Great Firewall rising: How China wages its war on the Internet

CNN | 26 October 2015

In April, the police came for Li Gang.

It was a visit he had been dreading for almost six months, since he began working on a tool to help Chinese Internet users get around the vast censorship apparatus known as the Great Firewall.

Crowded inside his apartment in a northern Chinese city, Li says the officers ordered him to stop work on the tool and remove all traces of it from the web.

He did what they said, posting a message online to explain why he was taking the tool down. He says the police came again and ordered him to delete the message.

Li Gang is a pseudonym.

He has asked that his real name not be used, out of fear of arrest, because he says he was the latest target of an ongoing crackdown by China’s reinvigorated Internet censors, who, activists say, have dramatically ramped up their war on the open web in the past year, shutting down tools that enable people to access blocked content and pressuring or threatening their developers, both in an out of the country.

“It’s getting worse and worse, more and more websites have been blocked,” Li told CNN.

Information prison

Since China began controlling its citizens’ Internet access in the mid-1990s, the censors have been engaged in an arms race with activists and developers to block tools that helped people jump over the Firewall and close loopholes that popped up.

Experts warn that as Beijing dedicates more and more money and effort to the fight, it may become increasingly one-sided.

“In the long run, people shouldn’t think that there might always be a technical solution to bypass censorship,” said Robert Knapp, chief executive and co-founder of Romania-based CyberGhost VPN, which, among other things, makes tools that assist people in bypassing internet controls.

Earlier this year, China’s legislature, the National People’s Congress, published a draft cybersecurity law that would cement government control over the internet and online activity. The measure is still under review.

Officials maintain that it would protect the personal data of Chinese users and “safeguard national cyberspace sovereignty, security and development.”

Chinese author and anti-censorship advocate Murong Xuecun echoes many critics when he says: “The [Great Firewall] fences in a Chinese information prison where ignorance fosters ideologies of hatred and aggression. If the firewall exists indefinitely, China will eventually revert to what it once was: a sealed off, narrow-minded, belligerent, rogue state.”

The Cyberspace Administration of China didn’t respond to multiple CNN requests for comment.

Jell-o, nailed

Beijing’s attempts to control the ‘net were once written off as misguided and doomed to fail. Former U.S. President Bill Clinton memorably likened it to an attempt to “nail Jell-o to a wall.”

Like the Chinese Communist Party itself however, the Great Firewall has not only outlasted any and all predictions of its imminent demise, but thrived and grown both in size and sophistication. According to researchers at the Berkman Center for Internet and Society at Harvard University, only about 1 to 3% of Chinese Internet users regularly jump the Firewall to browse the open Internet.

Some of the more enthusiastic and unlikely jumpers have been state media employees and propaganda officials, who most recently used Facebook and Twitter to promote President Xi Jinping’s visit to the U.S.

The harmonized web

Part of Beijing’s success is undoubtedly down to the accomplishments of the country’s homegrown tech industry, which has long cloned popular blocked services, creating Chinese versions that are as good if not better than their inspiration.

Instead of Google, Chinese users have Baidu; instead of Twitter, they have Weibo; and instead of Facebook, there’s WeChat; and for the majority of Chinese people, that appears to be enough. WeChat alone has more than 600 million monthly active users, bringing in billions of dollars in revenue.

However, as many researchers have shown, while these services are popular, they are also heavily filtered and censored, shutting down discussion on everything from the Tiananmen Square protests of 1989 to gossip about officials’ extra-marital affairs.

Here come the censors

An accurate estimation of the cost and size of the Great Firewall is impossible to come by, as much of the censorship happens in secret, but one indication of the sheer scale of the operation was given this year by the Chinese state media, which reported that more than two million censors are employed around the country, backed up by an incredibly sophisticated technological platform capable of analyzing web traffic and blocking tools designed to subvert it.

As the Great Firewall developed, so did tools to fight it. Over the years, activists and developers have adapted as fast, if not faster than the censors, moving from simple browser-based tools to sophisticated tunneling software and dedicated mobile apps.

