US President Barack Obama (L) and Chinese President Xi Jinping have a drink after a toast at a lunch banquet in the Great Hall of the People in Beijing November 12, 2014.

White House should threaten Great Firewall to curb Chinese cyber attacks, experts say as Obama-Xi summit nears

SCMP | 28 August 2015

As the world recalls how two atomic bombs were dropped on Japan to end the second world war in Asia 70 years ago, a digital deterrent of a similar magnitude could be Washington’s only way to stop cyber attacks from the latest Asian aggressor, China, experts say.

United States president Barack Obama is due to entertain his Chinese counterpart Xi Jinping in Washington next month on a state visit and the issue of cyber espionage will “no doubt” be addressed, Obama said recently.

The issue rose to the fore in the wake of a major attack this summer on the US Office of Personnel Management, which saw hackers make off with the personal information of over four million current and former federal workers.

Officials have pointed the finger at hackers linked to China’s People's Liberation Army, saying the data poses a security risk as it contains military records and other sensitive information, potentially including state secrets.

"We absolutely have to do something," said Dennis Poindexter, author of The New Cyberwar: Technology and the Redefinition of Warfare.

As such hacks become more audacious the US needs the cyber equivalent of a nuclear deterrent, added Poindexter, a former faculty member at the Defence Security Institute under the US department of defence.

He pointed to this year’s OPM hack as an example of Chinese hackers inadvertently crossing the line of “acceptable” state espionage.

Former head of the National Security Agency and Central Intelligence Agency Michael Hayden told the Washington Post after the attack that "if I could have done it [as head of the NSA], I would have done it in a heartbeat".

"You have to kind of salute the Chinese for what they did," said US director of national intelligence James Clapper in June, referring to the sophistication of the hack.

Since then, Obama has reportedly told his staff to come up with a series of retaliatory actions in the event of similar attacks.

“One of the conclusions we’ve reached is that we need to be a bit more public about our responses, and one reason is deterrence,” a senior administration official involved in the debate told The New York Times, speaking anonymously.

Measures under discussion reportedly range from sanctions and criminal indictments of suspected hackers to US-led attacks on the Great Firewall, China’s online censorship apparatus.

Obama approved sanctions on North Korea following the January hack of Sony Pictures, even though Kim Jong-un's regime remains only a suspect.

Adopting the same stance against China, the world’s second biggest economy, could be catastrophic for the US given the interconnectedness of global trade.

But the US has already shown it is not afraid to go after the Chinese military, with the US justice department levelling charges against five PLA officials last year.

The indictments came in the wake of a report by cybersecurity firm Mandiant that tied Shanghai-based PLA Unit 61398 to an active and highly effective hacking team it called APT1.

Mandiant has since been absorbed by cybersecurity firm FireEye. Richard Bejtlich is its chief security strategist.

Bejtlich said the aggressive move by Washington set alarm bells ringing in Beijing, and that he had personally heard PLA officers refer to the incident as a "national humiliation".

Beijing cancelled a high-level Sino-US working group on cyber affairs following the affair, while China’s state media labelled the US a "mincing rascal" and "high-level hooligan".

But charging high-ranking government officials would require gathering huge amounts of evidence and tying them to individual attacks – a difficult task in the murky world of cyber warfare.

Even if successful, it could prove a pyrrhic victory by exposing ongoing US intelligence operations.

"Probably the best thing we could do to offer some degree of deterrence is give [Chinese internet users] a way around the firewall," said Poindexter.

The Great Firewall has undergone several "upgrade[s] for cyberspace sovereignty" since the beginning of the year, according to the state-run People's Daily.

This week, popular virtual private network provider Astrill, which helps users jump the Great Firewall, said its services in China would be disrupted due to the upcoming Beijing parade marking the anniversary of the end of the second world war.

Two Chinese developers also removed anti-censorship apps from open-source code repository GitHub after pressure from Chinese police.

According to The New York Times, multiple officials within US intelligence agencies are advocating attacks on the Great Firewall.

This is "to demonstrate to the Chinese leadership that the one thing they value most — keeping absolute control over the country’s political dialogue — could be at risk if they do not moderate attacks on the United States", it reported.

By publicly committing to undermine Chinese internet filtering, the US could drive home how seriously it takes cyber attacks and economic cyber espionage.

"Just by saying it, we make them very concerned," Bejtlich said.

