Journalists’ E-Mails Hacked in China
The New York Times, by Andrew Jacobs, March 31, 2010
BEIJING — In what appeared to be a coordinated assault, the e-mail accounts of more than a dozen rights advocates, academics and journalists who cover China have been compromised by unknown intruders. A Chinese human rights organization also said that hackers had disabled its Web site for five days in a row.
The infiltrations, which involved Yahoo e-mail accounts, appeared to be aimed at people who write about China and Taiwan, rendering their accounts inaccessible, according to those who were affected. In the case of this reporter, hackers altered e-mail settings so that all correspondence was surreptitiously forwarded to another e-mail address.
The attacks, most of which began March 25, occurred the same week that Google angered the Chinese government by routing Internet search engine requests in mainland China to Google’s site in Hong Kong. The company said the move had been prompted by its objections to censorship rules and by a spate of attacks on users of Google’s e-mail service, which the company suggested had originated in China.
Those cyberattacks, which began as early as last April, affected dozens of U.S. companies, law firms and individuals, many of them rights advocates critical of the Chinese government.
The victims of the most recent intrusions included a law professor in the United States, a Uighur exile in Sweden, an analyst who writes about China’s security apparatus and several print journalists based in Beijing and Taipei.
“It’s very unsettling,” said Clifford Coonan, a correspondent for The Irish Times and The Independent whose e-mail account was rendered inaccessible last week after Yahoo detected that someone had gained access to it remotely. “You can’t help but wonder why you’ve been targeted.”
Dilxat Raxit, a spokesman for the World Uyghur Congress, an organization that seeks greater autonomy for China’s Xinjiang region, said many of the e-mail messages in one of his two Yahoo accounts appeared to have been read when he logged on in recent weeks. The other account, he said, had been inaccessible for a month.
Mr. Raxit also said that he was unable to reach three Uighur friends in China with whom he previously corresponded frequently.
“I’m 100 percent I’ve been hacked,” he said from Sweden. “I’m angry at the Chinese, but I blame Yahoo for allowing this to happen.”
In an e-mail exchange, Dana Lengkeek, a Yahoo spokeswoman, declined to discuss the incidents, citing company policy. “We are committed to protecting user security and privacy and we take appropriate action in the event of any kind of breach,” she said.
Kathleen McLaughlin, an American freelance journalist in Beijing who is on the board of the Foreign Correspondents’ Club of China, said the group had confirmed that the e-mail accounts of 10 journalists, including her own account, had been compromised. Like the others, Ms. McLaughlin said she had received a message from Yahoo on March 25 indicating that her account had been disabled because, according to an automated message, “we have detected an issue with your account.” Ms. McLaughlin said she had contacted Yahoo but that she had yet to receive an explanation of what happened. “Someone is clearly targeting journalists,” she said. “It makes me feel very uncomfortable.”
Yahoo, which merged its Chinese operations with the Chinese e-commerce company Alibaba, has faced criticism for cooperating with government security officials in the past. In 2006, Yahoo turned over data that officials used to help prosecute several dissidents. One, a journalist named Shi Tao, was later given a 10-year sentence for leaking a secret propaganda directive.
Unlike services offered by Google and Microsoft, e-mails sent through Yahoo’s Chinese domain, .cn, are stored on local servers and subject to Chinese law, a factor that has driven some privacy-conscious users away from Yahoo’s e-mail services.
Computer security experts say that infiltration of Yahoo’s e-mail service once again highlights the challenges that Internet companies face in protecting their customers from hackers.
Paul Wood, a senior analyst at Symantec, said that a growing number of malignant viruses were tailored to specific recipients, with the goal of tricking them into opening attachments that could insert malware onto their computers. Mr. Wood said his company, which designs anti-virus software, now blocked about 60 such attacks each day, up from one or two a week in 2005. “They’re very well crafted and extremely damaging,” he said.
A report issued by Symantec on Monday found that nearly 30 percent of attacks had originated from computers in China, and about 20 percent of those had come from Shaoxing, in Zhejiang Province.
Mr. Wood and other experts pointed out that attacks that appeared to come from a certain location could just as easily have emanated from computers infected with botnets, viruses that allow them to be controlled remotely by other computing systems.
It is that kind of rogue software that is probably responsible for crippling the Web site of Chinese Human Rights Defenders, a group that has been an assertive critic of China’s human rights record. Since last week, the group’s Chinese-language site has been overwhelmed by hackers flooding it with junk requests, a tactic known as denial of service. Although the site has been attacked before, the previous attacks had not lasted more than a few hours.
Renee Xia, the international director for the human rights group, said the assault had begun the same day that Go Daddy, the American company that is host to its site, announced that it would stop registering domain names in China. “Maybe it’s a coincidence, but we don’t think so,” Ms. Xia said.
Meanwhile, Google’s search engine was inaccessible in much of mainland China late Tuesday. The cause of the disruption was not clear, but it led to speculation that the site was being blocked by the country’s Internet censors.
Google added to the confusion, saying at first that the problem had been the result of a change it had made to the string of characters it sends along with search requests, which may run afoul of China’s powerful Internet filter. Later in the day, Google said that it had actually made that change a week earlier, so the disruption must have been caused by changes on China’s end. It also said that by early Wednesday morning its service appeared to have been restored.
David Barboza contributed reporting from Shanghai and Miguel Helft contributed from San Francisco.