“When faced with outright and obvious censorship, Chinese internet users don’t just give up — they push the limits,” said Charlie Smith, the co-founder of anti-censorship organization

Smith is a long-time activist. He uses the pseudonym Charlie Smith because he fears retaliation from the government.

The anti-censorship industry

It is impossible to gauge just how many Chinese would be interested in going beyond the Great Firewall to access the wider web, but Smith points out, the sheer size of China’s online population — 649 million at the end of 2014 — means that if even 1% jump the Firewall, then millions of people are gaining access to information Beijing would rather restrict.

The easiest and most-widely used method of jumping the Firewall is to use a virtual private network, or VPN, which tunnels traffic to a server outside of China with unfiltered Internet.

“Other solutions have gained some traction, but it’s a drop in the bucket compare to VPNs,” said Smith. Expats in China, in particular, are fond of VPNs, allowing them to ignore the restrictions of the Chinese Internet and browse as if they were at home.

“I never turn mine off,” said Erik Crouch, an American living in Shanghai, who pays around $120 a year for a VPN connection that he shares with his girlfriend.

“Without it, I would be cut off from most of what the world outside China considers to be ‘the Internet’.”

A small industry has sprung up to cater to those wanting to jump the Firewall, with almost 200 companies—based outside of China, beyond the country’s legal reach—competing to offer access to Facebook, Twitter, and other blocked sites.

An online counter-insurgency

Unsurprisingly, Beijing isn’t too fond of these commercial censorship fighters.

There have been regular clampdowns on VPN usage in China, such as earlier this year, when the Firewall underwent an “upgrade for cyberspace sovereignty”, according to the People’s Daily.

Igor Bidenko, chief information officer at U.S.-based Keep Solid VPN, said that the company’s website and services are “often blocked in China,” where around 15% of its customers are based.

“It’s frustrating, it takes a lot of manpower,” said CyberGhost’s Knapp. Most companies like his do not make the majority of their revenues from China, and the cost-per-user runs far higher for those from countries with censored Internet.

While it might not be their main priority, and can even cost them money, Knapp said that whenever the Chinese authorities introduce new blocking techniques, his team set about working around them.

“For the engineers, sometimes they see it as a fun challenge, a game to find new ways to unblock the service again,” he said.

Alongside VPNs, a host of other tools and services have sprung up, built by activists and developers and published online for free.

“The freedom aspect appeals to the politics of many people in the computer security field, as well as the real technical challenges [of beating the censors],” said Rob Johnson, a researcher at Stony Brook University and one of the developers of anti-censorship technology, The Castle.

Critics say the censors have sought to shut down as many of these tools as possible, targeting developers within China like Li and pressuring them to delete their apps. For those outside of the country, drastic measures are needed.

GitHub, a hugely popular U.S.-based service that hosts code and open source software, was hit with a huge distributed denial-of-service (DDoS) attack earlier this year, that overwhelmed its servers and forced it offline.

Cybersecurity researchers linked the attack to China, with the presumed purpose being to block access to tools hosted on GitHub, such as the anti-censorship group GreatFire and The Castle, which tunnels traffic through the firewall via online video games.

In a news conference shortly after the attack, a Chinese Foreign Ministry spokeswoman addressed claims about Chinese involvement saying, “It is quite odd that every time a website in the U.S. or any other country is under attack, there will be speculation that Chinese hackers are behind it…We have been underlining that China hopes to work with the International community to speed up the making of international rules and jointly keep the cyberspace peaceful, secure, open and cooperative.”

The future

Knapp warned that the day may soon come where commercial VPN providers are simply outgunned by Beijing, leaving only activists and volunteers to take on China’s huge censorship apparatus.

“Governments have unlimited resources to build this technology and they’re getting better and better at doing it, at some point there will be no way to bypass a perfect firewall.”

This doesn’t deter GreatFire’s Smith however, who says the government’s heavy-handed measures may even be counter-effective.

“The more the authorities censor, the more likely information about circumvention tools gets disseminated,” he said.

Li Gang, who says he put his freedom on the line to help Chinese Internet users access the open web, maintains he is still hopeful.

