chinese hackerism in retrospect
TRANSCRIPT
Chinese Hackerism in Retrospect: The Legend of a New Revolutionary Army
By Jack Linchuan Qiu
Hackers, according to popular myth, are mischievous adolescents or desperado groups who ply their alchemy in the shadows of cyberspace. Meanwhile, mainstream media portrays China’s control of its domestic Internet activities in an equally negative frame. A compelling question arises when the two narratives are conjoined: What of hackers in China? Do two negatives produce a positive? This question is particularly intriguing with regard to the US-China cyberwar in April-May 2001, triggered by the collision between an American spy plane and a Chinese fighter jet over the South China Sea. But the question has no simple answer. In the US, much ambivalence – and dissent – surrounds the attempt to balance network security and the liberating potentials of the Net. In the Middle Kingdom where there is no First Amendment and little traditional respect for intellectual property rights, the issue becomes a hypersensitive one, with complex cultural, moral and political ramifications. A Brave New Generation Like their American counterparts, most Chinese hackers are young men (yes, men) adoring technology, reveling in virtual trespassing, and craving public attention. According to Lion, founder of Honker Union of China (www.cnhonker.com), a key group in last year’s US-China hacker war, 65% of HUC members are college students in their early 20s. Lion himself went straight from high school to an IT company in Canton. He was 21 when the warfare broke out. Except for some demographics, Chinese and American hackers have little in common. While hackerism in the U.S. was hatched in pre-Internet computer labs, blue boxing, and prolonged protests of the 60s, Lion’s generation grew up with the Internet in the second half of the 90s. The country’s computer network was virtually non-existent in 1989 when a turbulent decade of student demonstrations squeaked to a sudden end in Tiananmen. By the time Chinese hackerism took shape, the anti-establishment spirit characterizing youth in the 80s had significantly subsided, if not totally disappeared. The rise of hacking in China thus emerged in a relatively “peaceful” period, when the Chinese state had the leisure to fantasize about Gore’s rhetoric of the “information superhighway” and effectively materialize it in a few years. Chinese hackers also differ in that they act, more often than not, as a group. And this may well be the most distinguishable feature of hackerism in this country. Before 1998, no report about domestic hacker activity could be found in China. Although there might have been individuals experimenting here and there, their activities were negligible and hard to track down. In summer 1998, Chinese hackers made their debut in collectively attacking Indonesian websites in the aftermath of anti-Chinese riots during the revolution that overthrew Suharto. This event, now known as China’s “First Patriotic Cyberwar,” marked the beginning of a series of coordinated campaigns against foreign countries such as America, Japan, and Taiwan, the territory officially held as a renegade province of China.
1
When the “First Patriotic Cyberwar” broke out, I was in Hong Kong and kept myself informed by joining a hacker BBS hosted at a local China Telecom bureau in Hunan, Chairman Mao’s birthplace. For sure, there were tons of technical discussions: phony IPs, distant assaults, backdoors, etc., etc. But more prominent were the nationalist slogans flying right in my face: “Eliminate Indonesian barbarians!” one shouted; “How can I do something for our country?” inquired another; “Vows to Revenge” was the title of a third post. Amid much coordination and organizing, new comrades posed questions and more experienced ones assumed the role of trainers and planners. Everyone seemed dedicated and morale was high. To me, it didn’t look like a typical hacker gathering, but a familiar scene in Once Upon a Time in China, where Jet Li went out to fight the foreigners. Such a pattern of collective offensive persists in last year’s US-China hacker wrestling, a striking contrast with American hackers’ individualistic and anarchic image. Indeed, the tradition of the 60s injects into the heart of American hacktivism a longing to be alternative and free from the control of state or corporate powers. Chinese hackers, however, has a different pedigree: the legacies of Confucianism, Mao’s advocacy of the People’s War, plus deep-seated nationalism that has resurfaced in the past decade. Given the drastically dissimilar environment that surrounds the birth of hackerism in the People’s Republic, one shouldn’t be surprised to find a new hacker generation with Chinese characteristics. What’s In a Name? Naming is the key to find out who’s who in the Chinese hacker community. When the word “hacker” was imported into China in the mid-90s, it was conveniently translated into “hei ke.” It means, literally, “black guests,” which carries a pejorative connotation in Chinese. “Black guests” also reflect a media bias at the time, when mainstream coverage of hacking was almost exclusively about cybercrime. But as homegrown hackerism emerged in late 90s, a re-definition was in order. During the online mobilization campaign following the bombing of Chinese embassy in Belgrade in 1999, Chinese hackers started to call themselves “red guests (hong ke)” in order to get rid of the association with criminality. This was a strategic move that cast Chinese hackerism in an admirable patriotic light, with the color red signifying both the nation’s traditional culture and the communist revolution while reflecting a lingering antagonism against foreign powers. These connotations, unfortunately, were lost in the term’s English version, “honker.” The term “cracker” is also a US import, which so far does not have a recognized Chinese translation. When American hackers talk about crackers, they normally refer to inexperienced beginners like the script kiddies, who know very little about programming but rely on existing codes to launch attacks. Yet to Chinese hackers and honkers, “cracker” is a morally debasing term instead of a mark of inexperience. No matter how technically sophisticated, anyone who hacks against China’s interests is a despicable “cracker.” This definition puts all American hackers who assaulted Chinese websites into this lesser category.
