Working on her blog in California one day, Vietnamese democracy activist Ngoc Thu sensed something was wrong. The keyboard was sticky. Cut-and-paste was not working. She said had “a feeling that somebody was there” inside her computer. Her hunch turned out to be right.
A few days later, her personal e-mails and photos were displayed on the blog, along with defamatory messages. She could not delete them, and she was blocked from her own Web site for several days as her attackers kept posting private details.
“They hurt me and my family. They humiliated us, so that we do not do the blog anymore,” said Thu, who is a US citizen. She has resumed blogging, but the Vietnamese government is blocking her posts.
Activists and analysts strongly suspect Hanoi was involved in that attack and scores of others like it.
They say a shadowy, pro-Vietnamese government cyberarmy is blocking, hacking and spying on Vietnamese activists around the world to hamper the country’s pro-democracy movement.
IT experts who investigated last year’s attack on Thu said the hackers secretly took control of her system after she clicked on a malicious link sent to her in an e-mail. By installing key-logging software, the hackers were able to harvest passwords, gaining access to her private accounts.
Subsequent investigation also found that an upgraded version of the malicious software, sent by the same group, was e-mailed to at least three other people: a British reporter for the AP based in Hanoi; a France-based Vietnamese math professor and democracy activist; and an American member of the Electronic Frontier Foundation, an online activist group, living in the US. None of the three clicked the link.
It appears to be the first documented case of non-Vietnamese being attacked by a pro-Vietnamese government hacking squad that had already conducted attacks well beyond the borders of this Southeast Asian nation. Its actions would appear to violate the law in the US at least.
“You see campaigns being waged against Vietnamese voices of dissent in geographically disparate regions. Now we have seen an escalation against people who report on those voices,” said Morgan Marquis-Boire, a University of Toronto researcher and online privacy activist who dissected the malware and published the findings with the foundation. “It’s unlikely that this is the work of an opportunist individual.”
Suspicion of state involvement is based in part on the fact that attackers have spent tens of thousands of dollars hiring servers around the world from which to launch attacks, often changing them after a few days. This is because the attackers know activists will ask service providers to take them down, said Dieu Hoang, an Australian computer engineer who, along with several other activists, works to help defend the Vietnamese activists online.
Attempts to monitor and harass dissidents online mirror the Vietnamese government’s efforts to suppress them on the ground, where activists report persistent and occasionally violent harassment by state agents.
The state convicted at least 63 bloggers and other nonviolent democracy activists last year of criminal offenses, Human Rights Watch said.
Vietnam is not unique in seeking to spy on electronic communications, as recent revelations about the actions of the US National Security Agency demonstrate. However, its activities are of special concern because of its human rights record in general.
Asked to comment on suspicions of state involvement in targeted surveillance, as well as the attack on the AP reporter, the Vietnamese government in a statement said: “Vietnam shares the attention of other countries in ensuring Internet security and is willing to cooperate with other countries in fighting high-tech crimes in general and Internet crimes in particular.”
Suppressing online dissent in Vietnam is becoming more difficult because of soaring Internet usage.
Close to 40 percent of the country’s 90 million people have Internet access, and because Vietnam has been less effective than China in restricting that access, many people are viewing uncensored news. Dissidents can network and publicize their activities — and acts of state repression — with comparative ease.
Security researchers have found hints of how Hanoi may be dealing with the challenge.
In 2010, Google and McAfee alleged that malicious software had been used to spy on tens of thousands of Vietnamese Web users. McAfee said the perpetrators of the attacks “may have some allegiance” to the country’s government.
Last year, researchers led by Google security engineer Marquis-Boire uncovered evidence suggesting a spyware suite called FinFisher was being used to track activists’ mobile communications inside Vietnam.
The government, through state media, has admitted to blocking thousands of “bad, poisonous Web sites and blogs,” and its sites have come under attack, presumably from dissident sympathizers. Hanoi’s Communist Party Propaganda Chief Ho Quang Loi said last year it employed 900 people to counter online criticism.