While he isn’t working on the project anymore, he says the authorities were not successful in taking it offline, and there are now “more developers working on it than it ever had before.”

Xi Jinping ‘devastating’ for human rights in China: Rubio

CNN | 8 October 2015

U.S. Senator and Republican presidential candidate Marco Rubio has blasted the human rights record of Chinese leader Xi Jinping.

Rubio, who co-chairs the Congressional-Executive Commission on China (CECC), said that “human rights and the rule of law have suffered a devastating blow” since Xi assumed the presidency.

“By nearly every possible measure, China today is more repressive and more brutal,” he said.

“Millions of Chinese people yearn for the same basic rights that we as Americans enjoy, but their aspirations have been met with intimidation, imprisonment, torture and even death.”

The CECC, created in 2000, monitors and reports on human rights and the development of the rule of law in China.

In the latest report, the bipartisan commission called for a top-down reformulation of U.S. human rights diplomacy with Beijing.

Obama criticized for not pushing Beijing on human rights

Human rights have taken something of a back foot in recent years when it comes to Sino-U.S. relations.

President Barack Obama has been criticised by Republicans for not doing enough to pressure Beijing on the issue.

During Xi’s recent state visit to Washington, Obama pointedly raised the issue during a joint news conference.

“We recognize that there are real differences there, and President Xi shared his views in terms of how he can move forward in a step-by-step way that preserves Chinese unity,” he said.

Obama also mentioned the name of Tibet’s spiritual leader — who is regarded by China as a separatist.

“Even as we recognize Tibet is part of the People’s Republic of China, we continue to encourage Chinese authorities to preserve the religious and cultural identity of the Tibetan people, and to engage the Dalai Lama or his representatives,” he said.

Xi said he was willing to have a human rights dialogue with the United States, but as is customary with Chinese leaders, he pointed out that the concept of human rights was seen differently in Beijing.

“We must recognize that countries have different historical processes and realities, that we need to respect people of all countries in the rights to choose their own development independently,” he said.

US President Barack Obama (L) and Chinese President Xi Jinping have a drink after a toast at a lunch banquet in the Great Hall of the People in Beijing November 12, 2014.

White House should threaten Great Firewall to curb Chinese cyber attacks, experts say as Obama-Xi summit nears

SCMP | 28 August 2015

As the world recalls how two atomic bombs were dropped on Japan to end the second world war in Asia 70 years ago, a digital deterrent of a similar magnitude could be Washington’s only way to stop cyber attacks from the latest Asian aggressor, China, experts say.

United States president Barack Obama is due to entertain his Chinese counterpart Xi Jinping in Washington next month on a state visit and the issue of cyber espionage will “no doubt” be addressed, Obama said recently.

The issue rose to the fore in the wake of a major attack this summer on the US Office of Personnel Management, which saw hackers make off with the personal information of over four million current and former federal workers.

Officials have pointed the finger at hackers linked to China’s People's Liberation Army, saying the data poses a security risk as it contains military records and other sensitive information, potentially including state secrets.

"We absolutely have to do something," said Dennis Poindexter, author of The New Cyberwar: Technology and the Redefinition of Warfare.

As such hacks become more audacious the US needs the cyber equivalent of a nuclear deterrent, added Poindexter, a former faculty member at the Defence Security Institute under the US department of defence.

He pointed to this year’s OPM hack as an example of Chinese hackers inadvertently crossing the line of “acceptable” state espionage.

Former head of the National Security Agency and Central Intelligence Agency Michael Hayden told the Washington Post after the attack that "if I could have done it [as head of the NSA], I would have done it in a heartbeat".

"You have to kind of salute the Chinese for what they did," said US director of national intelligence James Clapper in June, referring to the sophistication of the hack.

Since then, Obama has reportedly told his staff to come up with a series of retaliatory actions in the event of similar attacks.

“One of the conclusions we’ve reached is that we need to be a bit more public about our responses, and one reason is deterrence,” a senior administration official involved in the debate told The New York Times, speaking anonymously.

