Ten years ago, twenty-year-old Nie Shubin was a shy, stuttering, and well-behaved young factory worker. None of the villagers believed that Nie could have committed the murder and rape police had charged him with. Ten years later, the arrest of another man revealed the true murderer, but it was too late for Nie and his family.
The Richest Industry and an Industry for the Rich
Starting in the late 1990s, China started to switch from a welfare-oriented public housing distribution system to commercialized housing. As homeownership rates have skyrocketed, real estate prices have been rising from several hundred yuan per square meter to 2,800 yuan (US$337) per square meter. According to the Shanghai Statistics Bureau, the price of Shanghai commodity housing in 2004 was 6,385 yuan (US$769) per square meter, 14.6% higher than that of 2003, while marketing companies estimated it to be 7,472 yuan (US$900) per square meter.
From December 17 to 19, 2004, the Chinese Communist Party (CCP) held a national conference for propaganda chiefs. Although Hu Jintao did not attend the meeting, he oversaw the entire preparation of the conference. Either he directly approved all of the documents distributed at the meeting, after discussion with the Politburo, or they were distributed following his directions. Therefore, his absence is not an indication of lack of interest. On the contrary, the conference revealed the determination and framework of Hu and Wen in their effort to renew the CCP’s propaganda campaign.
In the spring of 2005, China’s political situation appears delicate and complicated. Since the Two Conferences (the National People’s Congress and the Political Consultative Conference), a series of events such as Zhao Ziyang’s death, the Anti-Secession Law and China’s anti-Japanese campaign have had a big impact on Hu Jintao, the new leader in Zhongnanhai. Before mid-April, the government initiated and manipulated an anti-Japanese movement. With its tacit consent, it then spread to the entire country. On April 17, however, Hu Jintao told the Foreign Ministry and the military to stop their encouragement, support and instigation of this anti-Japanese sentiment. At the same time, under Hu’s orders, the Party Central Propaganda Ministry instructed the People’s Daily, Xinhua News Agency, Guangming Daily and other Party propaganda media to restrain their reporting on the anti-Japanese movement. Hu Jintao also asked the Ministry of Public Security police to intimidate any anti-Japanese demonstrators. Yet the spontaneous anti-Japanese movement continues to evolve on its own, and activists have formed networks to call for all “patriots” to gather in Tiananmen Square on the May 4th anniversary to express “patriotic appeals.”
On the morning of April 21, 2005, in order to gain insight into the current situation in Beijing, the author, an editor for Democratic China, visited Mr. Lu Nan (pseudonym, for security reasons), a retired senior communist official in Beijing.
[Editor’s note: In August 2001, Xinhua.net, a branch of the official Xinhua News Agency, invited two representatives from the Red Hacker Alliance to be online guests and answer questions from online viewers. The Red Hacker Alliance was the largest and earliest hacking outfit in China. According to an April 26, 2005, news report, it has recently regrouped after a short break. With some 20,000 hackers, the alliance was once the fifth largest in the world. Its website, set up at the end of 2000, had nearly 80,000 registered members at its peak. Because the Alliance has recently regrouped, it is timely to review information about it.
The following excerpt is a translation from the online section of the original Xinhua.net publication of August 30, 2001. "Diyang" and "Sharpwinner" are the nicknames of the two guests from the Red Hacker’s Alliance.]
Xinhua Host: Let me first tell my audience what the Red Hacker’s Alliance is all about. The Red Hacker’s Alliance is also known as the Alliance of Red Hacker’s Mission Development and Advancement. It comprises many fans of hacker technology, including the famous Red Hacker Association. The name Red Hacker’s Alliance was adopted after they obtained strong support from several North American Chinese organizations. Their website is www.redhacker.org.
Diyang (guest #1): The terms "red hacker" and "black hacker" are very close in concept. The name of "red hacker" has been used in China for some time to reflect our research orientation and Chinese characteristics. Our website is redhacker.org. We are an organization that upholds justice and represents patriotism. The word "hacker" in its (foreign) origin has a neutral meaning and does not represent purposely sabotaging.
Viewer: As your goal is to hack and take down enemy systems, are your actions legal?
Diyang: When our national interest is threatened and the interests of our people may be harmed, we hack into the websites of our enemies and replace their front pages with our own messages. Our purpose is to express our young people’s voice for justice. Such minor attacks are unlikely to cause any financial loss to the organizations under attack.
The Successes of Red Hacker’s Attacks
Xinhua Host: Now let’s have Sharpwinner explain how the Red Hacker’s Alliance recently attacked Japanese websites.
Sharpwinner (guest #2): At 2 p.m., on the 13th of this month, when we learned from sina.com that the Japanese Prime Minister Junichiro Koizumi was about to pay a visit to the Yasukuni Shrine, we called in some of our members for an urgent meeting to discuss how to deal with his upcoming visit. The meeting ended at 3 p.m., and we decided to attack the Japanese government websites to protest the Japanese government. At 4 p.m., we successfully replaced the web pages on the official website of Japan’s Ministry of Meteorology. Subsequently we attacked dozens of Japanese official websites including that of Japan’s Fire Ministry.
Viewer: As we all know, sophisticated techniques come from constant practice. Honestly, what did you target in order to improve your process?
