After some tests, Long discovered two flaws in Tencent's authentification procedures which likely allowed his attackers to crack his QQ password. The attacks didn't stop there, but escalated on Sunday [zh] to included a DDoS attack on servers for his blog, williamlong.com, large amounts of spam sent to various e-mail addresses of his, constant harassing phone calls from people who answer his callbacks but won't speak, and attempts to guess his mobile phone PIN. For the time being, Long is blogging between his Sina blog and QZone.
A gallery of Honker website defacement trophies.
Long says the attacks come in response to a blog post he published on Saturday. In the post, he doesn't touch on any of the things which typically Honkers off, but he does launch some heavy criticism their way, calling them, among other things, the cyberspace equivalent of Boxers.
A few days ago, I saw the news on Tencent about the proposal from a veteran Chinese hacker [zh] that a pact of self-discipline be ratified at a major hacker gathering in September this year, in an attempt to bring hacking back to its roots. Among the comments, I saw that someone wrote, “I don't really see much point in so-called “hacker self-discipline”, most so-called hackers these days are commercially motivated, and there's a whole shady production line behind what they do, embedding trojans and viruses to threaten netizens’ interests, and given the overall environment, any commercialized security software is far more realistic and meaningful than ‘hacker self-discipline’. Not to mention, more operable. The interests of netizens are won through fighting for them, not charity handouts from a few hackers.”
Then some from the hacking community started responding, saying there are many types of hackers, as in the traditional meaning of the word, and then there are crackers. The way I see it, there are no so-called “good hackers”, regardless of if they're hacker, black hat, honker or just one of the many people who use security exploits to launch attacks, they're all bad, and in the USA, they've been going to prison for quite some time. The legal system in China, however, is incomplete, and plagued by anachronistic views. The kind of view that says you can't ‘steal’ a book, you can only take it. This is what has led to hackers running amok in China, wantonly running security exploits to deprive people of their economic interests. There is no difference between these hackers and thieves and burglars.
So-called “honkers” are even bigger freaks, a combination of extreme nationalism and anarchism, with little difference between them and the “Boxers” of old. Losers with only incompetence to show for themselves. Technologically speaking, honkers have nothing to show for all their so-called combat wins. They haven't broken into a single commercial American website (eg. Google, YouTube, Twitter, etc.), whereas even the little-known Iranian Cyber Army was able to successfully shut down service of Baidu for at least the morning of January 12, 2010 (by attacking Baidu's DNS provider). American hackers need no introduction, and even the Cisco intrusion detection systems we use probably have backdoors too.
The spirit of hacking used to be about being constructive, not destructive, about dedication and perseverance, pursuit of technology near to the point of obsession; about having independent thinking ability, a way of thinking guided by love for free exploration. Overseas, I think this is at least possible, but in China, right now, it's not. The majority of China's so-called hackers are just brainless “Boxers” and online gangsters, with no independent thinking of their own, and their only contribution to the Internet is that of destruction. In any democratic country, these people would have been imprisoned or punished long ago.
In fact, mainland Chinese media have had nothing but an endless stream of criticism of the hacking community, from hijacking accounts to planting trojans, malware and viruses like the Panda Burning Joss Sticks virus, as well as those who maliciously target services like Alipay and online banking. More recently, Chinese hackers have even begun phishing political targets overseas, bringing condemnation from the international community against China, and giving our country major diplomatic headaches. The United States has even passed legislation saying that cyberattacks are a threat to national security of the USA, allowing for military force to be used to repel such attacks. All of this just goes to show that Chinese hackers at present have lost the ability to contain themselves, and have gone from being a group who use their technical “superpowers” to threaten and attack netizens, to one of flat-out troublemakers. Anyone with an inkling of independent thinking ability already has a negative image of hackers, and now when hackers have their crimes exposed by media or netizens, they launch into juvenile hysterics like a little child and start attacking. In one sense, their own actions give validity to the accusation people make toward hackers, that they're just thugs.
On a lighter note, when Long reached out to his Twitter followers for methods to fend off a DDoS attack, the suggestion most people gave him was: just get your site blocked [zh].