Measures under discussion reportedly range from sanctions and criminal indictments of suspected hackers to US-led attacks on the Great Firewall, China’s online censorship apparatus.

Obama approved sanctions on North Korea following the January hack of Sony Pictures, even though Kim Jong-un's regime remains only a suspect.

Adopting the same stance against China, the world’s second biggest economy, could be catastrophic for the US given the interconnectedness of global trade.

But the US has already shown it is not afraid to go after the Chinese military, with the US justice department levelling charges against five PLA officials last year.

The indictments came in the wake of a report by cybersecurity firm Mandiant that tied Shanghai-based PLA Unit 61398 to an active and highly effective hacking team it called APT1.

Mandiant has since been absorbed by cybersecurity firm FireEye. Richard Bejtlich is its chief security strategist.

Bejtlich said the aggressive move by Washington set alarm bells ringing in Beijing, and that he had personally heard PLA officers refer to the incident as a "national humiliation".

Beijing cancelled a high-level Sino-US working group on cyber affairs following the affair, while China’s state media labelled the US a "mincing rascal" and "high-level hooligan".

But charging high-ranking government officials would require gathering huge amounts of evidence and tying them to individual attacks – a difficult task in the murky world of cyber warfare.

Even if successful, it could prove a pyrrhic victory by exposing ongoing US intelligence operations.

"Probably the best thing we could do to offer some degree of deterrence is give [Chinese internet users] a way around the firewall," said Poindexter.

The Great Firewall has undergone several "upgrade[s] for cyberspace sovereignty" since the beginning of the year, according to the state-run People's Daily.

This week, popular virtual private network provider Astrill, which helps users jump the Great Firewall, said its services in China would be disrupted due to the upcoming Beijing parade marking the anniversary of the end of the second world war.

Two Chinese developers also removed anti-censorship apps from open-source code repository GitHub after pressure from Chinese police.

According to The New York Times, multiple officials within US intelligence agencies are advocating attacks on the Great Firewall.

This is "to demonstrate to the Chinese leadership that the one thing they value most — keeping absolute control over the country’s political dialogue — could be at risk if they do not moderate attacks on the United States", it reported.

By publicly committing to undermine Chinese internet filtering, the US could drive home how seriously it takes cyber attacks and economic cyber espionage.

"Just by saying it, we make them very concerned," Bejtlich said.

Other potential public deterrents could involve the US working with regional allies like Vietnam, which has centuries of bad blood with China, to form a united front.

Beijing has long been sensitive to efforts to "contain" it, such as bilateral agreements between countries with which it has territorial disputes in the South China Sea.

Ultimately, China and the US may not come to an effective agreement until a third party threatens both countries.

Bejtlich pointed to the huge economic benefit of targeting large companies in developed markets to steal trade secrets and intellectual property, a practice China has long been accused of.

As China’s high-tech and internet companies become more advanced and expand into developing markets, they may find themselves targeted by state-level hacking groups from foreign shores.

The attack earlier this year on Italian cybersecurity and surveillance firm Hacking Team, after which the perpetrators dumped gigabytes of the company's information and tools online, may accelerate this trend, Bejtlich said.

"The leaked info is a blueprint for anyone who wants to run a state-level malware group, and they've provided this playbook for any developing country who wants to run this kind of activity,” he said.

While statements from Obama and the White House give every indication that cybersecurity will be a key component of next month’s summit, experts were sceptical about whether any substantive agreement would be reached.

Poindexter was almost certain that "there will be some kind of joint statement about hacking", though he said it was unlikely there would be any major de-escalation of cyber attacks.

Simon Shen, a cybersecurity expert at the Chinese University of Hong Kong, said hacking is here to say.

"I'm afraid it's not possible for any country in the world to give it up," he said.


VPN down: China goes after Astrill, other anti-censorship apps in run up to WW2 anniversary parade

SCMP | 26 August 2015

With He Huifeng

A number of services used to get around Chinese internet restrictions have been taken down or disrupted in the run up to a major parade in Beijing next week to mark the 70th anniversary of the end of the second world war.

Popular virtual private network (VPN) provider Astrill warned users on Wednesday that they may suffer service outages between now and the parade on September 3.