Sharpwinner: When we first tried the hacker technologies, we often targeted some reactionary and anti-China websites. During the attacks, their webmasters often caught us. As a result, it took lot of effort going back and forth. It was through such a tough environment that we built up our hacker’s skills.
Nationalism or Internet Crime?
Viewer: It is said that American hackers are Internet liberals while Chinese red hackers are the incarnate of Internet terrorists and of Internet censorship. How do you look at this?
Sharpwinner: Why do you think Chinese red hackers are the incarnate of Internet terrorists? Regarding our Chinese red hackers’ seven defending-motherland Internet wars, weren’t all of them for the sake of our national interest and honor? If anyone is in doubt, please read our new book, The Seven Counterattack Battles by the Chinese Red Hackers.
Viewer: Should a war take place, would your technologies be useful?
Diyang: We are living in the information age. Besides military development, the Internet is surely the key focus of the future for many countries. China certainly has a tremendous demand for such talent. Nevertheless, if one day our actions bring trouble to foreign relations of our country, we will change the way we do things.
Viewer: Out of your attacks, which one are you the most proud of?
Diyang: We have never overly shown off our attacks. However, as one of the members of the Chinese red hackers, I was thrilled by the recent "May Day Defense War" [Editor’s note: Referring to the sixth attack on an American website in 2001; see article "The Passionate Time"]. During that time, Chinese Internet users gave us great understanding and support, the Chinese media paid a lot of attention to us, and our government demonstrated its immense tolerance.
The Controversy over Red Hacker
At the time of the online interview on Xinhua.net, a simultaneous debate was ongoing in the online chatrooms between online users and the red hackers and their supporters. From the sampled chatroom comments, one can get a glimpse of how the online society looks at the acts of the red hacker.
Viewer: It sounds funny to me. There is the word "hacker" in English, but you guys added the prefix "RED." It’s as if adding the word "RED" made you guys an organization that upholds justice. Why?
Red Hacker: Red hackers are the role model for China’s youth in this new age. They are idealistic, enthusiastic, disciplined, and moral.
Viewer: How does the Red Hacker’s Alliance differ from Yi He Tuan (the Boxer Rebellion) Movement in the Qing Dynasty?
Red Hacker: The Boxer Rebellion and the red hackers are both patriotic groups. The difference is that we are in a different historic time, and our historic missions are different.
Viewer: I think Yi He Yuan (the Boxers) were for people, hackers are for themselves. The red hackers, however, uses "nationalism" as an excuse to practice their skills of sabotaging others.
Red Hacker: We are certainly different from Yi He Tuan whose goal was to fight foreign invaders. We use the Internet to protest the unjust treatment toward us. Of course, our means of protest and the degree of protest are different from those of the Boxers.
Viewer: The actions of hackers are totally those of "venting personal anger." Hackers harm people and organizations by taking down their websites.
Red Hacker: My friend! Any war will hurt people. Do you have any better way to resolve the issues?
Viewer: In facing different voices and perspectives, you guys never hesitate to attack. Aren’t you really Internet terrorists and censors?
Red Hacker: We are fundamentally different from foreign hackers. Our goal is to protect the interests of our own country.
Red Hacker: Many friends are concerned that we might get permission from the Ministry of Public Security. We do have our own criteria, which is not to cross the line of what our government permits.
Viewer: Are your parents aware of what you’re doing? Do they support you?
Red Hacker: Anyone who is patriotic will surely support us. Besides, we’re not children. It’s not a matter of who or which organizations support us. We are the ardent youths using our own ways in this modern age to safeguard the honor and dignity of our nation.
[Editor’s note: On February 12, 2005, Mr. Min Dahong, Director of the Network and Data Media Research Center for the Chinese Academy of Social Sciences’ Institute of Journalism and Communication, published an article in his column on the Blogchina.com website, entitled, "Bidding Farewell to the Passionate Time of the Chinese Hackers-the Dissolution of the Chinese Red Hacker’s Alliance." The following is an excerpt from his article, documenting the six attacks that the red hackers initiated between 1998 and 2001. The article reflects the viewpoint of a Chinese scholar from a state-owned research institute.]
Between 1998 and 2001, the Chinese Hackers (CH), initiated six massive Internet attacks on foreign countries. From a rational standpoint, all hacker attacks should be condemned, but from a perceptual standpoint, the CH initiated the six attacks with justification, strongly demonstrating the spirit of "I will not harm you if you don’t harm me. I’ll certainly harm you if you do harm me." [Translator’s note: This quotation came from Mao Tse-Tung.] The CH is the first hacker group over the Chinese Internet to have had a great impact. Its impact derives from six large-scale massive attacks, politically motivated, on foreign countries. Back then, this group of young people, filled with political passion and technical ambition, not only maintained our country’s dignity but also, more importantly, motivated the development of Internet security on the newly born Chinese Internet.
At a time when the Chinese Red Hacker’s Alliance is disbanding, I am putting online section No. 2 from my yet-to-be-published book to share with viewers. This is dedicated to the Chinese hacker, who is full of passion and a sense of justice.