Other potential public deterrents could involve the US working with regional allies like Vietnam, which has centuries of bad blood with China, to form a united front.

Beijing has long been sensitive to efforts to "contain" it, such as bilateral agreements between countries with which it has territorial disputes in the South China Sea.

Ultimately, China and the US may not come to an effective agreement until a third party threatens both countries.

Bejtlich pointed to the huge economic benefit of targeting large companies in developed markets to steal trade secrets and intellectual property, a practice China has long been accused of.

As China’s high-tech and internet companies become more advanced and expand into developing markets, they may find themselves targeted by state-level hacking groups from foreign shores.

The attack earlier this year on Italian cybersecurity and surveillance firm Hacking Team, after which the perpetrators dumped gigabytes of the company's information and tools online, may accelerate this trend, Bejtlich said.

"The leaked info is a blueprint for anyone who wants to run a state-level malware group, and they've provided this playbook for any developing country who wants to run this kind of activity,” he said.

While statements from Obama and the White House give every indication that cybersecurity will be a key component of next month’s summit, experts were sceptical about whether any substantive agreement would be reached.

Poindexter was almost certain that "there will be some kind of joint statement about hacking", though he said it was unlikely there would be any major de-escalation of cyber attacks.

Simon Shen, a cybersecurity expert at the Chinese University of Hong Kong, said hacking is here to say.

"I'm afraid it's not possible for any country in the world to give it up," he said.


VPN down: China goes after Astrill, other anti-censorship apps in run up to WW2 anniversary parade

SCMP | 26 August 2015

With He Huifeng

A number of services used to get around Chinese internet restrictions have been taken down or disrupted in the run up to a major parade in Beijing next week to mark the 70th anniversary of the end of the second world war.

Popular virtual private network (VPN) provider Astrill warned users on Wednesday that they may suffer service outages between now and the parade on September 3.

VPNs allow users to tunnel their internet traffic through an uncensored server, bypassing the so-called Great Firewall (GFW).

"Due to upcoming Beijing's military parade next week, China is cracking down on IPSec VPNs using GFW auto-learning technique," Astrill said in a message to users.

One user in the Chinese capital said that the service had been unstable since Tuesday evening. "I tried at least ten times on my iPhone but only got online once," Zhou Jing told the South China Morning Post.

"It's very upsetting because I find myself disconnected from the outside world, no Gmail and no Facebook, no information from the world."

Zhou said she was afraid the block would continue past the military parade.

The crackdown on VPNs is the latest in a series of moves against anti-censorship apps by Chinese authorities in recent days.

On Tuesday, US-based code repository GitHub said it experienced a distributed denial-of-service (DDoS) attack that caused global connectivity problems for several hours.

DDoS attacks overwhelm servers with traffic and are a common tool of hackers seeking to take websites offline.

Prior to the attack, two Chinese developers removed their anti-censorship apps from the service after alleged police pressure, but several "forks", versions of the apps modified by other users, remain online.

"Two days ago the police came to me and wanted me to stop working on this," the developer behind the Shadowsocks anti-censorship app.

"I hope one day I'll live in a country where I have freedom to write any code I like without [being afraid]."

Another app, GoAgent, has also disappeared from the service, with its developer replacing the code with the message "Everything that has a beginning has an end". That message has since been deleted.

"Since January 2015, the authorities have stepped up their control over VPNs in China," censorship monitoring service GreatFire said in a blog post.

"This trend has continued into the summer and recently other circumvention tool developers have encountered problems."

In July, commercial anti-censorship tool Qujing was shut down following a visit from the authorities, its developers said in a statement.

"This incident with ShadowSocks makes it clear that the Cyberspace Administration of China is working closely with state security and local police to further Xi Jinping’s crackdown on internet freedom in China," said GreatFire.

In January, many popular VPN services were disrupted by what the People's Daily, the official mouthpiece of the Chinese Communist Party, described as an "upgrade for cyberspace sovereignty".

"The last couple months we've seen a real sea change in Chinese internet policy, where they've become more assertive about blocking Western sites and pushing back on their citizen's ability to access information from outside of the country," James Lewis, senior fellow at the US Centre for Strategic and International Studies, told the Washington Post in April following another attack on GitHub.


Chinese hackers spying on Tibetan groups in India for years, experts say

SCMP | 21 August 2015

Chinese hackers are believed to have targeted Tibetan exile groups in India that Beijing views as a threat for at least four years, despite China denying any official involvement in hacking.

