Google attack puts spotlight on China's "red" hackers

SHANGHAI/BEIJING Wed Jan 20, 2010 6:11pm EST

A man walks past the logo of Google China outside its company headquarters in Beijing, January 20, 2010. REUTERS/Barry Huang

A man walks past the logo of Google China outside its company headquarters in Beijing, January 20, 2010.

Credit: Reuters/Barry Huang

Related Topics

SHANGHAI/BEIJING (Reuters) - They are cloaked by pseudonyms and multiple addresses, but China's legions of hackers were thrust into the spotlight last week after Google said it suffered a sophisticated cyber-attack emanating from China.

There are tens of thousands of Hong Ke, or red visitors, as they are known in China. Many are motivated by patriotism, although it is more difficult to establish their relationship with the Chinese government or military, which some experts suspect as being behind the attacks.

The Honker Union, China's most famous group of Hong Ke, shows the grey area between patriotic hackers and the state. The group has denied involvement in the Google attack.

"The Honker Union ... has no interest in getting involved in politics. We work only for the security of Chinese websites," one of its core members, Lyon, said in a telephone interview. Lyon, his hacker handle, is the head of a department in a major state-owned telecommunications firm and declined to disclose his real name.

Founded in 2001, it was involved in cyber-warfare with U.S. hackers over the Hainan spy plane incident in 2001 and last week attacked Iranian websites in retaliation for the Iranian Cyber Army's temporary takeover of Chinese search engine Baidu.

"It is pretty clear that many Chinese hackers are motivated by patriotism," said Trevor T, the pseudonym of an American who helps run Dark Visitor, a U.S.-based blog about Chinese hackers.

"China may not be where the U.S. is militarily, but it clearly has invested a lot of brainpower in developing capabilities that can offset the U.S. advantage in force-on-force conflict," he said.

Google announced last week that a "sophisticated" attack coming from China resulted in the theft of its intellectual property. It cited the hacking episode, as well as censorship, as reasons it may leave China.

Google did not specify how it knew the attacks came from China, or why it and an estimated 34 other companies were targeted. Cyber experts say source codes may have been the prize.


The popularity of hacking in China, and hackers' use of multiple addresses and servers, in Taiwan and elsewhere, makes it hard to prove how or by whom they are coordinated. Would-be hackers in China don't have to look far to figure out how to do it, thanks to a healthy hacking industry.

For $150, a keen student can buy all the modules online, from programing Trojans to evading anti-virus programs. Tutors are available via instant-messaging and interactive tutorials.

The market for malware in China includes a software known as Grey Pigeon, originally designed to remotely control users' own computers, that turned out to be an ideal tool for hacking.

Grey Pigeon's homepage says it was discontinued in 2007, because of rampant misuse for illegal activities, but the 2010 version of Grey Pigeon is easily found for sale online in China.

That market helps hackers quickly exploit any opening.

"Malware groups out of China have been very quick to adopt zero-day exploits," software flaws for which there is no patch, said Nart Villeneuve, chief research officer at SecDev.cyber.

"They may be operating independently but there may be some sort of market for selling the information that they get."

Some Chinese hackers train at schools like the Communication Command Academy in Wuhan to get sensitive information, cyber expert James Mulvenon told a congressional commission in 2008.

China now may have up to 50,000 military hackers trained or in training, he said. This could not be independently confirmed.

"Who is most likely to become the leading protagonist ... of the next war? The first challenger who has appeared and is the most well known is the computer 'hacker'," two People's Liberation Army (PLA) colonels, Qiao Liang and Wang Xiangsui, wrote in a 1999 book, "Unrestricted Warfare."

Developing countries can beat more developed countries with war tactics that transcend boundaries, they argued.

"We urgently need to expand our field of vision regarding forces which can be mobilized, in particular non-military forces," they wrote.

One of the best documented, and coordinated, hacking attacks out of China was reported last year. It took place against exiled Tibetans, an attack that seemed motivated by politics, not profit.

"It's the political connection that many use to provide the link to the Chinese government," Villeneuve said.

Similar attacks have targeted foreign reporters in China, and individuals and groups pushing for greater human rights.

(Additional reporting by Benjamin Kang Lim; Editing by Bill Tarrant.)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see
Comments (8)
mikeleefei wrote:
yep , u are right , all of guys love hacking here if they possess that kind of ability . and people think hacking is a cool job . by the way i’m learning programming too , and like other guys is very interested in hacking . it’s an amazing and unbelievable knowledge . u could do anything in ur virtual world without payment .

Jan 20, 2010 8:55am EST  --  Report as abuse
TomSmith1969 wrote:
First, let’s differentiate. What you are talking about are “Crackers” ass opposed to “Hackers”.
Hackers strive to find the most elegant means to get a computer to do what they want (often something nigh on impossible to do).
P.S. Hacker and Cracker are not mutually exclusive.
Crackers strive to bypass control systems to get the computer to do things that it has been coded specifically NOT to do.
That said, not everyone with the ability wishes to be a Cracker. Crackers tend to be on the fringe. People that wish to live a double-life in secret. Very few of the truly brilliant programmers that I have know have been Crackers (though most have been hackers). This is because it is difficult to be a Cracker and still be a good person.

Jan 20, 2010 10:12am EST  --  Report as abuse
Phantus wrote:
It’s amusing that these countries are doing this in full view of everyone else. They all know who did it but the offending side says, “Wasn’t me”. They’re acting like children. He hacked me so I’m going to hack him. Funny world.

Jan 20, 2010 10:58am EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

Retirement Road Map