Sunday, August 02, 2009

Waging war on Chinese hackers

Cyber attacks by Chinese government agencies or citizens have become so rampant that, except when critical sectors such as the US defense establishment are targeted, the world can manage little more than a shrug, as if this were the natural state of things. The latest instance of Chinese hackers targeting Web sites abroad involves the Melbourne International Film Festival (MIFF), which twice — last weekend and this — was attacked because of its organizers’ refusal to yield to pressure by Beijing not to screen 10 Conditions of Love, a documentary about exiled Uighur leader Rebiya Kadeer, and Canberra’s granting Kadeer a visa so that she could attend the screening.

While the first attack only involved alterations to content of the festival’s Web site (displaying the Chinese flag and anti-Kadeer slogans, as well as spam), the second forced the managers of the Web site to shut down online ticket sales. Richard Moore, the director of the MIFF, said that as 65 percent of ticket sales are carried online, the attack would have serious financial repercussions on the festival.

At this point, it is impossible to determine whether the attacks were orchestrated by the Chinese security apparatus or ultranationalist Chinese, with or without state sanction. Irrespective of this, the latest attack — and many others before it — represent political and economic warfare, and China has a responsibility to protect the financial interests of other countries. While Beijing certainly retains the right to express its displeasure, via diplomatic channels, at the policy decisions of other states, it is unacceptable for it to engage in, or at minimum condone, economic warfare against market economies that have contributed to its economic boom.

In light of this, private companies and countries that have been targets of Chinese economic warfare should not only challenge Chinese authorities to prevent such attacks in future, but also take legal action against the perpetrators.

China is one of the 187 members of Interpol (it took over the ROCs seat at the international law enforcement agency in September 1984). One of Interpol’s mandates is fighting financial and high-tech crimes, which include computer virus attacks and cyber-terrorism. As Beijing has openly admitted, China benefited tremendously from cooperation with Interpol during the Olympic Games last year, where the agency screened every visitor’s passport through its vast database. But membership in multilateral organizations does not just confer benefits upon its members; it also carries responsibilities. One such responsibility for Beijing is to punish perpetrators of cyber crime and prevent such attacks from recurring.

As it modernizes and continues to develop political and economic relations with the community of nations, China must demonstrate that it is a country run by rule of law, where the rights of individuals, governments and corporations are protected, both at home and abroad. Failing to do this, China will never be able to cultivate foreign confidence in its ability to address crime through rigorous law rather than the arbitrariness of ideology. Cyber crime would be a good area for Beijing to show its willingness to fight crime and fulfill its role as a member of Interpol and responsible global actor.

Whether we like it or not, Beijing has every right to use the appropriate channels to reprimand states that do not act according to its will, as it did by summoning Australia’s ambassador to China on the Kadeer visa. But to resort to disruptive economic warfare against private institutions or film festivals that present documentaries it disagrees with is not only childish — it goes against the very principles of global trade and, equally important, it undermines freedom of expression in other countries.

It’s about time the world stopped reacting with complacency to Chinese bullying, state-sanctioned or otherwise.


les said...

Turn the Great Firewall back on the Chinese. Block all access from the Chinese IP block. Really, traffic from China is of no benefit to most sites and that's where all the hacking / phishing attempts come from.

Anonymous said...

I find your reference to China being part of Interpol laughable. China is a nation without Rule of Law. Since it barely can contain its own lawless people, how would they participate in Interpol-realted crime prevention? Actually, I know that answer: missles, tanks, guns.

Anonymous said...

Maybe instead of passwords these sites should use English grammar tests ("For root access, add the correct indefinite articles to the sentence above.")

MikeinTaipei said...

Anonymous: I do not disagree with you on China’s membership of Interpol, nor did I write that with the assumption that Beijing would be a “good citizen” or willingly cooperate with the agency. However, I do believe that cooperation on law enforcement can serve as leverage on Beijing, and I also believe that even if Beijing protected Chinese on its territory from prosecution, Chinese nationals who are not in China but who engage in this type of activity should be brought to court (there are indications that Chinese nationals in Australia were behind some of the attacks on the festival Web site). If Interpol or other police agencies of which China is a member had guts (which remains uncertain), they could also make China’s membership contingent on its cooperation on such matters. After all, despite the far reach of Chinese police and spy agencies, they alone could not have carried out the screening of all foreign passports during the Olympic Games.