One advanced team has been zeroing in on organisations there to steal information related to border disputes and Tibetan exile groups, according to cybersecurity firm FireEye.

Hacks were detected in the run-up to the first state visit to China by Indian Prime Minister Narendra Modi in April, and the group is likely still conducting attacks, FireEye said.

"Over the past four years, this threat group has [targeted] over 100 victims, approximately 70 per cent of which were in India," it said in a statement.

It “also targeted Tibetan activists and others in Southeast Asia, with a focus on governmental, diplomatic, scientific and educational organisations."

Beijing has viewed Tibetan groups in India with suspicion ever since the Dalai Lama fled China in 1959 to establish the Central Tibetan Administration, more commonly known as the Tibetan government-in-exile, in Dharamsala.

Unrest in China's Tibetan autonomous region in the run-up to the 2008 Beijing Olympics led to a crackdown by Chinese authorities and protests by Tibetan groups in India, Europe and North America. A spate of self-immolations in the Himalayan province in 2012 spurred another security crackdown.

China has previously been accused of spying on Tibetan organisations overseas in an apparent attempt to stave off future unrest at home.

In April, FireEye reported that a separate Chinese hacking team, APT30, had been spying on governments and businesses in Southeast Asia and India uninterrupted for a decade, echoing claims made by researchers at US firm McAfee in 2011.

China has always denied involvement in such operations.

"The Chinese government firmly opposes hacking attacks; this position is consistent and clear," foreign ministry spokesman Hong Lei said after the April report.

China has long been accused of spying on Tibetan groups in India, including the Tibet government-in-exile and the Dalai Lama.

In 2009, researchers at the Information Warfare Monitor, a Canadian NGO, accused Chinese hacking groups of breaking into computers at Tibetan government-in-exile organisations in London, New York and Dharamsala.

"Malware attacks against ethnic minority groups in China including Tibetans and Uygurs, and religious groups such as Falun Gong, go back to at least 2002, and possibly earlier," according to the University of Toronto's Citizen Lab, which monitors cybersecurity issues.

Uygurs are a Turkic-speaking ethnic group in the far western Chinese province of Xinjiang. Some complain of discrimination in favour of Han Chinese. Others have been accused of “terrorist” activity by Beijing, including one incident in 2013 when a jeep loaded with knives and sticks crashed in Tiananmen Square, killing five people.

While pinpointing the culprits for any given hack attack can be very difficult, FireEye experts told the Post that, at least in terms of the latest campaign, all signs pointed to China.

They said the attackers were "well-resourced, with long-term objectives", and conducted operations around the clock, indicating high levels of discipline and funding. The malware used also pointed to China.

"Collecting intelligence on India remains a key strategic goal for China-based APT groups,” said Bryce Boland, FireEye chief technology officer for Asia-Pacific.

“These attacks on India and its neighbouring countries reflect growing interest in [India’s] foreign affairs.”


Thousands of Hongkongers outed: Ashley Madison members brace for fallout from hacked data of 37 million users

SCMP | 20 August 2015

Users of Ashley Madison, the pro-infidelity dating website, are at risk of being outed after hackers dumped details of around 37 million accounts online.

An examination of the hacked data by the South China Morning Post unearthed thousands of '.hk' email addresses, including official government accounts. Credit card, home addresses and telephone numbers, and even user sexual preferences are also included in the leak.

While Avid Life Media, Ashley Madison's parent company, has not officially confirmed the authenticity of the leak, several leading security experts have vouched for it.

Brian Krebs, a cybersecurity researcher who broke the news of the original hack, was initially skeptical about the leaked data published this week.

However, in an update posted to his blog on Wednesday night, he wrote that "there is every indication this dump is the real deal".

"I've now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database," Krebs wrote.

The Post independently confirmed that a number of email addresses used in the past to register accounts with Ashley Madison appeared in the leak.

The data is still in fairly raw form, requiring a degree of technical expertise to access and analyse. However, information on hundreds of individual users has already been posted to Twitter, and is being freely shared on forums such as 4Chan and 8Chan.

It would not take a great deal of work to create a search engine to allow anyone to sift through the data, similar to that launched by Wikileaks in the wake of a massive leak from Italian cyber-espionage firm Hacking Team.

"There appear to be ongoing attempts to make the data much more easily available," according to internet media commentator John Hermann.