2
If American hackers knew exactly why they were called “crackers,” they might not feel as insulted. For many of them, the lack of technical finesse is perhaps more degrading than the lack of a cause. Besides, Americans could justifiably throw back the same derogatory tag, using the American definition though – most Chinese hackers were indeed script kiddies learning tricks quick and dirty, depending almost exclusively on existing programs, many of which were from USA. Domestically, the label “cracker” also applies to China’s cyber-criminals, another group red honkers do not want to associate with. But like it or not, cybercrime in China is on the rise. An increasing number of crackers are infiltrating banks and engaging in illegal activities to make quick money via the Net. The nation’s first case of digital banking system sabotage occurred in August 2000, when the local Bank of China headquarters in Lichuan, Hubei lost almost all its digital archives. The culprit, a 34-year-old, turned out to be a former employee of the bank. In September 1999, two adventurous young men in Hunan (again, Mao’s province) launched a porn site called The Paradise of Cool Girls” that generated sizeable advertising revenue. They did this by skillfully hiding graphics and movie clips behind hundreds of free personal homepages in major portals throughout the country. The quality of their porn wasn’t so great, but didn’t seem to matter to those raised under the strict moral codes of China’s “socialist spiritual civilization.” When they were caught at the end of 1999, their site was attracting a hefty 50,000 click-throughs per day – after just fourth months of its underground operation! Another case involved online gambling, also an illicit business according to Chinese law. The main server of the gambling network was in Liaoyang, Liaoning, while its regional servers scattered throughout Northeast China, Inner Mongolia, and Beijing. The entrepreneurial operators used to run an Internet café, but shifted to this prohibited business because it was more lucrative – and tax-free. During the last two months of the year 2000 alone, their online casino generated a profit equivalent to US$ 110,000. Both cases implicated undergraduate computer majors who had little hope about their futures. One sysop of the porn site, Yang Ke, received a B.S. from Yellow River Polytechnic College in central China but could not find a job. Ma Longpeng, the mastermind of the gambling network, was expelled in his junior year from the Department of Computer Information Management at Heilongjiang University. The emergence of these “cracker” activities has had a palpable influence on the future of China’s digital culture. No one sees these marginal individuals as central to Chinese hackerism. But with disproportional media attention, “crackers” do sway public opinion regarding the new technology and the hacker community as a whole. Moreover, their existence further justifies high-handed Internet legislation and periodic crackdowns. All future uncertainties notwithstanding, one thing remains constant – the Net. It serves everyone who knows how to use it, for or against China, no matter whether they are honkers, hackers, or “crackers” – however defined.
