Working on her blog in California one day, Vietnamese democracy activist Ngoc Thu sensed something was wrong. The keyboard was sticky. Cut-and-paste was not working. She said had “a feeling that somebody was there” inside her computer. Her hunch turned out to be right.
A few days later, her personal e-mails and photos were displayed on the blog, along with defamatory messages. She could not delete them, and she was blocked from her own Web site for several days as her attackers kept posting private details.
“They hurt me and my family. They humiliated us, so that we do not do the blog anymore,” said Thu, who is a US citizen. She has resumed blogging, but the Vietnamese government is blocking her posts.
Activists and analysts strongly suspect Hanoi was involved in that attack and scores of others like it.
They say a shadowy, pro-Vietnamese government cyberarmy is blocking, hacking and spying on Vietnamese activists around the world to hamper the country’s pro-democracy movement.
IT experts who investigated last year’s attack on Thu said the hackers secretly took control of her system after she clicked on a malicious link sent to her in an e-mail. By installing key-logging software, the hackers were able to harvest passwords, gaining access to her private accounts.
Subsequent investigation also found that an upgraded version of the malicious software, sent by the same group, was e-mailed to at least three other people: a British reporter for the AP based in Hanoi; a France-based Vietnamese math professor and democracy activist; and an American member of the Electronic Frontier Foundation, an online activist group, living in the US. None of the three clicked the link.
It appears to be the first documented case of non-Vietnamese being attacked by a pro-Vietnamese government hacking squad that had already conducted attacks well beyond the borders of this Southeast Asian nation. Its actions would appear to violate the law in the US at least.
“You see campaigns being waged against Vietnamese voices of dissent in geographically disparate regions. Now we have seen an escalation against people who report on those voices,” said Morgan Marquis-Boire, a University of Toronto researcher and online privacy activist who dissected the malware and published the findings with the foundation. “It’s unlikely that this is the work of an opportunist individual.”
Suspicion of state involvement is based in part on the fact that attackers have spent tens of thousands of dollars hiring servers around the world from which to launch attacks, often changing them after a few days. This is because the attackers know activists will ask service providers to take them down, said Dieu Hoang, an Australian computer engineer who, along with several other activists, works to help defend the Vietnamese activists online.
Attempts to monitor and harass dissidents online mirror the Vietnamese government’s efforts to suppress them on the ground, where activists report persistent and occasionally violent harassment by state agents.
The state convicted at least 63 bloggers and other nonviolent democracy activists last year of criminal offenses, Human Rights Watch said.
Vietnam is not unique in seeking to spy on electronic communications, as recent revelations about the actions of the US National Security Agency demonstrate. However, its activities are of special concern because of its human rights record in general.
Asked to comment on suspicions of state involvement in targeted surveillance, as well as the attack on the AP reporter, the Vietnamese government in a statement said: “Vietnam shares the attention of other countries in ensuring Internet security and is willing to cooperate with other countries in fighting high-tech crimes in general and Internet crimes in particular.”
Suppressing online dissent in Vietnam is becoming more difficult because of soaring Internet usage.
Close to 40 percent of the country’s 90 million people have Internet access, and because Vietnam has been less effective than China in restricting that access, many people are viewing uncensored news. Dissidents can network and publicize their activities — and acts of state repression — with comparative ease.
Security researchers have found hints of how Hanoi may be dealing with the challenge.
In 2010, Google and McAfee alleged that malicious software had been used to spy on tens of thousands of Vietnamese Web users. McAfee said the perpetrators of the attacks “may have some allegiance” to the country’s government.
Last year, researchers led by Google security engineer Marquis-Boire uncovered evidence suggesting a spyware suite called FinFisher was being used to track activists’ mobile communications inside Vietnam.
The government, through state media, has admitted to blocking thousands of “bad, poisonous Web sites and blogs,” and its sites have come under attack, presumably from dissident sympathizers. Hanoi’s Communist Party Propaganda Chief Ho Quang Loi said last year it employed 900 people to counter online criticism.
