Working on her blog in California one day, Vietnamese democracy activist Ngoc Thu sensed something was wrong. The keyboard was sticky. Cut-and-paste was not working. She said had “a feeling that somebody was there” inside her computer. Her hunch turned out to be right.
A few days later, her personal e-mails and photos were displayed on the blog, along with defamatory messages. She could not delete them, and she was blocked from her own Web site for several days as her attackers kept posting private details.
“They hurt me and my family. They humiliated us, so that we do not do the blog anymore,” said Thu, who is a US citizen. She has resumed blogging, but the Vietnamese government is blocking her posts.
Activists and analysts strongly suspect Hanoi was involved in that attack and scores of others like it.
They say a shadowy, pro-Vietnamese government cyberarmy is blocking, hacking and spying on Vietnamese activists around the world to hamper the country’s pro-democracy movement.
IT experts who investigated last year’s attack on Thu said the hackers secretly took control of her system after she clicked on a malicious link sent to her in an e-mail. By installing key-logging software, the hackers were able to harvest passwords, gaining access to her private accounts.
Subsequent investigation also found that an upgraded version of the malicious software, sent by the same group, was e-mailed to at least three other people: a British reporter for the AP based in Hanoi; a France-based Vietnamese math professor and democracy activist; and an American member of the Electronic Frontier Foundation, an online activist group, living in the US. None of the three clicked the link.
It appears to be the first documented case of non-Vietnamese being attacked by a pro-Vietnamese government hacking squad that had already conducted attacks well beyond the borders of this Southeast Asian nation. Its actions would appear to violate the law in the US at least.
“You see campaigns being waged against Vietnamese voices of dissent in geographically disparate regions. Now we have seen an escalation against people who report on those voices,” said Morgan Marquis-Boire, a University of Toronto researcher and online privacy activist who dissected the malware and published the findings with the foundation. “It’s unlikely that this is the work of an opportunist individual.”
Suspicion of state involvement is based in part on the fact that attackers have spent tens of thousands of dollars hiring servers around the world from which to launch attacks, often changing them after a few days. This is because the attackers know activists will ask service providers to take them down, said Dieu Hoang, an Australian computer engineer who, along with several other activists, works to help defend the Vietnamese activists online.
Attempts to monitor and harass dissidents online mirror the Vietnamese government’s efforts to suppress them on the ground, where activists report persistent and occasionally violent harassment by state agents.
The state convicted at least 63 bloggers and other nonviolent democracy activists last year of criminal offenses, Human Rights Watch said.
Vietnam is not unique in seeking to spy on electronic communications, as recent revelations about the actions of the US National Security Agency demonstrate. However, its activities are of special concern because of its human rights record in general.