"It seems very likely that there will be a way for curious, non-technically-inclined people to search for the names of friends, spouses, partners, or anyone else very soon."

Troy Hunt, a security researcher who operates the website Have I Been Pwned, which allows people to check whether their emails are being traded by cyber criminals, has updated his service to include the Ashley Madison data.

Hunt's system is fairly secure and requires users to sign-up for notifications that they are affected personally by the hack, preventing members of the public searching for emails registered with Ashley Madison, but others may not be so scrupulous.

What's in the leaked data?

  • Account creation and last updated date
  • Membership type (paid, free, etc)
  • First and last name
  • Username
  • Street address
  • Phone number(s)
  • Date of birth
  • Gender (around 27 million male and 4.4 female identified accounts were included in the leak, a 6:1 ratio)
  • Profile tagline ("Young at heart seeking a mature lover", "nobody licks you better")
  • Weight and height
  • Ethnicity
  • Occupation
  • Security question(s)

Ashley Madison hackers publish data on cheating site, ‘’ emails spotted among Hong Kong user details

SCMP | 19 August 2015

Hackers who breached the servers of infidelity dating site Ashley Madison last month have allegedly followed up on their threat to post the service's user database.

Calling themselves the Impact Team, the hackers dumped almost 10 gigabytes of data in a file that includes credit card transactions, thousands of emails and personal data of users including everything from people's names to their sexual fantasies.

"Avid Life Media has failed to take down Ashley Madison," the hackers wrote, referring to the site's parent company in Canada.

"We have explained the fraud, deceit and stupidity of ALM and their members. Now everyone gets to see their data."

The US Federal Bureau of Investigation said on Tuesday that it is investigating the breach, as ALM lashed out at the hackers for hurting "innocent" people.

ALM said the Royal Canadian Mounted Police, the Ontario Provincial Police and the Toronto Police services are also involved in the investigation.

The data, which was uploaded in a raw text format and requires relatively sophisticated technical skills to browse, was quickly pored over by cybersecurity researchers and interested gawkers.

On forum 8Chan, which helped share hundreds of leaked naked photos of celebrities last year, users quickly began sharing tidbits of information found in the files.

Shared material included the email addresses of UK government bodies and major corporations. Commenters also started to publicly identify some of the users.

The news may also alarm the service's users in Hong Kong. Ashley Madison launched in the city in mid-2013.

An analysis of the email database published by the hackers returned more than 10,000 ".hk" addresses, as well as nine official "" email addresses. Governmental Ashley Madison users included employees of the Education Bureau, Social and Welfare Department, and the Legislative Council.

There were also hundreds of users with "" addresses, as well as 10 whose emails suggested they worked at one of the city's many non-governmental organisations, including one Mensa member.

It is unclear how many of those users are still paying customers. One of the hackers' main gripes with Ashley Madison was their allegation that the service's "full-delete" function, which charged users US$20 to remove their information from their databases, did not work in practice. The site responded by wiping this fee.

Credit card data released by the hackers showed more than 770 transactions in the last three years from users who listed their location as Hong Kong.


Does Tinder really have users in China and North Korea ‘even though Facebook is banned’?

SCMP | 12 August 2015

Dating app Tinder sparked much consternation, and no small amount of mockery, when it claimed on Wednesday that it has many users in China and North Korea.

During a flood of tweets sent out on its official account in response to a recent article in Vanity Fair that was somewhat critical of the service, Tinder said that the author should have spoken “to our many users in China and North Korea who find a way to meet people on Tinder even though Facebook is banned”.

Tinder is highly dependent on Facebook, users have to login with their Facebook account, and the app draws data from their profile and uses it to help them find matches. Facebook is completely blocked in mainland China and North Korea.

“We have users in all 196 countries, including China and North Korea. We cannot disclose additional information on our userbase there,” Tinder spokeswoman Rosette Pambakian told the South China Morning Post.

She did not respond to questions about how users in countries where Facebook is blocked could use the service.

“Bear in mind that North Koreans can’t access the internet,” said Simon Cockerell, general manager of Koryo Tours and longtime North Korea watcher.

“If they mean foreigners (who can access internet, and of course seeing blocked sites is a simple process) then ‘many’ is surely an overstatement as there aren’t a great many foreigners there.”

While users who registered a Tinder account with their Facebook profile before going to China or North Korea could feasibly use the service to see other users who did the same, this number is likely very small.