The First Attack: on the Indonesian Internet in August 1998
Riots occurred in Indonesia in May of 1998. During the riots, many ethnic Chinese were attacked, and many Chinese women were assaulted in the most horrible ways. Not until July and August did the facts find their way to the outside world, over the Internet. Because the domestic media wasn’t reporting what happened to the ethnic Chinese in Indonesia, Chinese Internet users learned about it on the Web. By early August, the protests by Chinese people throughout the world reached a peak. The Chinese throughout the world held demonstrations simultaneously on August 7. The crimes committed by the Indonesian mob infuriated the Chinese hackers, who at that time were no more than novices in this new field. They gathered in IRCs (chatrooms), and decided to attack Indonesian websites. This was the first joint effort of Chinese hackers to attack foreign websites, and it displayed a degree of uniformity and coordination that set an example for later similar actions.
On August 7, the editor of ChinaByte found a new posting in the website’s forum; it claimed that Chinese hackers had successfully attacked an Indonesian website. Attached to the posting was a link to the website that had not yet recovered. The editor, after confirming the information, decided to send, for the first time, a "supplement" to subscribers of the daily email news. The supplement contained only two sentences and a Web link, but the most important message was nonetheless conveyed. It read:
"Your website has been attacked by Chinese hackers. Indonesian mob: you’ll pay for your crimes!!! Stop killing Chinese!!! "
The above message appeared on a ‘to kobudi.co.id’ Indonesian website. This website was currently being attacked by Chinese hackers.
Within minutes, this supplemental email news was sent to tens of thousands of email boxes. On August 10, ChinaByte published a front-page story on this incident. The headline read, "The Anti-Chinese Crimes in Indonesia Have Enraged Chinese Hackers," and the subtitle read, "Anger Surges on the Internet."
In fact, even before August 7, Chinese hackers had begun launching attacks on Indonesian websites and email boxes. They usurped the rights of network security administrators by deciphering passwords, posting on the front pages of Indonesian websites slogans such as, "Dear suffering fellow Chinese: I am indignant and crying for you," "Bring Justice to the Murderers! Bring Justice to the Criminals! Blood for Blood!" At the same time, they posted the email addresses of key departments of the Indonesian government, and taught other Internet users how to "bomb" these email boxes. On August 17, Indonesian Independence Day, many Indonesian websites were attacked again by Chinese hackers, who posted messages, in Chinese and broken English, condemning the anti-Chinese crimes by the Indonesian mob on the front pages of these websites. A Chinese hacker wrote in the guest book of the hacked Indonesian website that he only meant to remind people not to forget the tragedy in May, and that the attack would not cause loss of data. He told the webmaster to keep the altered front page for 48 hours, and in place of his signature he wrote, "Warning from the Chinese." The hacker obviously wanted people to remember the anti-Chinese turmoil that also lasted 48 hours in Indonesia.
The Chinese hackers’ attack provoked an intense reaction from the Indonesian government. They accused the Chinese government of instigating the Chinese hackers’ actions, pointing out that it was an extreme sign that China seeks regional hegemony. According to a report from "Voice of America," published on August 9, an Indonesian government official protested the "Chinese hackers’ atrocity." According to him, since August 7, at least ten websites in Indonesia had been destroyed by an organization claiming to be "the Chinese hackers." Some websites were pasted over with terrorist pictures, and the majority of the websites were thoroughly destroyed. Moreover, on August 7, nearly all Indonesian government public email boxes were fanatically bombed. This official said, "We hope the Chinese maintain a clear mind, because what happens is our business! If the Chinese do not want to distinguish clearly between the Chinese and overseas Chinese, it demonstrates that China is a threatening country. China cannot take the place where overseas Chinese live as its own territory. In the 1950s, when China sent a warship to our country, we could understand, because they took their own people back to their country. Today, the Chinese hackers came, and we are baffled, because they have willfully interfered with our internal affairs. Everyone realizes that, without having the Chinese government to instruct them, the all-China women’s federation would not have protested; the Chinese government not only interferes with our internal affairs, but it also incites the domestic hackers to attack us. We are extremely displeased!"
On August 11, an Indonesian government electronics technology manager spoke once again on the Chinese hackers’ behavior. He said that although the hacker attack had caused very big losses to Indonesia, he could understand the indignation. He asked people not to believe the description on the Internet about how bad the riot was. He said the Indonesian government could deal well with its own problem. When asked about the losses from the hacker attack, he said hundreds of websites were attacked, more than a dozen were broken into, and the majority was sabotaged. The hackers attempted to attack the financial system, causing some losses. In addition, Indonesia’s network was exceptionally crowded on August 7, and the government email system was nearly paralyzed. The attacks had a certain influence on Indonesia’s normal social order. Then this spokesperson changed to a sensational tone: "We are sure that China’s massive ISP relied on its broadband superiority to carry out email bombings at us for 30 hours; it’s very unconvincing to claim that this was not an organized action. The air raid alarm did not go off. Otherwise, I would certainly have thought that China had declared war on Indonesia. On the other hand, any network has its loopholes, and any country has its hackers; we hope that this is not the beginning of hatred between these two great nations. I did not believe in China’s threat in the past. Now I know we should not just believe what the Chinese government says. Just ‘a venting of anger’ by its one billion citizens, secretly instigated by the government, is an awe-inspiring strength." He finally said, "I dare to make a bet: The hacker attack is merely a signal that China will dominate the region. When they step on our national territory, and start saying this and that, everybody will think ‘China threat’ is an appropriate description: Friends in the Association of Southeast Asian Nations should first of all remember this!"
