Source:
https://scmp.com/article/391734/state-hackers-spying-us-say-dissidents

State hackers spying on us, say dissidents

Doug Nairne

Updated: 12:00am, 18 Sep, 2002

Why you can trust SCMP

Overseas-based dissident groups have been bombarded with Internet virus and hacking attacks from mainland sources in what they say is a co-ordinated attempt to disrupt their operations and spy on their computer networks.

The targeted groups are the same ones whose Web sites this month became inaccessible to mainland users through the Google search engine, leading some to suggest that the attacks are part of a wider campaign to crack down on what Beijing views as subversive activity.

The dissident groups say the scale of the attacks goes far beyond what they have experienced in the past, making it unlikely that it is the work of amateur Chinese hackers. Some of the attacks have been traced to China Telecom regional offices in several provinces.

'In some cases we can pinpoint the actual workstation, office, and street address that the [attack] originated from,' said Greg Walton, an Internet activist who works with Tibetan freedom groups. 'If this is Chinese hackers playing around, then they are Chinese hackers employed by a state-owned industry operating on the state's time.'

The attacks have come in the form of hundreds of e-mails using false or spoof addresses which appear to come from a friendly source. In some cases, the e-mails appear to originate from the Tibetan government-in-exile.

The e-mails contain so-called Trojan horse programs which seek out files and attempt to e-mail them to an address on the mainland. Other files open so-called back doors, allowing hackers to take control of the target computer through its Internet connection.

'It has never been as bad as things have become in recent months,' Mr Walton said.

Bill Dong, a spokesman for Dynamic Internet Technology, a company providing technical services to Voice of America's Chinese-language Web site, said the attacks started at the end of April, around the same time the Minister for Public Security, Jia Chunwang, urged mainland law enforcers to be more aggressive in fighting hostile foreign forces subverting China via the Internet.

'We believe the viruses were specially created as an organised massive attack,' he said.

Mr Dong said the viruses were mainly targeting well-known e-mail addresses for Falun Gong Web sites, banned news sites and technology sites set up to penetrate the information blockade in China such as freenet-china.org. They have also been sent to mailing lists and a wide range of groups Beijing considers subversive, including Chinese dissidents and Xinjiang independence activists.

The organisations said their security software had so far prevented any large-scale damage that they know of, but that it was impossible to tell how many of their computers may have been infected. There are reports that the virus activity has increased in recent weeks as China gears up for the 16th Communist Party Congress in November.

Jigme Tsering, a computer manager for the Tibetan government-in-exile in India, said he had found viruses that tried to collect files from an infected computer and e-mail them to a computer in Yunnan province.

'Luckily our firewall is blocking it, but I am worried about other offices without a proper firewall,' he said.

Jack Churchward, a system administrator and activist for the East Turkestan independence movement, said he had seen virus attacks three or four times a week for the past month using group e-mailing lists.