3
Heroes of the Nation Despite the infamous activities of the “crackers,” most Chinese hackers are proud of themselves. They believe, by attacking websites in “anti-China” countries, they become heroes of the nation. As the hymn of China Eagle Hacker Alliance sings: We are the eagles of China We are China’s elite Hard as it is, the enemy’s shield We will show them our sharpness. Since the first Patriotic Cyberwar against Indonesia in 1998, five battles of similar nature have been fought. In May 1999, Chinese hackers unleashed their anger following the Belgrade embassy bombing incident. They sent floods of e-mails – some containing viruses – to NATO headquarters and American authorities. The White House official website was temporarily shutdown due to the high volume of access requests. The home pages of the U.S. Department of Energy and Department of Interior were defaced. The third skirmish was in July 1999 against Taiwan, when the polemic across the Taiwan Straits intensified after then-president Lee Teng-Hui publicized his controversial “theory of two states” regarding China-Taiwan relations. Several websites of the Taiwanese government were hacked. Taiwan’s National Assembly website suffered the most serious damage – China’s red flag decked the homepage, and most of the file storage was erased. The forth and fifth “patriotic cyberwar,” occurring in January 2000 and February-March 2001 respectively, both targeted Japan. The former was triggered by a rightist congregation in Osaka denying the Nanking Massacre, which the Chinese believe to be the most hideous war crime ever committed in human history. The latter took place in the wake of several other insults, including the publication of a new textbook glossing over the role of Japanese aggression in World War II, a discriminatory incident against Chinese nationals on Air Japan, and the release of Taiwan Theory, a Japanese comic book depicting Taiwan as a Japanese territory. Cybergraffiti were painted on Japanese websites, from governmental to commercial. “Down with Japanese Imperialism!” read one; “Kill all Japs!” yelled another. The sixth, and the most recent, hacker war was waged against the US following the spy plane standoff during April and May 2001. It was also the largest in scale, involving thousands of hackers not only in China and the US, but also in Pakistan, Korea, Argentina, and Saudi Arabia – “the First World Hacker War” as New York Times called it. Casualties included some 1,000 American websites and at least an equal number of victims on the Chinese side. Again, the White House was forced to go offline for hours. Several federal sites, including the Labor Department, Department of Health and Human Services, and the Office of the Surgeon General, went out of service. State and local authorities were also assaulted. Computers at the California Department of Justice caught a virus, and Ohio’s Bellaire School District site displayed China’s fluttering 5-star red flag, accompanied by the Chinese national anthem.
4
Several factors contributed to the unprecedented scale of this cyberwar. In China, Internet usage had grown exponentially since 1998; so had the number of Chinese hackers. Skills, both technical and organizational, had been accrued in earlier Patriotic Cyberwars. On the American front, hacker groups such as PoisonBox, Prophet, Acidklown, and Hackweiser added fuel to a sustained counterattack. After several hundred Chinese websites fell prey in April 2001, the Chinese had a weeklong national vacation in early May – perfect timing for a counterstrike. Homage to May 4th In China, historically, the beginning of May is charged with high political voltage. May 1st, China’s Labor Day, memorizes communist-led labor movements. The holiday actually harkens back to the struggle for an eight-hour workday in late 19th century America. Three days before the celebration, on April 27, the homepage of U.S. Department of Labor was defaced – Malicious humor? Or double-edged irony? The most electric moment, however, is the 4th of May. This is Youth Day, which commemorates the first mass student movement in 1919 that ushered in China’s “New Democratic Revolution Period.” In that movement, patriotic students in Beijing hunted down notorious traitors of the nation like Zhang Zongxiang, who was heavily beaten up, and Cao Rulin, whose house was burnt down in an outburst of collective rage. But dirt and blood aside, May 4th officially marks the arrival of two distinguished guests from the West: Mr. Science and Mr. Democracy. On the eve of May 4, 2001, Mr. Science was, once again, honored in popular Chinese BBS chatrooms – this time, for the science of hacking. What I saw three years earlier in the small Hunan hacker site now became a humongous national scene. From 8pm (EST 8am, May 4) onward, all major online forums began to look increasingly like a hacker base camp. Freeware exchange, technical support, report of the latest victory, slogan chanting, broadcast of patriotic music – the largest army of Chinese hackers was mobilized and deployed. At 9pm (EST 9am, May 4), the White House site was flooded with angry emails and access requests, and couldn’t be retrieved for two and a half hours. It was not burnt down though, thanks to the relative safety of cyperspace. Mr. Democracy, however, was the snubbed guest of the night. Chinese hackers and their supporters occupied almost all of China’s online discussion forums before they set off to claim American sites. Evening is the prime time for all sorts of chat. But topics unrelated to the Patriotic Cyberwar were bluntly suppressed. Hardly had an “irrelevant” article been posted before it was booed off the board by multiple warnings: “Shut down!”, “No issue except hacking the White House can be discussed tonight.” It might be that democracy is unsuited for wartime situations, but good organizational skills are. Two hacker clubs were central to the cyber war of 2001, and both were superbly organized. China Eagle Alliance was structured as a militia with its members divided into four ranks, working in five different “function groups” in geographic regions. Each China Eagle member carried a unique membership ID. The other group, Honker Union of China (HUC), also had extensive subsidiaries in almost every provincial capital of the country. Members of HUC were
5
