‘Anonymous’ Hackers Take on the Great Firewall (Updated)

Members of the international hacktivist collective Anonymous have targeted Chinese websites to make a statement about Internet freedom. Last Friday, March 30, the newly minted @AnonymousChina let the Twittersphere know of its existence:

The tweet sat above links to websites modified to host two messages – one catered to Chinese citizens, the other to their government. BBC News reports on the breadth and types of pages under fire, and on the Chinese government’s denial of the attacks:

The Anonymous hacking group claims to have defaced almost 500 websites in China.

Targets hit in the mass defacement included government sites, its official agencies, trade groups and many others. A message put on the hacked sites said the attack was carried out to protest against the Chinese government’s strict control of its citizens. It urged Chinese people to join Anonymous and stage their own protests against the regime.

[…]There has been no official confirmation of the defacements. News wires reported that government officials had denied any had taken place. However, many of the sites listed are now offline and a few others displayed a hacked page for a long time rather than their own homepage.

On March 31, after many of the defaced sites had been taken offline, @AnonymousChina warned that their crusade would continue:

Al-Jazeera’s Melissa Chan has more to say about the nature of the attacks:

“This is just (Anonymous’) second attack (on Chinese websites),” Chan said. “The first one a few months ago had been a corporate attack against a Chinese company and it had exposed corporate fraud. This time, of course, the message was more general about online censorship in China.”

Chan also pointed out the attacks did not target national websites, but smaller sites for government bureaus and minor cities.

“The other interesting thing is that the messages they left were left in English, so then that begs the question of whether they wanted to try to reach out to the Chinese public or not,” Chan said.

The original message contained only one line in Chinese: 患难见真情 [a friend in need is a friend indeed].

@AnonymousChina has been tweeting about their continued defacement of websites, and leaking the personal information of site administrators. On April 4, they called out for a Chinese translator, and activist-blogger Wen Yunchao replied expressing his support (@wenyunchao: “匿名者”希望有人能帮他们翻译成中文 [“Anonymous,” I hope someone will help them with their translations]). Today, an updated version of the message began appearing on defaced sites, this one in Chinese and set to new music: Guns N’ Roses “Chinese Democracy” (a reference likely lost on any Chinese citizen who may have viewed the page).

A researcher at an antivirus and personal security firm has warned that the actions taken by Anonymous could lead to a digital “turf war,” as China’s patriotic hackers may seek retaliation. From PC Mag’s Security Watch:

F-Secure researcher Sean Sullivan said Anonymous China could “start a turf war.”

“We know from our monitoring of targeted exploit attacks, many of which are aimed at human rights NGOs, that there are numerous pro-China hackers active on the Internet,” he said. “I would expect this action to generate efforts by Chinese hackers to dox Anons.” Doxing involves exposing the identities of people who wish to remain anonymous.

Anonymous “bit off more than it could chew” when it retreated from threats to unmask members of the Mexican drug cartel Zetas last fall, he added. “Perhaps they’ve done so again.”

In a separate incident, someone not affiliated with the Anonymous collective has also put Chinese websites in his crosshairs. A hacktivist using the name “Hardcore Charlie” has reportedly leaked thousands of documents after breaking into the website of China National Import & Export Corp (CEIEC), a firm holding contracts with the Chinese military. From Reuters:

He posted documents ranging from purported U.S. military transport information to internal reports about business matters on several file-sharing sites, but the authenticity of the documents could not be independently confirmed.

The Beijing company, better known by the acronym, CEIEC, did not respond to a request for comment. U.S. intelligence and Department of Defense officials had no immediate comment.

[…]Hardcore Charlie described himself as a 40-year-old Hispanic man in a country close to the United States. He said he did not have strong political leanings, but was concerned the Chinese company had access to material about the U.S. war effort in Afghanistan, as some of the documents suggest.

He said he planned to “explore” the computer networks of other Chinese companies.

Update: April 6, 2012 10:15AM PST

Since this post went up yesterday, the majority of defaced sites have been restored to their original content or are now offline, and the @AnonymousChina twitter feed has been largely inactive. While there has still been no major attention devoted to the attacks in official Chinese media, Ministry of Foreign Affairs spokesperson Hong Lei acknowledged them in a briefing yesterday. From CNN:

“First of all, China’s Internet is open to all, users enjoy total freedom online. China has gained 500 million netizens and 300 million bloggers in a very short period of time, which shows the attraction and openness of China’s Internet,” Hong said.

“Secondly, the Chinese government manages the Internet according to law and regulations. Thirdly, certain reports prove again that China is a victim of internet hacker attacks.”

On Friday, searches for comments on hacking yielded re-posts of the MoFA statement: “we have an open, free cyberspace in China.'” One user on the Weibo micro-blogging site posted in response: “Open? How dare you brainwash your people that?”