The attack on Thu’s blog showed how hacking and blocking can work as a one-two punch to knock out criticism.
The blog, Ba Sam, is one of the best-known dissident publications. It carries news, views, videos and photos from and about Vietnam of the kind that state media would never touch. After the blog was hacked, it took Thu a week to regain control, move it to a new address and put it back online.
Within weeks, authorities in Vietnam began blocking it to Web users inside the country. To view it now, people inside Vietnam have to use a proxy server, a relatively common technique for censorship evasion, but one that requires some knowhow. This means fewer people are seeing it.
Thu said her page views are down significantly and that she shut down her popular comments sections because of an organized campaign of abuse and spamming.
“It became too much trouble,” she said. “They sent me threatening messages saying, ‘I’m going to visit you in California.’”
Hacking a Web site and blocking it later is a known tactic, Hoang said.
“Defacing and defaming is done by a hidden force unofficially,” he said. “Blocking is done by the official force.”
The malware sent to Thu and the others was undetected by almost all the commercial antivirus software experts used on it. The e-mails accompanying the malicious link sent to the AP reporter exhibited some thought and degree of targeting: One purported to be from Human Rights Watch, the other from Oxfam. The e-mails were sent in November and last month.
Proving a Vietnamese state hand in the attacks is hard.
“As a general rule, pinpointing the actor behind is difficult. It is much more difficult than taking the malware apart,” said Eva Galperin, the Electronic Frontier Foundation activist who received the link.
“I think suspicion is warranted, but I would stop short of saying that I know the Vietnamese government responsible,” she said.
While some overseas activist groups run courses in cybersecurity for their members, the hackers appear to be winning the battle, Hoang said.
“In terms of time and effort and headcount and money, we can’t even compare to them. After a while we will be worn out. They slow the people down, make them frustrated, make them scared. They are going to make less and less people put out their message,” Hoang said.
Because much of what former US president Donald Trump says is unhinged and histrionic, it is tempting to dismiss all of it as bunk. Yet the potential future president has a populist knack for sounding alarums that resonate with the zeitgeist — for example, with growing anxiety about World War III and nuclear Armageddon. “We’re a failing nation,” Trump ranted during his US presidential debate against US Vice President Kamala Harris in one particularly meandering answer (the one that also recycled urban myths about immigrants eating cats). “And what, what’s going on here, you’re going to end up in World War
Earlier this month in Newsweek, President William Lai (賴清德) challenged the People’s Republic of China (PRC) to retake the territories lost to Russia in the 19th century rather than invade Taiwan. He stated: “If it is for the sake of territorial integrity, why doesn’t [the PRC] take back the lands occupied by Russia that were signed over in the treaty of Aigun?” This was a brilliant political move to finally state openly what many Chinese in both China and Taiwan have long been thinking about the lost territories in the Russian far east: The Russian far east should be “theirs.” Granted, Lai issued
On Tuesday, President William Lai (賴清德) met with a delegation from the Hoover Institution, a think tank based at Stanford University in California, to discuss strengthening US-Taiwan relations and enhancing peace and stability in the region. The delegation was led by James Ellis Jr, co-chair of the institution’s Taiwan in the Indo-Pacific Region project and former commander of the US Strategic Command. It also included former Australian minister for foreign affairs Marise Payne, influential US academics and other former policymakers. Think tank diplomacy is an important component of Taiwan’s efforts to maintain high-level dialogue with other nations with which it does
On Sept. 2, Elbridge Colby, former deputy assistant secretary of defense for strategy and force development, wrote an article for the Wall Street Journal called “The US and Taiwan Must Change Course” that defends his position that the US and Taiwan are not doing enough to deter the People’s Republic of China (PRC) from taking Taiwan. Colby is correct, of course: the US and Taiwan need to do a lot more or the PRC will invade Taiwan like Russia did against Ukraine. The US and Taiwan have failed to prepare properly to deter war. The blame must fall on politicians and policymakers