guess it’s wary. Like nationalism, independent hacking could be double-edged sword. If, later on, the government were to try to contain hackers, it might incite some reaction. But really, I think the lack of government control doesn’t bode well for anyone – in China or outside China. Terrorism hasn’t been an easy evil to contain, and cyberterrorism is not going to be any different.
Q. In the course of reporting this and other stories related to Chinese hackers, did you ever find yourself under cyber attack?
A. I used an old beat-up PC to report this story. I erased any old documents, saved passwords, etc, and then used that computer to view hacker websites, download their PowerPoint presentations (they have PowerPoint presentations!), and email hackers. I used different email addresses and changed passwords frequently. I don’t know much about the mechanics of cyber-security, so this was all on the advice of a few patient tech geek friends.
Two days after I exchanged emails with the woman at Peng Yinan’s group, my computer died. When I tried to reboot, I got a message informing me the hard drive had been erased. Years in China have invested me with a certain degree of paranoia, so naturally I jumped to conclusions. But when I took the laptop into Best Buy for a check-up, the guys there told me it had died of natural causes – old water damage that had gradually eaten away at the hard drive. So no, I wasn’t, as far as I know, subjected to cyber attack, but not for lack of worrying about it.
The experience helped me understand the hype around Chinese hackers. One of the reasons reports like GhostNet invite such wild speculation is that reporters typically don’t understand the actions they’re writing about. To me, that’s an argument for being very, very careful when reporting on this topic.