The Second Attack: on the American Internet in May 1999
In the initial period of the war in Kosovo in 1999, the Chinese hackers did not take many extreme actions toward the websites of the U.S. and other NATO countries. The situation changed dramatically after the missile bombing of the Chinese Embassy in Yugoslavia. The protest on the Chinese Internet was as fierce as the student protests in front of the American Embassy and Consulates in China. The Chinese hackers could not bear the killing of their fellow Chinese, the Chinese Embassy being bombed, and China’s national dignity being infringed upon. They launched a fierce attack on government and military websites in the United States and in other NATO nations, lasting for days. Compared to the attack on the Indonesian websites, this time more Chinese Internet users joined the action. It surpassed the first attack on Indonesia in both scale and damage. Quite a few websites, including the American Embassy in China, the White House, and other U.S. and NATO institutions, were smeared. In some cases, the computer systems were paralyzed.
On May 8, after Web surfers learned the news that the Chinese Embassy had been bombed, and as if in response to an alarm, they immediately got on the Internet. A surfer by the name of "Ninth Magnate," posted his message on May 11: "Network People’s War—Online Anti-America Experiences," which vividly described the online situation. At the end he wrote, "This is a genuine people’s war on the Net: In the chatroom and in the BBS forum, the surfers, using their ten fingers plus the keyboard, wage war against the traitors to China, the advocates of Taiwan independence, and others who are hostile toward the Chinese people. Back home, many people rapidly joined in protesting the NATO atrocity, with articles and pictures on their homepages, forming the anti-NATO alliance. Their ICQ, FrontPage and CUTEFTP … remain online all the time, making up-to-date information available to their allies. Fighting in the frontline is this special troop—China’s hackers, who are carrying on the special fight in the most dangerous place. … Above are my online experiences from midnight, May 8, to dawn on May 9. During the 24 hours of action from 9 a.m. of May 8, to the morning of the next day, I ate only one meal for lunch. I will not write about what happened after 8 a.m. on May 9. Some sources said that more than 300 websites in the United States were hacked into on May 9. The night of May 8, 1999, is difficult to forget, with its innumerable Chinese Web surfers. Since the existence of the Internet, not one thing like this could have affected a whole nation’s sensitivity. Although only facing the computer screen, I could feel Web surfers’ sincere, patriotic hearts. We sensed all the peoples’ support gathered online at that special time. During the nearly week-long campaign, numerous surfers and hackers worked online late into the night. Many would say goodbye to others at 2 or 3 a.m., sometimes at 4 or 5 a.m., when they could not hold on any longer."
The White House homepage has been attacked many times since May 8th. Some Chinese Web surfers kept four different screen captures of the smeared White House homepage. A most splendid version was that on the White House main page: The two American flags on the side were replaced with a pirate skull flag, and the flag on top of the White House was also changed into a skull flag. During the attacks on the White House website, hackers from Hong Kong also participated. In just several days, the Chinese hackers posted pictures of the three reporters who had died, along with words of protest or Nazi-inspired pictures of President Clinton, onto several hundred American government websites, and even onto NATO websites. Many Chinese websites relentlessly posted the web address of U.S. government organizations and military establishments. For example, the website, "China Dragon," has collected many website addresses of the United States Air Force. It specially mentioned, "According to an investigation, the party that carried out the bombing of our Yugoslavian embassy is the 509th Bombing Wing in Missouri’s Whiteman Air Force Base. Namely, the B-2 Air Force Base. Its website is …(omitted). It invites the hacker master to perform wantonly bombing. All Chinese people will thank you! ! !" News of successful hacking was announced from time to time.
In this hacker attack, some hackers worked individually, and some powerful hacker "army corps" emerged, as well. On May 9, an organization called the "Chinese hacker emergency meeting center" was formed, announcing the passwords of more than 250 websites in the United States (they only knew a tiny portion of the homepages). Many Chinese Web surfers immediately attacked these websites. The organization declared, "This is only a provisional organization: the members come from everywhere in China. The reason for its establishment is NATO’s unreasonable barbaric provocation. Our goal is to protest, and break the news blockade of foreign media that are hostile to China, enabling the people to clearly see America’s and NATO’s hegemonic point of view and their animalistic behavior. We do not have a strict assignment or a code of conduct, we do not even know one another, but we unite wholeheartedly. We firmly support the position of the Chinese government and the Communist Party of China. We will not leave behind any trace of evidence. The public security department can rest assured that we only use the images that can represent the entire Chinese people to replace the NATO military homepage. We will not delete or destroy any of their data. So long as the final goal of the Chinese people and the Chinese government is unconditionally guaranteed, we will not react. But, now, we are taking action!" This organization launched the third attack at 8 a.m. on May 16, thoroughly bombarding many of the websites of the U.S. Navy and Washington communication center (BASS).