not allowed to join other hacker organizations. Besides coordinating aggressions on foreign websites, HUC was also dedicated to preventing internal clashes among Chinese hackers. Synchronized collective action was a most obvious advantage Chinese hackers have against their American counterparts. Timing, of course, was crucial. But even small gestures helped. Some clubs required their members to post identical logos on the hacked pages. In certain cases, individual hackers were instructed to follow a set of codes of conduct. “For [American] commercial sites, we only modify their web pages,” said Xiao Yang, a Cantonese hacker. “But if they are public information networks that have wider influence, it’s a rule that we have to erase some important documents like system files.” A Spillover Patriotic hacking, for all its glory, can backfire. There simply weren’t enough websites to satisfy every hacker’s appetite for pranks and bragging rights. Once thousands of American websites were down, what else was there to brag about? This bothered Wang Qun, whose pseudonym was “playgirl.” He had hacked more than 30 foreign sites by the end of the US-China Cyberwar, but now he decided to lay his hands on Chinese authorities. On August 2, 2001, Wang carpeted the homepages of two local governments in Hubei Province with obscene pictures. He went on to tease the officials by changing the name of a local Communist Party secretary into “Son of a Turtle,” and a mayor, “Idiot.” The greeting message from the leadership carried an unusual title: We are a Bunch of Hogs. In the following two days, his hacking spree went from four government sites in Hubei, Fujian, and Chongqing to heavyweight commercial entities like Fujian’s stock-exchange network. The tasks seemed easier than tackling the Yankees. And surprisingly, only one of the victims called the police. A local government didn’t even know their website was hacked until five days later. Wang’s strategy was to first falsify his IP address by using foreign proxy servers as the intermediate, then use modified hacker software to scan domestic websites with security flaws, and finally strike vulnerable preys one by one. Many of the foreign proxies were originally set up by overseas groups to help Chinese netizens access forbidden information on the World Wide Web. Wang, typical of many Chinese hackers, used them as his ticket for a more trilling adventure. Despite the disguise, the police of Hubei tracked him down in a little more than 48 hours after the beginning of his rampage. Hubei was among the first provinces to build a cyberpolice, which reportedly enjoyed full cooperation from network management authorities as well as telecom operators like China Unicom (Liantong) and China Telecom. Within a few days, they were able to reconstruct “all of Wang’s online activities from the end of July to his arrest.” Shadow of the State The “playgirl” case reveals a splintered image of the state facing the challenge of homebrew hacking. Most local governments are not yet prepared for cyberattacks, both technically and in
6
terms of manpower. Government sites that have been embarrassingly hacked are often slow in finding out that they’ve lost face in the virtual space. On the other hand, cyberpolice, once mobilized, can muster significant resources for a quick crackdown. Their no-nonsense efficiency was evident in the unearthing of the underground porn site and the online casino. Unlike hardcore “crackers” who vendor porn for profit, the “playgirl” played strictly for fun, and perhaps with a bit of critical edge. But the authorities don’t care about nuances. Fair enough, everyone is equal before the law, cracker or not. The official media, giving high-profile coverage for the cyberpolice and their victories, send out a terse message – Don’t mess with the government. Don’t break the law. Or you don’t even deserve the title of a hacker. When it comes to quasi-legal acts of “patriotic” hacking – the mainstream of hackerism in China – official attitude is much more ambivalent. Despite the enormous damage done by the six cyberwars, there has been, so far, no report about Chinese hackers being punished by the authorities. But the communist party and the state offer no explicit support, either. On May 5, 2001, as the US-China cyberwar reached its pinnacle, the official mouthpiece People’s Daily released a commentary entitled “Honkers and Hackers, Both Harmful to Network Order.” The author asserted that, “no matter it was Chinese ‘red guests (honkers)’ or American ‘black guests (hackers),’ the unscrupulous attacks and destruction of websites are both unforgivable, illegal activities. It is not an exaggeration to call them network terrorists.” This article immediately triggered intense arguments. The Strong Country Forum of People’s Daily, China’s most influential BBS for political discussion, was instantly choked with emotional messages that ridiculed the charge of terrorism, calling the author a “traitor.” More prestigious hacker groups, however, sided with the government. On May 9, HUC announced its call for ceasefire with American hackers: “The Honker Union is no longer responsible for any additional aggressive incident from now on.” Apparently, the leadership of the hacker community was more easily co-opted by the authorities, whereas individual hackers remained radical. Besides domestic hackerism, the Chinese government also faces constant challenge from overseas hacker groups that abhor China for a variety of reasons like human rights, Tibet, and the censorship of online content. Back in 1997, a group called Hong Kong Blondes temporarily disabled one of China’s communications satellites. Reportedly, they received technical support from the Cult of the Dead Cow (cDc), the US-based hacking troupe responsible for several other assails on official Chinese websites. Overseas hacker groups also helped set up proxy servers that allow Chinese netizens to bypass the country’s “Great Firewall.” A recent development along this line was the release of the Peekabooty software by the cDc. In his Open Letter to the President of China, the Cult’s foreign minister, OxBlood Ruffin, declared that the new software will enable Chinese users to “have the same access to information that is available to the citizens of the liberal democracies, and they would also be able to publish onto the network.”