Tinder is available on China’s three most popular app stores – Baidu, Tencent, and Qihoo 360 – but total recorded downloads are around 70,000 on Android smartphones, an impressive figure but a long way from the service’s reported 50 million monthly users worldwide.

User reviews are also not good. One commenter on Qihoo’s store complained that the app “is not suitable for Chinese people” due to the Facebook requirement.

“Not much use in China,” another wrote.

Additional reporting by Kristine Servando


Chinese hackers use ‘Terracotta’ VPN to hijack servers of small businesses and attack government sites

SCMP | 5 August 2015

Hackers in China have been taking control of website servers from small businesses with weak security protocols and using them to mask their attacks on bigger prizes like government data sites, according to security researchers.

RSA Research said that a virtual private network (VPN) platform in China, which it dubbed "Terracotta", has been hacking into servers used by legitimate businesses.

"It would appear that by just hacking these [servers] and stealing the bandwidth and computing power, there's considerable cost savings involved," Peter Beardmore, RSA’s senior consultant for threat intelligence marketing, told CSO Online.

The servers are then sold as “digital camouflage” to other cyber criminals.

VPN services have a number of legitimate purposes, such as giving office workers remote access to a company’s network, or helping skirt China's Great Firewall, but they can also serve more nefarious purposes in the hands of hackers.

They can hide a user's location and IP address – the digital location of their computer – thus enabling hackers dodge law enforcement agencies.

As such, cybersecurity teams at large organisations, which are often targeted by hackers, will often will block the IP addresses of commercial VPN services.

"The [hackers] utilising the Terracotta network have effectively overcome this line of defence", the researchers said, by using regular website servers as a shield.

"Traffic emanating from the Terracotta node could appear as legitimate traffic from a legitimate domestic organisation, when in fact that organisation is a Terracotta victim with an infected server."

While it did not identify which VPN provider Terracotta is, RSA said it was one of many small commercial VPNs operating under-the-radar in China to help people avoid the country’s sweeping internet restrictions.

Such services are often sold on e-commerce sites like Taobao, run by Chinese e-commerce giant Alibaba, or via social media and online forums.


Offline messaging app FireChat, popular with Occupy protesters, wants to replace SMS and take on WhatsApp

SCMP | 30 July 2015

As the spirit of rebellion was rekindled on the streets of Hong Kong during last year’s Occupy Central pro-democracy protests, it was an app called, fittingly, FireChat that helped the demonstrators stay in contact when their phone or internet signals went down.

When users are connected to the internet, FireChat works like any other messaging app. But when the signal is weak or absent, it comes into its own, using Bluetooth or Wi-fi to bounce messages between phones until it can find an internet connection and be whisked off to its intended recipient.

The app saw a record number of sign-ups in Hong Kong after rumours abounded that police would shut off phone networks during the early days of the Occupy Central protests.

"What happened in Hong Kong last year was really unexpected for us," said Micha Benoliel, co-founder and chief executive of FireChat parent Open Garden.

Benoliel said that the app now has more than 500,000 users in Hong Kong, or around 7 per cent of the population.

This more than satisfies the 5 per cent density that FireChat estimates is needed for its offline messaging feature to work effectively.

FireChat was originally intended for use at concerts or in rural areas where internet access may be spotty. Its adoption as something of a political news sharing tool created some unexpected problems for Open Garden. It was also used by protesters in Iraq and Ecuador last year.

"We had to adapt very quickly," said Benoliel. "At that time, we only had public messages with big chatrooms."

One of the first features introduced was verified profiles, similar to Twitter and Facebook, so users could know that accounts sharing news or other key information were trustworthy.

On Thursday of this week, FireChat rolled out private messaging, a feature that raised a host of new problems in itself.

Previously, messages were transmitted to public chatrooms and not encrypted, which led to criticism from security experts.

With private messaging, encryption and security had to be front-and-centre, as messages may be stored and transferred between multiple phones before they reach their intended recipient.

"All FireChat private messages are encrypted from end-to-end," the company said in a statement.

"Only the sender and the recipient can read a private message."

The private messaging system means FireChat can compete with established messaging apps like WhatsApp or Facebook Messenger.

"You can use FireChat as any other messaging app, but where other apps fail, FireChat will work," said Benoliel.

