Feature

Google Isn't China's Problem. Press Freedom Is.

Sure, Google's retreat from China is a big story. But we may be missing the bigger one.

Last week, Google finally made good on its vow to pull its search business out of China. The company announced that, henceforth, queries to its famed search engine made from mainland Chinese IP addresses would be routed through Google's Hong Kong site. It was a decision made after the company went public with complaints about surveillance and censorship in the People's Republic.

Is this a big story about the freedom of information in China? Sure. Chinese Web fans worry that Google's decision to leave the field to its homegrown rivals -- such as Baidu -- bodes ill for the future of the Chinese Internet. Without Google, the reasoning goes, Chinese cyberspace could well become more isolated and less competitive, a poor prospect for Chinese businesses and citizens.

But David Bandurski -- a researcher at the University of Hong Kong's China Media Project -- is worried about something else entirely. He says life is becoming harder for China's journalists, the ones who fill the Web with those stories in the first place. "The real issue isn't about a particular website or search engine," he says. "It is about the broader principle of public access to information."

Put bluntly: The climate for China's journalists is worsening, and it doesn't have anything to do with Google, or with the Chinese Communist Party's pretense to absolute ideological control of information. The problem is not that the party is scrubbing the Internet to remove stories it deems negative. The problem is the corrupt network between business and government, which places unwarranted pressure on journalists and editors. "It's no longer about abstract propaganda discipline," Bandurski says. "These days it's about specific money and power interests."

Case in point: In 2008, a newspaper called the China Business Post published a story that exposed malfeasance at the regional branch of one of China's biggest state banks. The bankers protested -- to powerful effect. One of their allies turned out to be a well-placed party chief who was tied to the businessmen through personal relationships. The next thing the journalists knew, the government had suspended the paper.

"The network of agencies devoted to media control in China, including the propaganda department, are now, more than ever before, mediators and players in a vast web of power and profit," Bandurski wrote in an analysis of the incident published in March 2009 in the Far Eastern Economic Review. "They no longer dish out just propaganda dictates; they dish out personal and professional favors too."

In some ways, these new party-backed capitalists are proving even more controlling of coverage than the old party communists were. Chinese journalists now complain of ever-tightening restrictions imposed by businesspeople supported by local political muscle. This cronyism even has a name in China -- guan shang gou jie, or, roughly, "business and government hooked together." In the old days, government officials called newspaper editors to complain about violations of the party line; now, they're calling to crack down on unflattering coverage of local companies. "Over the last five or 10 years these networks [of influence] have hardened," Bandurski says. As soon as someone at a company gets wind that someone is writing a story on them, they will tip off friends in the local government: "And they'll intervene and block it while it's still in the works." Many Chinese journalists are deeply demoralized as a result. The word they use to describe the current atmosphere is "winter."

To be sure, some journalists are still getting scoops -- like Wang Keqin, a dogged investigative reporter who broke a big story earlier this month about a private company that used its cozy connections to local notables to gain a monopoly on vaccine distribution in Shanxi province (population: 33 million). As Wang reported, negligent handling of the vaccines has led to the deaths of four children and permanent injury for at least 74 more. The story is threatening to mushroom into yet another scandal of major proportions -- though the party and its affiliates have been working hard to contain it. As Bandurski hastens to point out, stories like this get broken not because of some policy of calculated tolerance, but as a result of "chaos": The alliance between government and business does not always function seamlessly; the authorities sometimes work at cross-purposes. What meager room for genuine critical reporting exists in today's China is almost entirely the random product of such lapses, Bandurski says. It's certainly not the result of official tolerance.

It is worth noting, perhaps, that the Chinese Communist Party, entirely aware of the Web's transformative possibilities, does not allow Internet organizations to hire their own journalists. If you want a journalist to break some vital story in the public interest, more often than not you'll still need to open a good old-fashioned newspaper or a magazine. The great virtue of the Chinese Web, Bandurski says, is its ability to take these local stories and turn them into national ones -- like the 2008 tainted-milk scandal that ultimately affected some 30,000 babies. Regional newspapers played a key role in publicizing the scandal, which went viral as soon as Chinese websites picked it up.

But the Internet can only do that if reporters keep producing stories -- and that is getting harder all the time. Chinese journalists rely on the Web to publicize their scoops, but the government uses the Web to control public opinion. (It is worth pointing out that the government in Beijing has long assured its own people that the Internet is censor-free. One of the important ramifications of Google's retreat is that it has exposed the fraudulence of this claim.) Some -- most notably the New York Times' Nicholas Kristof in 2005 -- have argued that the steady expansion of broadband in China will ultimately pose a fundamental challenge to one-party rule.

Bandurski, by contrast, derides this view as "cyber-utopianism." For Bandurski, the litmus test is not whether netizens can run effective searches. It is whether reporters are allowed to report. That is a story that is bigger than the fate of a single company.

Li Xin/AFP/Getty Images

Feature

China's Hacker Army

The myth of a monolithic Chinese cyberwar is starting to be dismantled. A look inside the teeming, chaotic world that exists instead -- and that may be far more dangerous.

A flier for a prominent Chinese hacker’s presentation on the how-tos and wherefores of hacking, drawing on sources as diverse as Shakespeare, the Diamond Sutra, and … Google. Click through to view FP's exclusive slideshow. 

The autobiography of hacker SharpWinner opens on a bunch of young men in a high-rise apartment thick with cigarette smoke, in an unnamed city somewhere in China. Hacking is hard work, and this particular group, one of hundreds spread across the country, has been at it for hours. But the alpha male of the group, a "handsome and bright youth" -- throughout The Turbulent Times of the Red Hackers, SharpWinner refers to himself in the third person -- is unflappable. After he completes a backdoor intrusion into a Japanese website, he takes a break to field text messages from female admirers.

It would be easy to dismiss SharpWinner, who has promoted his book on national television, claiming he has a movie deal in the works, as an attention-hungry stuntman. And in fact, the news that Google and dozens of other companies had been hit by a mammoth attack originating in China this past winter evoked the strong arm of the Chinese government -- not SharpWinner's amorphous world of hacker bandits. The Internet giant said the decision to go public with information on Operation Aurora, as the hack has been dubbed, "goes to the heart of a much bigger global debate about freedom of speech." The Chinese government's spying on the email accounts of human rights activists, Google intimated, was behind its threat to pull out of China. (It has yet to make good on that claim.)

But a report released Tuesday by Atlanta security firm Damballa says the Aurora attack looks like work of amateurs working with unsophisticated tools. That revelation, along with a separate story in the Financial Times that a freelancer wrote the Aurora code, is focusing attention on China's loose web of cowboy hackers. And SharpWinner -- the leader of a coalition including anywhere from 50,000 to 100,000 civilian members and, before he disappeared from public view in 2007, a regular participant in international cyberconflicts, including the 2001 hacker war stretching from China to the White House -- is just the beginning.

The Aurora attacks represented an attempt by hackers apparently based in China to steal valuable information from leading U.S. companies. (So far the list of victims includes Adobe Systems and Dow Chemical, in addition to Google.* Over the weekend, a security researcher told Computerworld that Aurora might have penetrated more than 100 firms.) Investigators are still trying to understand where Aurora came from and what it means, but already some surprising clues have emerged. The Financial Times story followed on the heels of a New York Times story reporting that researchers have traced the attacks back to two Chinese universities, one of which has long been a training ground for freelance or "patriotic" hackers. Among the implications of these reports: The U.S. understanding of Chinese hacking is seriously out of date.

Western media accounts typically overlook freelancers in favor of bluster about the Chinese government. Some pair breathy accounts of cyberwar with images dredged up from 1960s People's Liberation Army propaganda, as if to suggest China has some centrally administered cyberbureau housing an army of professional hackers. Others make improbable or unsubstantiated allegations. Two years ago, a National Journal cover story claimed Chinese hackers were responsible for the 2003 blackout that crippled much of the U.S. Northeast, an event repeated investigations have attributed to domestic negligence.

In fact, the hacking scene in China probably looks more like a few intelligence officers overseeing a jumble of talented -- and sometimes unruly -- patriotic hackers. Since the 1990s, China has had an intelligence program targeting foreign technology, says James A. Lewis, senior fellow for cybersecurity and Internet policy at the Center for Strategic and International Studies. Beyond that, however, things get complicated. "The hacking scene can be chaotic," he says. "There are many actors, some directed by the government and others tolerated by it. These actors can include civilian agencies, companies, and individuals."

To anyone who speaks Chinese, that chaos is obvious. Google the characters for heike -- a transliteration of "hacker" that means, literally, "black guest" -- and you'll come up with pages and pages of results. Sites such as www.chinahacker.com, www.cnhacker.com, and www.hackbase.com contain step-by-step instructions, advertisements for how-to seminars -- become a hacker in a few short weeks! -- and screen shots of foreign casualties. And yet they are clearly not the work of the central government. Read on (or don't -- the sites are packed with malware and users visit at their own peril) and you'll find threads roiling with bitter infighting, foul-mouthed forum posts, and photos of scantily clad women.

"There are literally hundreds of these sites," says Scott J. Henderson, an intelligence contractor and former U.S. Army linguist who has written a book on Chinese hackers. "They all have different agendas and different personnel. It's not as well-coordinated as everyone sitting down in a room and someone saying, 'You, go write this code.' 'You, go write that.'"

Instead, China's hackers spring up organically. Mix together widespread youth nationalism with a highly wired population -- China now boasts the most Internet users in the world, with 384 million people online -- and out comes patriotic hacking. The self-described "red hackers" are the product of the "the fact that we live in a time when our country is moving toward prosperity," SharpWinner once said, quite accurately. Prosperity also ensures a market for abundant hacker memorabilia: hacker magazines, hacker T-shirts, and tell-all books like his. While traveling through rural China once, I stumbled across bins in a village store filled with Hacker brand candy. (It tastes like saltwater taffy.)

Every August, top hackers convene in Beijing for a conference ostensibly about information security but described by one participant as including seminars on common attack techniques. China's hackerati range from flamboyant prima donnas like SharpWinner to Sunwear, a slight, pixie-ish twentysomething who marks his website defacements with the innocuous tag line "just for fun!", to Xiao Tian, the unattainable femme fatale leader of China Girl Security Team. Many of their causes neatly overlap with the interests of the Chinese government. Take one of the events that drove the development of hacker culture in China: the 1999 NATO bombing of the Chinese Embassy in Belgrade. In retaliation, hackers plastered the website of the U.S. Embassy in Beijing with the phrase "Down with the Barbarians!" Or the targeting of email accounts of the Save Darfur Coalition, which opposes Chinese involvement in Sudan, in 2008. Or GhostNet, the cyberspying operation originating in China that was revealed last year to have infected 1,295 computers in 103 countries -- including the Dalai Lama's network in Dharamsala, India. The University of Toronto researchers who uncovered the attack have not yet pinpointed its architects, but in a report on the attack, they noted the operation could easily be the work of patriotic hackers using "do-it-yourself signals intelligence."

But the fact that these hackers' interests overlap with Chinese policy does not mean they are working on behalf of Beijing, and indeed many of their activities suggest no government interference at all. "Governments are not taking over botnets of compromised computers to conduct denial-of-service attacks," says Dorothy Denning, a professor of defense analysis at the Naval Postgraduate School in Monterey, Calif. It helps, however, that Beijing turns a blind eye to their attacks. An unwritten rule holds that freelance hackers are left alone as long as they target foreign sites and companies. Once they go after information inside China, the government cracks down. For a hacker interested in self-preservation, the choice is clear.

Another part of the bargain appears to be remaining open to government requests. If the Financial Times report is correct, Operation Aurora was executed with code developed by a thirtysomething freelance Web security consultant working independently, without government prodding. According to the paper's informant, described as a U.S. government researcher, the hacker simply posted a chunk of the code on a hacking forum, where it found its way into Chinese government hands. "He would rather not have uniformed guys looking over his shoulder, but there is no way anyone of his skill level can get away from that kind of thing," the researcher was quoted as saying.

The rest of the story should become clearer in coming months. But another report traces the attacks to servers at Shanghai Jiao Tong University's School of Information Security Engineering, one of China's top computer science schools and a hotbed for freelance hackers. For years, students there have freely organized hacker groups and traded war stories in forums hosted on the school website. In 2007, Shanghai Jiaotong graduate student and veteran hacker Peng Yinan hosted an information session titled "Hacker in a Nutshell" in a school conference room. The PowerPoint slides he worked off -- which until recently could be downloaded from his group's website, now down -- glorify hacker culture and explain successful techniques that can be tried at home, pointing out that Chicago Tribune reporters once uncovered contact information for thousands of CIA agents using a basic online service. A flier advertising the event described Peng as a consultant for the Shanghai Public Security Bureau.

Another student whose screen name appears on Peng's hacks -- but who told me he wasn't involved -- went on to work for Google.

Could Operation Aurora have been written by a freelancer, picked up by a bureaucrat, and then reassigned to a freelancer with ties to Google? It is a possibility worth entertaining, at least. Some have argued that the Chinese government should have more effective means for securing intelligence than students and online misfits. But others say a decentralized approach suits Beijing just fine. "You can see the benefits of having a blurry line," says Lewis. "The Russians do it all the time with Estonia: 'Of course it wasn't us. Can you prove it was us?'"

Ultimately, a loose connection between Beijing intelligence operatives and patriotic hackers is more troubling than a strong one. Governments operate under constraints. Gangs of young men -- as the United States has learned the hard way -- don't. "Certainly if it's government-sponsored cyberwarfare, I have someone I can deter," says Henderson. "If it's mutually assured online destruction -- OK, I can at least develop a theory on that. But with rogue Internet actors it's very difficult. They're potentially very dangerous."

The thought would flatter SharpWinner. In his TV appearance, he confided his concerns about hacking culture in China. He had witnessed the disintegration of some prominent hacker groups, and he fretted that most patriots simply get on board whenever some international incident flares up and lay off hacking foreign companies once things cool down. But with a little effort these challenges can be overcome, he concluded, saying that he is encouraged by a recent resurgence of interest in hacking. Then he addressed listeners directly. "Brothers," he intoned, "go with me! The future of red hacking is bright!"

*The original version of this article cited reports that RAND Corporation had been hit by Aurora. A RAND spokesman wrote in to say "RAND has not been hit -- we have no evidence of attacks or having been targeted by Aurora."

LIU JIN/AFP/Getty Images