The attack on Thu’s blog showed how hacking and blocking can work as a one-two punch to knock out criticism.
The blog, Ba Sam, is one of the best-known dissident publications. It carries news, views, videos and photos from and about Vietnam of the kind that state media would never touch. After the blog was hacked, it took Thu a week to regain control, move it to a new address and put it back online.
Within weeks, authorities in Vietnam began blocking it to Web users inside the country. To view it now, people inside Vietnam have to use a proxy server, a relatively common technique for censorship evasion, but one that requires some knowhow. This means fewer people are seeing it.
Thu said her page views are down significantly and that she shut down her popular comments sections because of an organized campaign of abuse and spamming.
“It became too much trouble,” she said. “They sent me threatening messages saying, ‘I’m going to visit you in California.’”
Hacking a Web site and blocking it later is a known tactic, Hoang said.
“Defacing and defaming is done by a hidden force unofficially,” he said. “Blocking is done by the official force.”
The malware sent to Thu and the others was undetected by almost all the commercial antivirus software experts used on it. The e-mails accompanying the malicious link sent to the AP reporter exhibited some thought and degree of targeting: One purported to be from Human Rights Watch, the other from Oxfam. The e-mails were sent in November and last month.
Proving a Vietnamese state hand in the attacks is hard.
“As a general rule, pinpointing the actor behind is difficult. It is much more difficult than taking the malware apart,” said Eva Galperin, the Electronic Frontier Foundation activist who received the link.
“I think suspicion is warranted, but I would stop short of saying that I know the Vietnamese government responsible,” she said.
While some overseas activist groups run courses in cybersecurity for their members, the hackers appear to be winning the battle, Hoang said.
“In terms of time and effort and headcount and money, we can’t even compare to them. After a while we will be worn out. They slow the people down, make them frustrated, make them scared. They are going to make less and less people put out their message,” Hoang said.
Two sets of economic data released last week by the Directorate-General of Budget, Accounting and Statistics (DGBAS) have drawn mixed reactions from the public: One on the nation’s economic performance in the first quarter of the year and the other on Taiwan’s household wealth distribution in 2021. GDP growth for the first quarter was faster than expected, at 6.51 percent year-on-year, an acceleration from the previous quarter’s 4.93 percent and higher than the agency’s February estimate of 5.92 percent. It was also the highest growth since the second quarter of 2021, when the economy expanded 8.07 percent, DGBAS data showed. The growth
In the intricate ballet of geopolitics, names signify more than mere identification: They embody history, culture and sovereignty. The recent decision by China to refer to Arunachal Pradesh as “Tsang Nan” or South Tibet, and to rename Tibet as “Xizang,” is a strategic move that extends beyond cartography into the realm of diplomatic signaling. This op-ed explores the implications of these actions and India’s potential response. Names are potent symbols in international relations, encapsulating the essence of a nation’s stance on territorial disputes. China’s choice to rename regions within Indian territory is not merely a linguistic exercise, but a symbolic assertion
More than seven months into the armed conflict in Gaza, the International Court of Justice ordered Israel to take “immediate and effective measures” to protect Palestinians in Gaza from the risk of genocide following a case brought by South Africa regarding Israel’s breaches of the 1948 Genocide Convention. The international community, including Amnesty International, called for an immediate ceasefire by all parties to prevent further loss of civilian lives and to ensure access to life-saving aid. Several protests have been organized around the world, including at the University of California Los Angeles (UCLA) and many other universities in the US.
Every day since Oct. 7 last year, the world has watched an unprecedented wave of violence rain down on Israel and the occupied Palestinian Territories — more than 200 days of constant suffering and death in Gaza with just a seven-day pause. Many of us in the American expatriate community in Taiwan have been watching this tragedy unfold in horror. We know we are implicated with every US-made “dumb” bomb dropped on a civilian target and by the diplomatic cover our government gives to the Israeli government, which has only gotten more extreme with such impunity. Meantime, multicultural coalitions of US