In order to transform more surfers into hackers, information on how to become instant hackers was made widely available online. Besides the attacks to American websites made by the hacker masters, another attack method is to use "PING" to destroy the other party’s server, i.e., through email bombing. During that period, slogans were often seen on the Internet, such as "Let us unite! The email missile is our attack weapon. If hundreds of thousands of people cooperate together, we can very quickly paralyze this website." Detailed instructions on how to use "PING," and coordinate a time of attack were also often seen on the Internet. This simple strategy of mass attack had an enormously damaging impact. On May 12, the "Voice of America" Chinese email news reported that, "The Chinese people protested not only everywhere in China. They also directly sent out massive amounts of email to express their anger to the White House. The email amount was huge, causing the White House website to break down on Monday, and be shut down temporarily for repair. The White House spokesperson indicated that, on Monday evening, a White House intern found that he was unable to connect to the White House’s website, and only then did the White House computer department personnel discover that the huge email volume had incapacitated the White House website, causing it to crash. The situation returned to normal Tuesday evening. This spokesperson indicated that this was the first time ever that the White House website had experienced a breakdown due to excessive email.
The general Web surfers gave the warmest applause and cheers whenever an American homepage was hacked. There were abundant, encouraging Internet messages: "Salute to our hackers!" "I very much admire and respect the hackers! Whoever can contribute to the nation during a key time is the hero!" Some called the hackers "black guest" in Chinese, and "red guest," to put a revolutionary color on them. Some Internet users impatiently wanted to learn to be hackers: "Please, my beloved hacker master, teach me your techniques, so that I can work for our nation by hacking the Americans."
On May 17, in order to gauge the public’s response about the Chinese hackers, the "Chinese hacker emergency meeting center" posted a poll on its homepage. By 11 p.m. on May 20, 717 people had responded: (1) supports absolutely, wanting to join the action (81%); (2) supports, but cannot join the action (13%); (3) basically supports, but has reservations about details (3%); (4) don’t care (0%); (5) not very good (0%); (6) opposed absolutely (1%). Although an online poll is not so reliable, it helps to reveal people’s feelings, in general. Regarding the hackers’ attack, even many newspapers responded affirmatively, calling the hackers "the Internet soldiers," and "the Internet brave warriors." One newspaper carried a section entitled, "The brave warriors on the Internet in this specific historical time have become our Byte-time heroes."
The color red in China is associated with revolution, and represents victory. In this round of Chinese hackers’ attacks, "red hacker" is used to indicate the action is for justice: "the red hacker" has become the Chinese hacker’s outer wrapping. The Honker Union of China (HUC), as the main attacking force in China, explicitly proposed that, "hong-ke (the red guest) should always be phonetically translated into honker." They felt that since English is the popular world language, if honker became a formal English word, it would carry great significance for them.
They explicitly proposed that honkers’ objectives should be to "Support the unification of the country; safeguard the sovereignty of the nation; fight together against foreign provocation; attack anti-China hostile forces," and to "attack Japanese rightists and American imperialists on Taiwan independence, as well as all others who are hostile to our country."
The Third Attack: on Taiwan in August 1999
On July 9, 1999, Taiwan’s President Li Denghui was interviewed by the "Voice of Germany" and announced his "two-country theory." He stated that the relationship across the Taiwan Strait should be "country to country, or at least a special state-to-state relationship." Some officials in the Taiwan government also echoed Li, by saying that the relationship across the Strait had gone from "two equivalent political bodies" to "two states," and negotiations should be "talk between two nations." The "two-country theory" immediately made bilateral relations intense. The mainland hackers, having just gained a lot of experience from attacking the United States, on August 7, began an assault on more than 10 Taiwan government websites. Taiwan hackers launched a counterattack on August 8. The mainland hackers pasted on the hacked homepages, "There is only one China in the world; the world only needs one China," while the Taiwan hackers pasted on China’s hacked homepages, "Taiwan forever is a separated part from China." The mainland hackers put the Five-Star red flag of the PRC on the homepages they hacked into; the Taiwan hackers put the Blue-Sky-White-Sun flag of Taiwan on the homepages they managed to hack into. For a while, it was a fierce Internet war. Hong Kong and the Taiwan newspapers reported on it, using eye-catching titles such as, "The War on the Internet Has Begun," and "War on the Internet: the Unavoidable." Some of the reports said, "While the troops on both sides of the Taiwan Strait are still kept on hold and try to scare each other, civilians have already started an information-age battle. Hackers from both sides attack the other side’s websites, trying to post political slogans on them to demonstrate hacking capability."
Under attack by the mainland hackers, Taiwan lost several key government websites, including its "National Security Bureau," which logged 7,200 attacks in three days. Besides deleting or altering the homepages, the mainland hackers also implanted back-door Trojan viruses into many hacked Taiwan servers. That paralyzed many servers for a long time. Worthy of mentioning is that this is the first time that Chinese hackers started to use the made-in-China Trojan viruses, "Ice River" and "NetSpy," instead of using the American "BO" Trojan virus. For some time, the Trojan "Ice River" was the most popular virus used by Chinese hackers. The security alarm posted on the Taiwan "National Assembly" website on August 11 stated that it seemed both software and hardware on its system were severely damaged; the system could not be brought back even after reinstallation of all software. Taiwan police were shocked by the fact that the hacker attack resulted in hardware damage. Under the Taiwan hackers’ first-wave counterattack, several Chinese official websites were hacked into, including the Ministry of Railways, The Chinese Security Exchange Monitor, and the Shaanxi Province science and technology information network.