As the company's second-largest market after the US, Hong Kong is of key importance to FireChat as the app struggles to overcome the catch 22 of all new social or messaging apps: attracting enough users to generate momentum.

One way of overcoming this hurdle would be to preinstall it on smartphones. Benoliel said FireChat is in talks with phone manufacturers and telecoms companies to do just that, particularly in emerging markets.

"Even the big carriers [in emerging markets], they can see this technology as a way to onboard more people at a very low cost," he said.

"Instead of installing a very large infrastructure" in places where coverage may be limited or unreliable, telcos can encourage customers to use FireChat, allowing them to "increase their reach with a minimal investment", he added.

File picture shows projection of binary code on man holding a laptop computer in Warsaw

In war on cyber crime, website crippling DDoS attacks may be gaining the upper hand

SCMP | 24 July 2015

Distributed denial-of-service (DDoS) attacks are increasing in frequency and severity and costing companies millions of dollars.

They overwhelm servers with requests for data, usually from the networks of hacked or compromised computers controlled by a criminal organisation. They usually take the website down or require a huge investment to keep it online.

"Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprises around the world," said Darren Anstee, chief security technologist for Arbor Networks, which monitors such attacks globally.

Arbor found there had been a spike in the number of large-scale attacks, with more than 50 so far averaging over 100 gigabytes per second, the equivalent of 20 Blu-ray movie files.

The increase in attacks may be down to the plunging cost of launching one. Cybersecurity firm Incapsula reported last month that, thanks to a "growing botnet-for-hire industry", anyone can launch a DDoS attack against a website they dislike for as little as US$38 per hour.

For those companies that are hit, the costs can vary. Incapsula estimates that "the real-world cost of an unmitigated attack is US$40,000 per hour".

Last December, hacking group Lizard Squad launched large-scale DDoS attacks against the PlayStation and Xbox Live networks, taking both of them down for an extended period and ruining Christmas for more than a few dedicated gamers.

Cloud services can help relieve some of the load by spreading the requests across dozens if not hundreds of servers. But such solutions are expensive and out of reach for many small businesses.

DDoS protection tools, like those offered by Cloudfare or Incapsula, check the requests before they reach the site.

They often delay it from loading to ensure the prospective visitor does not have malicious intentions. But this can slow down load times, much to the irritation of users.

As hackers keep proving, no system is foolproof and very large attacks are still quite capable of overwhelming the most sophisticated and expensive defence mechanisms.

"If a very determined bad guy aims at you, they've got a pretty good chance [of causing an outage]," Mark Egan, co-author of The Executive Guide to Information Security, told PC Gamer after last year’s PlayStation hack.


Taylor Swift, or Tiananmen Square? 1989 clothing line courts controversy in China

SCMP | 22 July 2015

Chinese e-commerce giants and Alibaba may have landed the rights to Taylor Swift's fashion line, but some of her offerings may prove surprisingly controversial in China.

According to the Wall Street Journal, Swift partnered with the two e-commerce platforms in order to head off counterfeits ahead of her upcoming November shows in Shanghai as part of a global tour to promote her newest album, 1989.

The name of that album however, a reference to Swift's date of birth, may pose a problem for the artist in China, and for her local partners.

Beijing is notoriously sensitive to references to the Tiananmen Square crackdown of June 4, 1989, routinely censoring search results and social media posts. The event's anniversary even has a tongue-in-cheek nickname on the Chinese web: "internet maintenance day".

On Weibo, China's domestic version of Twitter, mentions of "六四事件" (June 4th incident) and related terms are not allowed. In 2013, even searches for "big yellow duck" were blocked, after users began sharing a modified version of the iconic "Tank Man" image with ducks instead of tanks.

A Swift-branded hoody emblazoned with "TS 1989" may not impart the same message in China as it does back in Nashville.

While it is unclear whether the Chinese Taylor Swift range will reference the album name, a advert promoting it featured Swift in a 1989 tank top.

A spokesman for JD would say only that the firm was "exclusively carrying an entirely new fashion line designed for the Chinese market".

"Taylor Swift's team has been working closely with Tmall to open her Tmall flagship store. We are confident that Taylor Swift's Tmall store and her brand will be a hit in China, and we look forward to offering her unique, premium apparel designs to our 350 million annual active buyers," an Alibaba spokeswoman told the Post.

Heritage66Company, a Nashville-based branding company that is representing Swift and bringing her line to China, did not respond to a request for comment.