VPNs allow users to tunnel their internet traffic through an uncensored server, bypassing the so-called Great Firewall (GFW).

"Due to upcoming Beijing's military parade next week, China is cracking down on IPSec VPNs using GFW auto-learning technique," Astrill said in a message to users.

One user in the Chinese capital said that the service had been unstable since Tuesday evening. "I tried at least ten times on my iPhone but only got online once," Zhou Jing told the South China Morning Post.

"It's very upsetting because I find myself disconnected from the outside world, no Gmail and no Facebook, no information from the world."

Zhou said she was afraid the block would continue past the military parade.

The crackdown on VPNs is the latest in a series of moves against anti-censorship apps by Chinese authorities in recent days.

On Tuesday, US-based code repository GitHub said it experienced a distributed denial-of-service (DDoS) attack that caused global connectivity problems for several hours.

DDoS attacks overwhelm servers with traffic and are a common tool of hackers seeking to take websites offline.

Prior to the attack, two Chinese developers removed their anti-censorship apps from the service after alleged police pressure, but several "forks", versions of the apps modified by other users, remain online.

"Two days ago the police came to me and wanted me to stop working on this," the developer behind the Shadowsocks anti-censorship app.

"I hope one day I'll live in a country where I have freedom to write any code I like without [being afraid]."

Another app, GoAgent, has also disappeared from the service, with its developer replacing the code with the message "Everything that has a beginning has an end". That message has since been deleted.

"Since January 2015, the authorities have stepped up their control over VPNs in China," censorship monitoring service GreatFire said in a blog post.

"This trend has continued into the summer and recently other circumvention tool developers have encountered problems."

In July, commercial anti-censorship tool Qujing was shut down following a visit from the authorities, its developers said in a statement.

"This incident with ShadowSocks makes it clear that the Cyberspace Administration of China is working closely with state security and local police to further Xi Jinping’s crackdown on internet freedom in China," said GreatFire.

In January, many popular VPN services were disrupted by what the People's Daily, the official mouthpiece of the Chinese Communist Party, described as an "upgrade for cyberspace sovereignty".

"The last couple months we've seen a real sea change in Chinese internet policy, where they've become more assertive about blocking Western sites and pushing back on their citizen's ability to access information from outside of the country," James Lewis, senior fellow at the US Centre for Strategic and International Studies, told the Washington Post in April following another attack on GitHub.


Chinese hackers spying on Tibetan groups in India for years, experts say

SCMP | 21 August 2015

Chinese hackers are believed to have targeted Tibetan exile groups in India that Beijing views as a threat for at least four years, despite China denying any official involvement in hacking.

One advanced team has been zeroing in on organisations there to steal information related to border disputes and Tibetan exile groups, according to cybersecurity firm FireEye.

Hacks were detected in the run-up to the first state visit to China by Indian Prime Minister Narendra Modi in April, and the group is likely still conducting attacks, FireEye said.

"Over the past four years, this threat group has [targeted] over 100 victims, approximately 70 per cent of which were in India," it said in a statement.

It “also targeted Tibetan activists and others in Southeast Asia, with a focus on governmental, diplomatic, scientific and educational organisations."

Beijing has viewed Tibetan groups in India with suspicion ever since the Dalai Lama fled China in 1959 to establish the Central Tibetan Administration, more commonly known as the Tibetan government-in-exile, in Dharamsala.

Unrest in China's Tibetan autonomous region in the run-up to the 2008 Beijing Olympics led to a crackdown by Chinese authorities and protests by Tibetan groups in India, Europe and North America. A spate of self-immolations in the Himalayan province in 2012 spurred another security crackdown.

China has previously been accused of spying on Tibetan organisations overseas in an apparent attempt to stave off future unrest at home.

In April, FireEye reported that a separate Chinese hacking team, APT30, had been spying on governments and businesses in Southeast Asia and India uninterrupted for a decade, echoing claims made by researchers at US firm McAfee in 2011.

China has always denied involvement in such operations.

