Responsive Image

Journalists’ E-Mails Hacked in China

Originally Published by The New York Times, 31March 2010

By ANDREW JACOBS

BEIJING — In what appeared to be a coordinated assault, the e-mail accounts of more than a dozen rights advocates, academics and journalists who cover China have been compromised by unknown intruders. A Chinese human rights organization also said that hackers had disabled its Web site for five days in a row.

The infiltrations, which involved Yahoo e-mail accounts, appeared to be aimed at people who write about China and Taiwan, rendering their accounts inaccessible, according to those who were affected. In the case of this reporter, hackers altered e-mail settings so that all correspondence was surreptitiously forwarded to another e-mail address.

The attacks, most of which began March 25, occurred the same week that Google angered the Chinese government by routing Internet search engine requests in mainland China to Google’s site in Hong Kong. The company said the move had been prompted by its objections to censorship rules and by a spate of attacks on users of Google’s e-mail service, which the company suggested had originated in China.

Those cyberattacks, which began as early as last April, affected dozens of U.S. companies, law firms and individuals, many of them rights advocates critical of the Chinese government.

The victims of the most recent intrusions included a law professor in the United States, a Uighur exile in Sweden, an analyst who writes about China’s security apparatus and several print journalists based in Beijing and Taipei.

“It’s very unsettling,” said Clifford Coonan, a correspondent for The Irish Times and The Independent whose e-mail account was rendered inaccessible last week after Yahoo detected that someone had gained access to it remotely. “You can’t help but wonder why you’ve been targeted.”

Dilxat Raxit, a spokesman for the World Uyghur Congress, an organization that seeks greater autonomy for China’s Xinjiang region, said many of the e-mail messages in one of his two Yahoo accounts appeared to have been read when he logged on in recent weeks. The other account, he said, had been inaccessible for a month.

Mr. Raxit also said that he was unable to reach three Uighur friends in China with whom he previously corresponded frequently.

“I’m 100 percent I’ve been hacked,” he said from Sweden. “I’m angry at the Chinese, but I blame Yahoo for allowing this to happen.”

In an e-mail exchange, Dana Lengkeek, a Yahoo spokeswoman, declined to discuss the incidents, citing company policy. “We are committed to protecting user security and privacy and we take appropriate action in the event of any kind of breach,” she said.

Kathleen McLaughlin, an American freelance journalist in Beijing who is on the board of the Foreign Correspondents’ Club of China, said the group had confirmed that the e-mail accounts of 10 journalists, including her own account, had been compromised. Like the others, Ms. McLaughlin said she had received a message from Yahoo on March 25 indicating that her account had been disabled because, according to an automated message, “we have detected an issue with your account.” Ms. McLaughlin said she had contacted Yahoo but that she had yet to receive an explanation of what happened. “Someone is clearly targeting journalists,” she said. “It makes me feel very uncomfortable.”

Yahoo, which merged its Chinese operations with the Chinese e-commerce company Alibaba, has faced criticism for cooperating with government security officials in the past. In 2006, Yahoo turned over data that officials used to help prosecute several dissidents. One, a journalist named Shi Tao, was later given a 10-year sentence for leaking a secret propaganda directive.

Unlike services offered by Google and Microsoft, e-mails sent through Yahoo’s Chinese domain, .cn, are stored on local servers and subject to Chinese law, a factor that has driven some privacy-conscious users away from Yahoo’s e-mail services.

Computer security experts say that infiltration of Yahoo’s e-mail service once again highlights the challenges that Internet companies face in protecting their customers from hackers.

Click here to read the article in full: