Let’s get real, script kiddies: It's time to stop defacing websites and start going after the good stuff.
- By Adam Segal<p> Adam Segal, the Ira A. Lipman Senior Fellow at the Council on Foreign Relations, writes for the Asia Unbound blog. Follow him on Twitter @adschina. </p>
Over the last few weeks, the hacker collective Anonymous has shifted its attention to China. On March 30, Anonymous China defaced the first five of what would soon be hundreds of business and a few minor official websites, warning the Chinese government that it is “not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall.” The Who’s “Baba O’Riley” (commonly known as “Teenage Wasteland“) played on many of the sites, and Chinese netizens were directed to a link that explained how to get around Internet controls. Another hacker associated with the group LulzSec told Reuters that he breached the China National Import & Export Corporation, a defense contractor, and downloaded company documents to several file-sharing websites.
The group is apparently not based in China, and appears to rely on translation tools to work through Chinese networks. So far Anonymous China hasn’t exposed anything particularly damaging. But China is a great country in which to dig: lacking a free press and ruled by the intensely paranoid Communist Party since 1949, it holds many secrets stored in fusty computer files across the Web.
Knocking down the Chinese regime is a tall order, but Anonymous China could certainly damage the Communist Party’s reputation. Here are five websites the group could hack for real secrets, Chinese-style:
1. China’s Central Organization Department and the Party History Research Center
The Chinese Communist Party, via its Central Organization Department (COD), reportedly keeps personal dossiers on every current or past official of the party above a certain rank.
The COD, the HR lobe of the party brain, is so secretive it doesn’t even have a public website, but Anonymous China could hack the websites of local Party History Research Centers, party clearinghouses that should contain the records of important officials at earlier stages of their career.
Want to know what Bo Xilai, the now-deposed party secretary of Chongqing and the center of China’s biggest political scandal in a generation did in Dalian? Hack the provincial party history website.
2.The Ministry of Defense
After announcing an 11 percent increase in defense spending this year, pushing the military budget over $100 billion, Chinese officials and defense analysts moved quickly to reassure the world that the spending was “reasonable” and in “accordance with Chinese economic development.”
The Stockholm International Peace Research Institute, however, estimates that China’s real defense spending is as much as 50 percent higher since the official number does not include the space program and foreign weapons purchases.
The higher the number, the greater the diplomatic challenge China faces in convincing its neighbors that its long-term intentions are peaceful. The Central Military Commission lacks a public website, and the site of the Ministry of Defense, an outward-facing portal probably not connected to sensitive military networks, is unlikely to provide any real nuggets. Anonymous may be able to piece together some figures by going after defense universities, military academies, research institutes and universities tied to the space program, and domestic and Russian arms dealers.
Over the last decade, China has witnessed an almost predictable cycle of crisis, cover-up, exposure, and eventually limited, but government approved, discussion of the event. SARS, Tibetan riots, and the crash of a high-speed train provoked a knee-jerk effort to control information followed by a relatively greater degree of transparency. Reporters from Xinhua, China’s official press agency, play two roles in covering events like these: They package the approved story for public consumption and send detailed investigative reports to high-level officials about what actually happened.
Like everyone else with an email inbox, these journalists are susceptible to spear-phishing attacks. Using information gathered on Weibo and other social media accounts, Anonymous could spoof emails with infected attachments or links to malware, like those that were sent to pro-Tibet activists. With access to everything on the journalists’ computers, they could release emails revealing clearer pictures of government cover-up and corruption.
4. The Foreign Ministry
Some of the more explosive revelations from the WikiLeaks State Department cable dump were the descriptions of foreign leaders by U.S. diplomats. Embassy staff called British Prime Minister Gordon Brown volatile and unpredictable, mocked Russian President Dmitry Medvedev as playing “Robin to Putin’s Batman,” described Afghan President Hamid Karzai as “driven by paranoia,” and ripped German Chancellor Angela Merkel as “not very creative.”
A breach in the Ministry of Foreign Affairs’ servers would likely reveal Chinese diplomats as equally petty and human in their descriptions of their counterparts, and one could only hope that interactions with quasi-allies like North Korean leader Kim Jong Un, Iranian President Mahmoud Ahmadinejad, and Sudanese President Omar Hassan al-Bashir would inspire them to new heights of literary creativity. To get the goods, Anonymous could target Chinese embassy and consulate employees for spear phishing. As a series of hacks of Indian embassies and government agencies showed, diplomats are just as likely to click on the link of the funny cat playing the piano as the rest of us.
5. Recovering China’s Stolen Secrets
At the end of Raiders of the Lost Ark, the Ark of the Last Covenant, which Indiana Jones has been desperately fighting to find and keep from the Nazis, is crated up, stamped “top secret” and stored deep in a government warehouse. Somewhere in China probably exists the data center equivalent, and on its servers could be sitting the booty of China’s alleged hacking of the rest of the world: the secrets of the F-35 fighter, Google’s source code, reports on top athletes from the World Anti Doping Agency, and the personal emails and musings of the Dalai Lama. By hacking those servers, Anonymous China could give a sense of the scope and scale of what many have called “the greatest transfer of wealth in history.”
The Chinese Communist Party insists that it is the only force that can guide China to economic and national strength and preserve stability. Its legitimacy is tied up in an image of efficacy and efficiency, of existing above political scrutiny. Praising China’s leaders as pragmatic realists that they can do business with, many in the West have bought into this image. The brand has been badly damaged recently with the removal of Bo Xilai, the exposure of his wife Gu Kailai’s corruption, and the reported murder of British businessman Neil Heywood. So far, Anonymous website defacements have been weapons of mass distraction — annoyances, but no real threat. If Anonymous really wants to further taint the regime’s reputation, it needs to go after the secrets.