"The Chinese government firmly opposes hacking attacks; this position is consistent and clear," foreign ministry spokesman Hong Lei said after the April report.

China has long been accused of spying on Tibetan groups in India, including the Tibet government-in-exile and the Dalai Lama.

In 2009, researchers at the Information Warfare Monitor, a Canadian NGO, accused Chinese hacking groups of breaking into computers at Tibetan government-in-exile organisations in London, New York and Dharamsala.

"Malware attacks against ethnic minority groups in China including Tibetans and Uygurs, and religious groups such as Falun Gong, go back to at least 2002, and possibly earlier," according to the University of Toronto's Citizen Lab, which monitors cybersecurity issues.

Uygurs are a Turkic-speaking ethnic group in the far western Chinese province of Xinjiang. Some complain of discrimination in favour of Han Chinese. Others have been accused of “terrorist” activity by Beijing, including one incident in 2013 when a jeep loaded with knives and sticks crashed in Tiananmen Square, killing five people.

While pinpointing the culprits for any given hack attack can be very difficult, FireEye experts told the Post that, at least in terms of the latest campaign, all signs pointed to China.

They said the attackers were "well-resourced, with long-term objectives", and conducted operations around the clock, indicating high levels of discipline and funding. The malware used also pointed to China.

"Collecting intelligence on India remains a key strategic goal for China-based APT groups,” said Bryce Boland, FireEye chief technology officer for Asia-Pacific.

“These attacks on India and its neighbouring countries reflect growing interest in [India’s] foreign affairs.”


Thousands of Hongkongers outed: Ashley Madison members brace for fallout from hacked data of 37 million users

SCMP | 20 August 2015

Users of Ashley Madison, the pro-infidelity dating website, are at risk of being outed after hackers dumped details of around 37 million accounts online.

An examination of the hacked data by the South China Morning Post unearthed thousands of '.hk' email addresses, including official government accounts. Credit card, home addresses and telephone numbers, and even user sexual preferences are also included in the leak.

While Avid Life Media, Ashley Madison's parent company, has not officially confirmed the authenticity of the leak, several leading security experts have vouched for it.

Brian Krebs, a cybersecurity researcher who broke the news of the original hack, was initially skeptical about the leaked data published this week.

However, in an update posted to his blog on Wednesday night, he wrote that "there is every indication this dump is the real deal".

"I've now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database," Krebs wrote.

The Post independently confirmed that a number of email addresses used in the past to register accounts with Ashley Madison appeared in the leak.

The data is still in fairly raw form, requiring a degree of technical expertise to access and analyse. However, information on hundreds of individual users has already been posted to Twitter, and is being freely shared on forums such as 4Chan and 8Chan.

It would not take a great deal of work to create a search engine to allow anyone to sift through the data, similar to that launched by Wikileaks in the wake of a massive leak from Italian cyber-espionage firm Hacking Team.

"There appear to be ongoing attempts to make the data much more easily available," according to internet media commentator John Hermann.

"It seems very likely that there will be a way for curious, non-technically-inclined people to search for the names of friends, spouses, partners, or anyone else very soon."

Troy Hunt, a security researcher who operates the website Have I Been Pwned, which allows people to check whether their emails are being traded by cyber criminals, has updated his service to include the Ashley Madison data.

Hunt's system is fairly secure and requires users to sign-up for notifications that they are affected personally by the hack, preventing members of the public searching for emails registered with Ashley Madison, but others may not be so scrupulous.

What's in the leaked data?

  • Account creation and last updated date
  • Membership type (paid, free, etc)
  • First and last name
  • Username
  • Street address
  • Phone number(s)
  • Date of birth
  • Gender (around 27 million male and 4.4 female identified accounts were included in the leak, a 6:1 ratio)
  • Profile tagline ("Young at heart seeking a mature lover", "nobody licks you better")
  • Weight and height
  • Ethnicity
  • Occupation
  • Security question(s)

Ashley Madison hackers publish data on cheating site, ‘’ emails spotted among Hong Kong user details

SCMP | 19 August 2015

Hackers who breached the servers of infidelity dating site Ashley Madison last month have allegedly followed up on their threat to post the service's user database.