As the Internet War gradually escalated, a large number of non-government websites fell victim to assault. Participants became less and less rational, regarding hacking into any website, governmental or not, as a victory. This kind of indiscriminate assault is common when the hacker is politically motivated, being very different from the traditional definition of "hacking." The battle across the Taiwan Strait did not experience a cease-fire until the end of August.
The attacks between mainland and Taiwan hackers are protracted ones. New attacks can be triggered whenever some sensitive events occur. For instance, on March 18, 2000, the night that Chen Shuibian won the Taiwan election, some mainland hackers launched a new assault.
After the 2004 Taiwan election, Taiwan intelligence disclosed that right after the completion of the March 20 election, mainland Chinese hackers broke through all the firewalls, hacking into the network systems of the National Security Bureau and the President’s Office, stealing some top-secret documents. In recent years, Taiwan media often has reported that an "army of mainland hackers invaded Taiwan." The political deadlock regarding the Taiwan Strait has resulted in a long-term hacker war between both sides.
The Fourth Attack: on Japanese Websites from January to February 2000
On January 21, 2000, the Japanese Supreme Court ruled against the appeal of World War II veteran "Dong Shilang." On January 23, the Japanese right-wing faction rallied at the Osaka International Peace Center, publicly denying the existence of the Nanjing Massacre. (An estimated 300,000 Chinese were slaughtered during the six weeks after Nanjing was occupied by Japanese in December 1937. The Japanese removed any reference to the massacre from their textbooks.) This again evoked nationalist sentiment among Chinese hackers, who in turn vowed to have an "online, new Anti-Japanese war," and began to attack the Japanese websites. The defaced Japanese websites read, "Japanese who deny the truth of history are the shame of Asia." This showed that the attack was politically motivated.
During this attack, an organization self-named the "China Extreme-Rightist Anti-Japan Alliance" was very conspicuous (it had a website at that time: http://www.bsptt.gx.cn/public/badboy/hack/). From January 24 to February 13, this organization hacked into about 30 of Japan’s websites, including the Ministry of Science and Technology, the Ministry of General Affairs, the Mainichi Newspaper, NHK, Okinawa Postal Office, JVC, etc. This organization’s website posted a provocative "open letter to the Japanese government," claiming that the purpose of the Alliance was to "feverishly attack a few Japanese mad dogs online." The Alliance was composed of "all Chinese Internet users with strong patriotism." The Alliance posted the URL of more than 300 Japanese government websites, over 100 Japanese Cabinet members’ email addresses, as well as a dozen most effective hacker tools and detailed explanations on how to attack Japanese websites.
The Fifth Attack: on Japanese Websites in 2001
In the new century, a series of incidents severely damaged the Sino-Japanese relationship. These incidents enraged the Chinese hackers, who vindictively continued attacking the Japanese websites. Japanese government officials had to admit that due to increased Internet protests, the number of attacks on the Japanese websites had surged dramatically. In the first five months of 2001, there were 650 politically motivated website attacks, compared to a mere 63 attacks in the entire year of 2000.
The first wave of attacks happened in February. Honker Union of China (HUC), announced that an assault on Japanese websites would start at 6 p.m., February 16, 2001, and last for one week. It would include the government sites and other major and important websites, as well as important DNS systems. In the following two weeks, Japanese companies admitted that more than 70 of their websites were successfully invaded by the Chinese hackers. Most of them were private businesses such as NTT, West Nippon Printing Co., Dai Nippon Printing Co., a Seiko subsidiary, and Nihon Short-wave Broadcasting Co. Most of the time, the hacked websites were replaced with a display of the PRC national flag.
In March, a new wave of attacks was triggered by the Japanese Text Book incident. This time, Chinese and South Korean hackers attacked the Japanese websites. For example, the websites of the Japanese Ministry of Education, the Ministries of Culture, Sports, and Science and Technology were all forced to shut down, due to the attacks from South Korean hackers. Eventually, the Japanese government had to urge the South Korean government to stop the South Korean hackers.
The attack in August got even fiercer after Prime Minister Koizumi’s August 13 visit to Yasukuni Shrine. (The shrine honors Japans war dead, including convicted war criminals. That the Prime Minister visits it every year has inflamed Sino-Japanese relations. Opponents say that the shrine glorifies Japan’s brutal wartime invasions.) Upon hearing the news, Chinese hackers acted immediately. They defaced some Japanese government websites in protest to the visit. Honker Union of China stated that Koizumi’s visit to the Yasukuni Shrine hurt the feelings of Asians, especially of the Chinese. The previous Textbook incident exasperated them, so they decided to attack Japanese government websites to express their dissatisfaction. In fact, Honker Union of China had already discussed that once Koizumi visited the Yasukuni Shrine, they would use certain methods to attack Japanese websites.
