Hackers purporting to be members of the nebulous online hacker community Anonymous have reportedly hit almost 400 websites in China.
The attacks have apparently been going on since March 30. They are listed on the Anonymous China Twitter page.
Targets included the Tongcheng Environmental Protection Agency, a Chinese government site from which phone and email information were stolen, and the Jiangsu Cyberpolice Online Service, for which a cross-site scripting vulnerability was posted.
“China is seen by many as a repressive regime that severely restricts human rights and suffers from governmental corruption on a multitude of levels,” Randy Abrams, an independent security consultant, told TechNewsWorld. “This sounds exactly like the type of target that Anonymous historically professes to engage in hacktivism against.”
Anonymous in Cathay
The hackers who hit servers in China appear to be a branch of the hacker community within that country. They are inviting Chinese hackers and programmers, as well as hackers worldwide, to join Anonymous China.
The group also posted a call to battle on Pastebin Mar. 30. Among other things, it urged people with computer skills to join it.
Some of the Chinese sites were reportedly still inaccessible early on Wednesday, AP reported. Apparently, Chinese government officials denied that sites Anonymous China claimed to hit had actually been hacked.
Anonymous China also put out a call for translators, asking them to contact email@example.com, although the disclosure of that email address might cast some doubt on the group’s knowledge about security.
Enter the Toothless Dragon?
“One of the most interesting things about [the hacks] is the degree to which they undermine the conventional wisdom about the technological prowess of China’s government,” Charles King, principal analyst at Pund-IT, told TechNewsWorld. “The country has been fingered repeatedly for sophisticated cyberattacks on foreign governments and corporations and the systematic theft of state secrets and intellectual property, all of which it has repeatedly denied.”
Anonymous “is an amorphous organization that lacks leadership, so motives are often difficult to determine,” Rob Enderle, principal analyst at the Enderle Group, remarked.
The “thorough PWNing” by what appears to be “a loosely organized group of young hackers suggests that the country may be far less technologically bulletproof than has been supposed,” King continued.
Security firm McAfee has consistently accused Chinese organizations of conducting large-scale espionage against United States corporations and the U.S. government. One such instance was its announcement of Operation Shady RAT last August. Prior to that, McAfee had announced that the Chinese were behind Operation Aurora, wherein intellectual property was pilfered from U.S. enterprises, including Google, over a long period.
McAfee’s main hacktivist expert is based in France, and the company “will have a more in-depth white paper on this topic” in a few weeks, company spokesperson Heather Edell told TechNewsWorld.
A History of Hacks on China
This spate of attacks on computer installations in China by Anonymous over the past few days is not the first by Anonymous on that country.
In September, Anonymous targeted Chinese fruit and vegetable trader Chaoda Modern Agriculture, which was listed on the Hong Kong Stock Exchange, The Wall Street Journal.
In 2009, Anonymous posted a video on YouTube threatening to attack Chinese government sites.
Separately, the police in China arrested a Chinese hacker in February, CyberWar News reported. The hacker’s last name as apparently “Zeng” and he had reportedly hacked the Chinese Software Developer Network and stolen information on millions of accounts.
Further, a hacker calling himself “Hardcore Charlie” claimed this week to have breached the servers of the China National Import & Export Corporation, according to Reuters. He apparently posted various documents on several file-sharing sites.
Bearding the Dragon
Hackers in China may be risking harsh penalties.
“Given Internet restrictions in China as well as less civil privacy laws than in many other countries, this type of activity may be significantly more risky to engage in than in other places,” Abrams pointed out.