Calling themselves the Impact Team, the hackers dumped almost 10 gigabytes of data in a file that includes credit card transactions, thousands of emails and personal data of users including everything from people's names to their sexual fantasies.

"Avid Life Media has failed to take down Ashley Madison," the hackers wrote, referring to the site's parent company in Canada.

"We have explained the fraud, deceit and stupidity of ALM and their members. Now everyone gets to see their data."

The US Federal Bureau of Investigation said on Tuesday that it is investigating the breach, as ALM lashed out at the hackers for hurting "innocent" people.

ALM said the Royal Canadian Mounted Police, the Ontario Provincial Police and the Toronto Police services are also involved in the investigation.

The data, which was uploaded in a raw text format and requires relatively sophisticated technical skills to browse, was quickly pored over by cybersecurity researchers and interested gawkers.

On forum 8Chan, which helped share hundreds of leaked naked photos of celebrities last year, users quickly began sharing tidbits of information found in the files.

Shared material included the email addresses of UK government bodies and major corporations. Commenters also started to publicly identify some of the users.

The news may also alarm the service's users in Hong Kong. Ashley Madison launched in the city in mid-2013.

An analysis of the email database published by the hackers returned more than 10,000 ".hk" addresses, as well as nine official "" email addresses. Governmental Ashley Madison users included employees of the Education Bureau, Social and Welfare Department, and the Legislative Council.

There were also hundreds of users with "" addresses, as well as 10 whose emails suggested they worked at one of the city's many non-governmental organisations, including one Mensa member.

It is unclear how many of those users are still paying customers. One of the hackers' main gripes with Ashley Madison was their allegation that the service's "full-delete" function, which charged users US$20 to remove their information from their databases, did not work in practice. The site responded by wiping this fee.

Credit card data released by the hackers showed more than 770 transactions in the last three years from users who listed their location as Hong Kong.


Does Tinder really have users in China and North Korea ‘even though Facebook is banned’?

SCMP | 12 August 2015

Dating app Tinder sparked much consternation, and no small amount of mockery, when it claimed on Wednesday that it has many users in China and North Korea.

During a flood of tweets sent out on its official account in response to a recent article in Vanity Fair that was somewhat critical of the service, Tinder said that the author should have spoken “to our many users in China and North Korea who find a way to meet people on Tinder even though Facebook is banned”.

Tinder is highly dependent on Facebook, users have to login with their Facebook account, and the app draws data from their profile and uses it to help them find matches. Facebook is completely blocked in mainland China and North Korea.

“We have users in all 196 countries, including China and North Korea. We cannot disclose additional information on our userbase there,” Tinder spokeswoman Rosette Pambakian told the South China Morning Post.

She did not respond to questions about how users in countries where Facebook is blocked could use the service.

“Bear in mind that North Koreans can’t access the internet,” said Simon Cockerell, general manager of Koryo Tours and longtime North Korea watcher.

“If they mean foreigners (who can access internet, and of course seeing blocked sites is a simple process) then ‘many’ is surely an overstatement as there aren’t a great many foreigners there.”

While users who registered a Tinder account with their Facebook profile before going to China or North Korea could feasibly use the service to see other users who did the same, this number is likely very small.

Tinder is available on China’s three most popular app stores – Baidu, Tencent, and Qihoo 360 – but total recorded downloads are around 70,000 on Android smartphones, an impressive figure but a long way from the service’s reported 50 million monthly users worldwide.

User reviews are also not good. One commenter on Qihoo’s store complained that the app “is not suitable for Chinese people” due to the Facebook requirement.

“Not much use in China,” another wrote.

Additional reporting by Kristine Servando


Chinese hackers use ‘Terracotta’ VPN to hijack servers of small businesses and attack government sites

SCMP | 5 August 2015

Hackers in China have been taking control of website servers from small businesses with weak security protocols and using them to mask their attacks on bigger prizes like government data sites, according to security researchers.

RSA Research said that a virtual private network (VPN) platform in China, which it dubbed "Terracotta", has been hacking into servers used by legitimate businesses.