7
Irritated as they were, Chinese authorities seemed rather low-key while dealing with foreign hackers. After all, they are not within Chinese jurisdiction. Even if an international alliance is formed to handle cross-border hacking, China is likely to receive more requests for extradition than vice versa. So, why bother? The Big Sellout Beijing can rest assured in another regard: so far, few Chinese hackers are real troublemakers; after the catharsis of their nationalistic libido, most of them tend to find themselves easily integrated into the new official ideology of marketization. Vertarmy, a group of veteran Chinese hackers, established its commercial entity, Nsfocus Information Technology Co., Ltd, in 2000. China Eagle Alliance has a special task group for “commercial model construction.” And although the current HUC Charter states that the organization is non-profit by nature, leaders of the honkers were already discussing the possibility of commercialization during a teleconference in July 2001. After retiring from hacktivism, many American hackers ended up in successful careers in the Information Economy. Chinese officials will certainly be pleased if members of this new generation follow a similar career path. The transition from taunt trading to profit making might even be smoother for Chinese hackers. Light-years away from the causes of the 60s, Chinese hackers show few political ambitions other than dignifying the Chinese nation. Having no qualms about accepting corporate jobs and making money out of their expertise, they may eventually find their true calling in the socialist market-state. But patriotic cyberwar won’t be history. It will keep haunting China’s defenders and its critics alike. As veteran Chinese hackers don Armani suits and get “job” jobs, a new crop of savvy fighters will take over the keyboard. Yaya, an HUC leader, told the press at the end of last year’s US-China battle: “I don’t know if I’ll find job in the network security industry. My plan in the next couple of years is to marry the girl sitting next to me in my junior high.” He is now an accountant in a state-owned enterprise, a job that’s usually not well paid. But gee – getting married! That’s an even bigger sellout. Jack Linchuan Qiu is pursuing his Ph.D. at the Annenberg School for Communication, University of Southern California. He is co-founder of China Internet Research eGroup and editor of the Journal of Chinese Information, Law, and Society. His work about the Internet and China has appeared in Online Journalism Review, Hong Kong Economic Journal, and the International Journal of Comparative Media Law and Policy. A collection of hacked pages during the US-China cyberwar of 2001:
8
A US Navy webpage (bmd10.med.navy.mil), hacked on May 5, 2001
The National Women’s Health Information Center of America, hacked on May 4, 2001
9
The White House history page (whitehousehistory.org), hacked on April 30, 2001
U.S. Dept of Labor (www.dol.gov), hacked on April 27, 2001
10
U.S. Dept of Health (www.health.gov) hacked on April 28, 2001.
U.S. National Business Center (ec21.nbc.gov), hacked on May 1, 2001
11
Info Highway Corp. (www.ihw.com.cn), an early leader of Internet industry in China, hacked on April 28, 2001.
The Institute of Psychology, Chinese Academy of Social Sciences (www.psych.ac.cn), hacked on April 30, 2001.
12
China National Bureau of Statistics (www.stats.gov.cn), hacked on April 27, 2001
Beijing Securities (www.bsc.com.cn), hacked on May 4, 2001
13
14