At four o’clock on the afternoon of August 13, the Japan Meteorological Agency’s server was the first to be attacked, followed by the Japan Material Appraisal Research Institute, the Japan Strategic Material Research Center, the Japan Defense System Research Center, Japan’s Department of Intelligence Service Center, Japan’s Fire Department, Japan’s Defense Facility Department, Japan’s Communication Research Lab, and websites of the Japanese Cabinet. Early in the morning on August 14, Honker Union of China issued "a statement about hacker attacks on Japan." It said, "Disregarding protests from Asians and voices for peace from Japan, Japanese Prime Minister Koizumi paid respect to the Yasukuni Shrine, which symbolizes Japanese militarism. The Japanese leader’s wrongful act cruelly hurt the feelings of people from Asian countries, especially those of the Chinese. In addition, when combined with the Textbook incident, it tells us that Japan feels no remorse about its mistakes of World War II. Upon hearing about this visit, Honker Union of China called on some members to discuss countermeasures. Before the Chinese government expressed its condemnation of the Japanese government, we decided to apply what we were good at, to convey a serious protest and the discontent of the young Internet generation to the Japanese new administration and its leader. Honker Union of China (www.redhacker.org) changed the Japanese governments’ homepages during this emergency, in conformity with the spirit of red hackers. Honker Union of China regrets what happened and will be responsible for the attacked homepages. History can’t be neglected, and facts can’t be changed. Retaliation gains respect, and progress is the most important thing."
The Sixth Attack: on American Websites in April and May 2001
On April 1, 2001, an American surveillance plane collided with a Chinese fighter plane, causing the death of Chinese pilot Wang Wei in the crash. This incident caused indignation throughout China, and created tension between the Bush administration and Beijing. Although on April 11, Beijing allowed the crew to return to the United States, the incident hadn’t been fully resolved. Sino-U.S. relations were still tense. Starting in early April, hackers from both China and the United States started to attack each other. For instance, the American hacker organization "poizonB0x" was one of the major forces to attack Chinese websites. An American hacker named "Pr0phet" stated clearly, "At first, I randomly chose websites to attack. Now my target will be websites ending with .edu.cn and ac.cn or .cn." Under such tension, Chinese hackers started a large-scale campaign, "the Sixth Cyberspace Defense War," between April 30 and May 8. (May 8 was the second anniversary of the NATO bombing of the Chinese Embassy in Yugoslavia.) As for the results of this China-U.S. cyber war, different media had different assessments. According to the head of the Honker Union of China, up until May 7, over 1,600 American websites were attacked, including over 900 government and military websites. Over 1,100 China websites were hacked into, 600 of which were important sites. In fact, each cyber war can’t be publicly declared in advance, nor can a formal end be declared.
The Characteristics of Chinese Hackers
In this cyber war between Chinese and American hackers, six unique aspects are worth noting:
1. Chinese Hackers Had an Excuse for Launching the Attack
The Honker Union of China (HUC) was the eye-catching, principle player in this round of attacks, making the term "honker" once again triumphant. On December 1, 2000, Lion, the head of the Honker Union in China, suggested standardizing the English translation of "hong-ke" to "honker." He argued that if the word honker (for red hacker) was accepted in the English language, it would really mean a lot. It would make it more convenient for honkers to communicate and collaborate worldwide. More importantly, it would further "increase the honkers’ influence, strengthen cohesion and promote honker culture and its development."
It is evident that by promoting the new word "honker," the Chinese hackers were trying to give a positive image to their acts. Even though some Chinese hackers defaced the U.S. websites with abusive language to convey discontent, the majority used the Chinese national flag, the Chinese anthem and slogans, such as "Long Live the Great Chinese Nation," "The United States must be fully responsible for the crash of the airplanes," and "Object to the United States selling weapons to Taiwan, damaging world peace." This behavior was in accordance with their attached purpose: "Support the unification of the country; safeguard the sovereignty of the nation; fight together against foreign provocation; attack anti-China hostile forces."
2. Chinese Hackers Are Capable of Coordinating a Group Attack
Honker Union of China, China Hacker Alliance, and China Eagle Alliance were major players in attacking the U.S. websites. Having formed an organizational foundation during the previous attacks, they were able to initiate an organized group attack in this round, and bring to the battlefield newcomers who were still not adept at hacking techniques. For example, at 7 p.m. on April 30, the Honker Union of China held a cyber meeting, "orientation for attacking U.S. websites," providing a professional database to deface U.S. websites. On May 7, Chinese hackers organized a group attack on the White House homepage, with a claimed group of 80,000 hacker participants. In the aftermath, a White House spokesperson admitted that a massive volume of data surged in at the same time, paralyzing the connection between the White House homepage and its Internet service provider. The concentrated attack from Chinese hackers and its great coordination made the United States believe that the Chinese government at least acquiesced in this matter, even if it did not claim to have supported it. Pingkefu, a Canadian military critic and senior analyst of Kanwa Intelligence Review, called the attack by Chinese hackers a "new people’s war" (Asian Weekly, May 13, 2000). It acknowledged that the main body of the war was the sheer volume of people, or the "civilian soldier in an information network war," the weapons were computers, the destructive power was knowledge and technology, and the battlefield was the cyberspace network.
3. Chinese Hackers Consist of Young People
As per media reports, the head of the China Eagle Alliance, nicknamed "Old Eagle," is 30 years old. The head of the Honker Union of China, "Lion," is only 21 years old. The spokesperson of the HUC, "Bkbll," is also 21, and he is a college student who is not majoring in computer science. "Bkbll" claimed that the mean age of HUC members was younger than age 23, as previously reported by the media, and 65% of the registered members were college students.