"It would appear that by just hacking these [servers] and stealing the bandwidth and computing power, there's considerable cost savings involved," Peter Beardmore, RSA’s senior consultant for threat intelligence marketing, told CSO Online.

The servers are then sold as “digital camouflage” to other cyber criminals.

VPN services have a number of legitimate purposes, such as giving office workers remote access to a company’s network, or helping skirt China's Great Firewall, but they can also serve more nefarious purposes in the hands of hackers.

They can hide a user's location and IP address – the digital location of their computer – thus enabling hackers dodge law enforcement agencies.

As such, cybersecurity teams at large organisations, which are often targeted by hackers, will often will block the IP addresses of commercial VPN services.

"The [hackers] utilising the Terracotta network have effectively overcome this line of defence", the researchers said, by using regular website servers as a shield.

"Traffic emanating from the Terracotta node could appear as legitimate traffic from a legitimate domestic organisation, when in fact that organisation is a Terracotta victim with an infected server."

While it did not identify which VPN provider Terracotta is, RSA said it was one of many small commercial VPNs operating under-the-radar in China to help people avoid the country’s sweeping internet restrictions.

Such services are often sold on e-commerce sites like Taobao, run by Chinese e-commerce giant Alibaba, or via social media and online forums.


Offline messaging app FireChat, popular with Occupy protesters, wants to replace SMS and take on WhatsApp

SCMP | 30 July 2015

As the spirit of rebellion was rekindled on the streets of Hong Kong during last year’s Occupy Central pro-democracy protests, it was an app called, fittingly, FireChat that helped the demonstrators stay in contact when their phone or internet signals went down.

When users are connected to the internet, FireChat works like any other messaging app. But when the signal is weak or absent, it comes into its own, using Bluetooth or Wi-fi to bounce messages between phones until it can find an internet connection and be whisked off to its intended recipient.

The app saw a record number of sign-ups in Hong Kong after rumours abounded that police would shut off phone networks during the early days of the Occupy Central protests.

"What happened in Hong Kong last year was really unexpected for us," said Micha Benoliel, co-founder and chief executive of FireChat parent Open Garden.

Benoliel said that the app now has more than 500,000 users in Hong Kong, or around 7 per cent of the population.

This more than satisfies the 5 per cent density that FireChat estimates is needed for its offline messaging feature to work effectively.

FireChat was originally intended for use at concerts or in rural areas where internet access may be spotty. Its adoption as something of a political news sharing tool created some unexpected problems for Open Garden. It was also used by protesters in Iraq and Ecuador last year.

"We had to adapt very quickly," said Benoliel. "At that time, we only had public messages with big chatrooms."

One of the first features introduced was verified profiles, similar to Twitter and Facebook, so users could know that accounts sharing news or other key information were trustworthy.

On Thursday of this week, FireChat rolled out private messaging, a feature that raised a host of new problems in itself.

Previously, messages were transmitted to public chatrooms and not encrypted, which led to criticism from security experts.

With private messaging, encryption and security had to be front-and-centre, as messages may be stored and transferred between multiple phones before they reach their intended recipient.

"All FireChat private messages are encrypted from end-to-end," the company said in a statement.

"Only the sender and the recipient can read a private message."

The private messaging system means FireChat can compete with established messaging apps like WhatsApp or Facebook Messenger.

"You can use FireChat as any other messaging app, but where other apps fail, FireChat will work," said Benoliel.

As the company's second-largest market after the US, Hong Kong is of key importance to FireChat as the app struggles to overcome the catch 22 of all new social or messaging apps: attracting enough users to generate momentum.

One way of overcoming this hurdle would be to preinstall it on smartphones. Benoliel said FireChat is in talks with phone manufacturers and telecoms companies to do just that, particularly in emerging markets.

"Even the big carriers [in emerging markets], they can see this technology as a way to onboard more people at a very low cost," he said.

"Instead of installing a very large infrastructure" in places where coverage may be limited or unreliable, telcos can encourage customers to use FireChat, allowing them to "increase their reach with a minimal investment", he added.