Chinese Activists Outside China Under Malicious Cyber-Attacks from China

By Gary Feuerberg
Gary Feuerberg
Gary Feuerberg
July 7, 2013 Updated: December 15, 2013

WASHINGTON—The Congressional-Executive Commission on China heard testimony June 25 on the impact of cyber-attacks and espionage on American Intellectual Property (IP) and learned that over $300 billion each year are lost as a result. The majority of the theft emanates from China, concluded the Commission on the Theft of American Intellectual Property, one of whose members, former Senator Slade Gorton, testified before the CECC. Evidence abounds that these cyber-attacks are state-sponsored.

Not only are American companies targeted. Media and human rights organizations are targeted as well by state-sponsored hackers, said CECC Cochairman Rep. Chris Smith (R-N.J.). 

“Journalists writing about corruption in China find their computer systems hacked and passwords stolen. For human rights organizations and activists, dealing with hacking attacks from China is almost a daily fact of life,” said CECC Chairman and Sen. Sherrod Brown (D-Ohio).

Congressman Smith has first-hand experience with being hacked that pointed to China as the culprit. In Dec. 2006 and again in March 2007, his Human Rights Subcommittee’s computers were attacked by a virus that, in the words of the U.S. Information Resources Office, was “intended to take control of the computers.” 

The motive appeared to be to get at his files pertaining to China. “These contained legislative proposals related to Beijing, including a major bill I authored, the Global Online Freedom Act. Also hacked were emails with human rights groups regarding strategy, information on hearings on China, and the names of Chinese dissidents.”

Congressman Smith’s experience is symptomatic of what Chinese activists face today outside China, according to Louisa Greve, who is currently with the National Endowment for Democracy. She testified that Chinese, Tibetan, Uyghur, and Southern Mongolian democracy advocates and human rights activists working from exile even in democratic countries are unable to engage in normal communication. They have to contend with routine and intense cyberhacking, including “persistent denial-of-service attacks and implanting of malicious code on their websites.”

Greve provided a long list of organizations and news sites that have had to endure embedded malware implanted by hackers or having their websites shut down for days or weeks. The list includes Human Rights in China, China Aid, the Independent Chinese PEN Center, the Office of the Dalai Lama, Boxun, China Human Rights Defenders, and the World Uyghur Congress, and several more.

Wen Yunchao, blogger and visiting scholar at the Institute for the Study of Human Rights at Columbia University, described his personal experiences of having his telephone and Internet services under severe attack in Feb. 2011, when the “Jasmine revolution” broke in China. 

Wen is better known by his online alias “Bei Feng.” In June 2011, he was in Geneva to give a speech at the UN Human Rights Council that called for support for Chinese citizens persecuted because of the “Jasmine Revolution.”

Wen received a text message that warned him not to give the speech. He quoted from the message translated here: “A wise person takes action after thorough thinking; do not let ignorance have the upper hand and leave you in sadness. Whereas life can be splendid, why obsess with one thing? Put it down.”

Before he left Geneva, after he gave the speech, he received a large volume of harassing phone calls, where he could hear Mandarin speech but the words were inaudible. The calls continued through August. He analyzed the time that the calls came and discovered that “the attackers had a very regular time when they started working and when they went off work. It was not a random person calling alone.”

Wen said his Twitter account was “tweet bombed” with trash information. The heaviest attack occurred in April 25, 2012 when 590,000 spam messages were posted within 24 hours. He added, “Unidentified persons also posted viciously defaming information about me at a rate of over 10,000 times per day.”

Greve said that the Chinese hackers of late want to impede the ability of groups to function normally. In the past 8 to 10 years, she said Chinese activists had to deal with fake emails spoofing their addresses going out to numerous recipients, purporting to be emails from them, denial-of-service attacks, spear-phishing, malware, and more. But in the last year or two, the hacking has become more intrusive and malicious similar to what Wen reported: “round-the-clock, real time, non-machine (human) interference; all-device tracking; and software innovation to attack previously untouched systems, including most recently, android systems for mobile phones and tablets.”

Further, the hackers are getting much more sophisticated and proficient. Hackers can react quickly in real time, using content sent between activists, and within an hour or two create fake emails “often of a spear-phishing nature or with malicious code attached.” If the sender who is being represented is using a second language, the hacker may make the same errors in syntax, selling, and grammar to deceive the recipients. 

Greve said that activists report that the English and Uyghur language proficiency of the hackers “is much better than it was a year ago.” They use new and innovative software. All of the above are indications of “massive resources being devoted to the effort,” she said.

The aim of this recent upgrade of cyberhacking of Chinese activists is to undermine trust among dissidents, raise costs, and induce fear. “[It] is a remarkable extraterritorial extension of the tactics of repression practiced by authoritarian states,” Greve said.

Gary Feuerberg
Gary Feuerberg