Google attack puts spotlight on China's "red" hackers

SHANGHAI/BEIJING (Reuters) - They are cloaked by pseudonyms and multiple addresses, but China’s legions of hackers were thrust into the spotlight last week after Google said it suffered a sophisticated cyber-attack emanating from China.

A man walks past the logo of Google China outside its company headquarters in Beijing, January 20, 2010. REUTERS/Barry Huang

There are tens of thousands of Hong Ke, or red visitors, as they are known in China. Many are motivated by patriotism, although it is more difficult to establish their relationship with the Chinese government or military, which some experts suspect as being behind the attacks.

The Honker Union, China’s most famous group of Hong Ke, shows the grey area between patriotic hackers and the state. The group has denied involvement in the Google attack.

“The Honker Union ... has no interest in getting involved in politics. We work only for the security of Chinese websites,” one of its core members, Lyon, said in a telephone interview. Lyon, his hacker handle, is the head of a department in a major state-owned telecommunications firm and declined to disclose his real name.

Founded in 2001, it was involved in cyber-warfare with U.S. hackers over the Hainan spy plane incident in 2001 and last week attacked Iranian websites in retaliation for the Iranian Cyber Army’s temporary takeover of Chinese search engine Baidu.

“It is pretty clear that many Chinese hackers are motivated by patriotism,” said Trevor T, the pseudonym of an American who helps run Dark Visitor, a U.S.-based blog about Chinese hackers.

“China may not be where the U.S. is militarily, but it clearly has invested a lot of brainpower in developing capabilities that can offset the U.S. advantage in force-on-force conflict,” he said.

Google announced last week that a “sophisticated” attack coming from China resulted in the theft of its intellectual property. It cited the hacking episode, as well as censorship, as reasons it may leave China.

Google did not specify how it knew the attacks came from China, or why it and an estimated 34 other companies were targeted. Cyber experts say source codes may have been the prize.

Related Coverage


The popularity of hacking in China, and hackers’ use of multiple addresses and servers, in Taiwan and elsewhere, makes it hard to prove how or by whom they are coordinated. Would-be hackers in China don’t have to look far to figure out how to do it, thanks to a healthy hacking industry.

For $150, a keen student can buy all the modules online, from programing Trojans to evading anti-virus programs. Tutors are available via instant-messaging and interactive tutorials.

The market for malware in China includes a software known as Grey Pigeon, originally designed to remotely control users’ own computers, that turned out to be an ideal tool for hacking.

Grey Pigeon’s homepage says it was discontinued in 2007, because of rampant misuse for illegal activities, but the 2010 version of Grey Pigeon is easily found for sale online in China.

That market helps hackers quickly exploit any opening.

“Malware groups out of China have been very quick to adopt zero-day exploits,” software flaws for which there is no patch, said Nart Villeneuve, chief research officer at SecDev.cyber.

“They may be operating independently but there may be some sort of market for selling the information that they get.”

Some Chinese hackers train at schools like the Communication Command Academy in Wuhan to get sensitive information, cyber expert James Mulvenon told a congressional commission in 2008.

China now may have up to 50,000 military hackers trained or in training, he said. This could not be independently confirmed.

“Who is most likely to become the leading protagonist ... of the next war? The first challenger who has appeared and is the most well known is the computer ‘hacker’,” two People’s Liberation Army (PLA) colonels, Qiao Liang and Wang Xiangsui, wrote in a 1999 book, “Unrestricted Warfare.”

Developing countries can beat more developed countries with war tactics that transcend boundaries, they argued.

“We urgently need to expand our field of vision regarding forces which can be mobilized, in particular non-military forces,” they wrote.

One of the best documented, and coordinated, hacking attacks out of China was reported last year. It took place against exiled Tibetans, an attack that seemed motivated by politics, not profit.

“It’s the political connection that many use to provide the link to the Chinese government,” Villeneuve said.

Similar attacks have targeted foreign reporters in China, and individuals and groups pushing for greater human rights.

Additional reporting by Benjamin Kang Lim; Editing by Bill Tarrant.