Various surveys conducted by the Chinese Internet Information Center (CNNIC) show that most of the Chinese Internet users are young people under 30. In a most recent survey that ended on December 31, 2000, the center determined the percentage of users in each age group: 41.18% between ages 18 and 24, 18.8% between ages 25 and 30, and 14.93% under 18. In other words, the age group between 18 and 30 accounted for 75% of the total Internet users of 22.5 million. The number of Internet users in China is expected to reach 200 million in 2005, about 15% of the total Chinese population. With such a massive young Internet user group in China, their behavior will have a very profound impact domestically and internationally.
This Internet generation (born after 1970 through the 1980s) grew up in a social environment different from the older generation. Their knowledge and abilities are different from their parents, as are their values. However, a paragraph in an open letter to the American president from the China Eagle Alliance is revealing: "During the past 100 years, China’s calendar was full of hardships and grudges. We forever appreciate those who consoled us; we will never forget those who put salt on our wounds. We, the next generation, grew up eating fast food at KFC and McDonalds. Going to theaters to view an exciting Hollywood movie each month has already become a habit for many Chinese. While our parents’ generation deeply worries about such things, interestingly, it’s you guys who woke us up."
4. Chinese Hackers Enjoy Popular Approval in China
During the cyber war between Chinese and American hackers, some online surveys were conducted on the Internet. Even though this kind of survey is not truly scientific, it provides a quick indication of popular thought and trends. Table 1 summarizes the results of four such surveys on the Chinese websites:
The surveys showed the prevalent acknowledgment in China of the Chinese hackers’ attack. Of course, the survey’s questions could have influenced the outcome. For example, SINA net (Sina.com.cn) had only three questions that were biased in favor of the attacks. On the other hand, Netease (163.com) had seven questions, only one of which was in favor of attacks.
5. The China-U.S. Cyber War Drew Multinational Participants
Due to the borderless nature of network communication, the China-U.S. cyber war quickly became an Internet "world war," with multinational "troops." As reported by Taiwan’s China Times, "The China-U.S. cyber war is horrifying, and is starting to involve hackers from Europe, Central and South America, Asia, and Arabic countries: each group choosing its side to aid. Hackers from Malaysia, Pakistan, Brazil, Argentina and India obviously stood on the American side. Hackers from South Korea, Japan and Indonesia sympathized with China. The famous hacker organization in Europe, the WOH (World of Hell), joined the war, without favoring either side. They searched the Internet, attacking websites with loopholes." Some media even explicitly explained how Russian hackers helped Chinese hackers to attack American websites, but Chinese hackers denied the report (Editor’s note: technically it’s hard to determine the place of origin of skillful hackers.)
This situation caused a chaotic cyber war. Many non-political websites in various countries were attacked for no reason. Many hackers, especially beginners, went to such extremes as to deface homepages and alter databases whenever they found a website with security loopholes. In doing so, they applied and tested out their skills. Hacking without any reason will only have a negative influence. During this China-U.S. cyber war, even the academic sites of journalism and communication weren’t exempt. I logged into the major journalism academic site of Taiwan (http://ccs.nccu.edu.tw) on the morning of May 13. After clicking on the link to that homepage, the opened page read, "Fuck the U.S. Government Fuck PoizonBOx." This was the first time I clicked on a defaced homepage.
6. The China-U.S. Cyber War Triggered Debates on Hacking
The cyber war between American and Chinese hackers led to an intense debate over the Chinese Internet. The debate focused on two issues: Is it meaningful and is it lawful? On May 5, 2001, a commentary was published on the official website of People’s Daily (www.people.com.cn), entitled, "Hacker or Honker, Both Bring Harm to the Internet Order." The article sent out a calm, rational and balanced voice from mainstream media at a time when the majority was "feverish." It stated, "Putting aside the patriotic enthusiasm of the Chinese red hackers or the hegemonic actions of the Americans, let’s comment only on the hacking itself. We have to admit that the behavior of wantonly attacking and sabotaging websites, regardless of whether by Chinese red hackers or by American black hackers, is inexcusably illegal. It is no exaggeration to call this behavior cyber terrorism, which threatens Internet security." However, this article drew lots of opposition, making the debate even more volatile.
I am not trying to cover all the issues of hacking here. I believe that in terms of the Internet’s influence on international relations and politics, both sides have gained inspiration from this China-U.S. cyber war. "From the U.S. point of view, it has roughly three effects: 1) it reminds the United States to pay attention to China on Internet security issues; 2) it provides better excuses for the FBI to lobby for more authority over Internet surveillance; and 3) it has sounded the alarm for the potential of extreme Chinese nationalism." From the Chinese point of view, its effects were similar. First, since most of the hardware and software comes from the United States, and China is far behind in terms of Internet security, China has to catch up quickly to avoid losing the future real cyber war. Second, China has to have a capability for cyber attack and cyber defense that is comparable to that of other countries, because in the future, whoever possesses the threat, and actual capability, of conducting a cyber war is the one who will be able to dominate international affairs.