China: Attack on a #netfreedom Blogger

Well-known tech blogger William Long writes on everything from circumvention tools to where military secrecy in China meets Google Earth. Over the weekend while away from the computer, Long's QQ account was compromised and used to contact his peers [zh], and his profile picture on the platform was altered with the superimposition [zh] of the word “shooter”.

After some tests, Long discovered two flaws in Tencent's authentification procedures which likely allowed his attackers to crack his QQ password. The attacks didn't stop there, but escalated on Sunday [zh] to included a DDoS attack on servers for his blog, williamlong.com, large amounts of spam sent to various e-mail addresses of his, constant harassing phone calls from people who answer his callbacks but won't speak, and attempts to guess his mobile phone PIN. For the time being, Long is blogging between his Sina blog and QZone.

A gallery of Honker website defacement trophies.

Long says the attacks come in response to a blog post he published on Saturday. In the post, he doesn't touch on any of the things which typically Honkers off, but he does launch some heavy criticism their way, calling them, among other things, the cyberspace equivalent of Boxers.

Long writes:

话说几天前,我在腾讯网看了一则新闻《中国黑客元老9月推自律公约 欲重拾黑客精神》,我当时在腾讯微博里针对该新闻的评论是:“我不看好所谓‘黑客自律’,所谓的黑客早已经商业化,形成了一条黑色产业链,通过挂马、病毒来威胁网民的利益,这种环境和条件下,一个商业化的安全卫士软件比‘黑客自律’更有现实意义,更有可操作性,网民的利益是通过斗争获取到的,不是那些黑客施舍的。”

A few days ago, I saw the news on Tencent about the proposal from a veteran Chinese hacker [zh] that a pact of self-discipline be ratified at a major hacker gathering in September this year, in an attempt to bring hacking back to its roots. Among the comments, I saw that someone wrote, “I don't really see much point in so-called “hacker self-discipline”, most so-called hackers these days are commercially motivated, and there's a whole shady production line behind what they do, embedding trojans and viruses to threaten netizens’ interests, and given the overall environment, any commercialized security software is far more realistic and meaningful than ‘hacker self-discipline’. Not to mention, more operable. The interests of netizens are won through fighting for them, not charity handouts from a few hackers.”

之后有些黑客界人士进行反驳,说黑客有很多种,有的是Hacker,有的是Cracker,我的看法是,没有所谓的“好黑客”,无论是骇客、黑客、红客,以及所有利用系统安全漏洞进行攻击破坏的群体,都是坏的,在美国这些人早就进了监狱,中国因为法律不完善,观念落伍,很多人以为“窃书不是偷”,才导致现在中国黑客的嚣张,肆意通过安全漏洞攻击他人以获取经济利益,这些黑客本质和小偷强盗没有区别。

Then some from the hacking community started responding, saying there are many types of hackers, as in the traditional meaning of the word, and then there are crackers. The way I see it, there are no so-called “good hackers”, regardless of if they're hacker, black hat, honker or just one of the many people who use security exploits to launch attacks, they're all bad, and in the USA, they've been going to prison for quite some time. The legal system in China, however, is incomplete, and plagued by anachronistic views. The kind of view that says you can't ‘steal’ a book, you can only take it. This is what has led to hackers running amok in China, wantonly running security exploits to deprive people of their economic interests. There is no difference between these hackers and thieves and burglars.

所谓的“红客”更是一个怪胎,是极端民族主义和无政府主义的结合体,其本质与早年的“义和团”没有什么区别,成事不足,败事有余。从技术上讲,红客的所谓战绩,基本上没有什么拿得出手的,几乎没有攻破任何一个美国商业网站(例如Google、Youtube、Twitter等),而名不见经传的伊朗黑客在2010年1月12日成功让百度停止服务至少一个上午(通过攻击百度域名服务商实现)。美国黑客就更别说了,我们用的美国思科入侵检测系统IDS没准都有后门呢。

So-called “honkers” are even bigger freaks, a combination of extreme nationalism and anarchism, with little difference between them and the “Boxers” of old. Losers with only incompetence to show for themselves. Technologically speaking, honkers have nothing to show for all their so-called combat wins. They haven't broken into a single commercial American website (eg. Google, YouTube, Twitter, etc.), whereas even the little-known Iranian Cyber Army was able to successfully shut down service of Baidu for at least the morning of January 12, 2010 (by attacking Baidu's DNS provider). American hackers need no introduction, and even the Cisco intrusion detection systems we use probably have backdoors too.

[…]

以前所谓的黑客精神,应该是建设性而不是破坏性的,是一种专注和执着的精神,是对技术近乎疯狂的追逐;是善于独立思考、喜欢自由探索的一种思维方式。这种精神如果在国外,我相信是可能有的,但在中国,目前看是没有的,中国的所谓黑客大多数是无脑的“义和团”和“网络黑社会”,根本没有独立思考能力,他们对网络的只有破坏没有贡献,在任何民主国家,这些人都应该在监狱里接受惩罚。

The spirit of hacking used to be about being constructive, not destructive, about dedication and perseverance, pursuit of technology near to the point of obsession; about having independent thinking ability, a way of thinking guided by love for free exploration. Overseas, I think this is at least possible, but in China, right now, it's not. The majority of China's so-called hackers are just brainless “Boxers” and online gangsters, with no independent thinking of their own, and their only contribution to the Internet is that of destruction. In any democratic country, these people would have been imprisoned or punished long ago.

实际上,目前国内的媒体对于黑客圈子的负面批评也一直络绎不绝,从各式各样的盗号木马,到恶意的熊猫烧香病毒,还有那些以支付宝、网银为目标的恶意攻击,直到最近中国黑客竟然针对国外从事政治目标的网络钓鱼,引发了国际社会对中国的谴责,给我国的外交带来重大的麻烦,美国甚至立法规定,网络攻击威胁到美国国家安全,将不惜动用军事力量进行反击。这一切的一切都证明目前的中国黑客已经失去了自制力,演变为以自身“高超”的技术为手段对网民进行要挟和攻击的恶意群体,成为一个不折不扣的“麻烦制造者”,稍有独立思考能力的人都会对黑客群体产生负面印象,而一旦黑客们遇到媒体或网民对他们恶行的揭露,就会像小孩掐架一般的幼稚和歇斯底里地进行反击,从另一方面,这类举动正好应印了人们对黑客流氓本性的指控。

In fact, mainland Chinese media have had nothing but an endless stream of criticism of the hacking community, from hijacking accounts to planting trojans, malware and viruses like the Panda Burning Joss Sticks virus, as well as those who maliciously target services like Alipay and online banking. More recently, Chinese hackers have even begun phishing political targets overseas, bringing condemnation from the international community against China, and giving our country major diplomatic headaches. The United States has even passed legislation saying that cyberattacks are a threat to national security of the USA, allowing for military force to be used to repel such attacks. All of this just goes to show that Chinese hackers at present have lost the ability to contain themselves, and have gone from being a group who use their technical “superpowers” to threaten and attack netizens, to one of flat-out troublemakers. Anyone with an inkling of independent thinking ability already has a negative image of hackers, and now when hackers have their crimes exposed by media or netizens, they launch into juvenile hysterics like a little child and start attacking. In one sense, their own actions give validity to the accusation people make toward hackers, that they're just thugs.

On a lighter note, when Long reached out to his Twitter followers for methods to fend off a DDoS attack, the suggestion most people gave him was: just get your site blocked [zh].

7 comments

Join the conversation

Authors, please log in »

Guidelines

  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.