The Christian Science Monitor
Joshua Eaton, Correspondent
September 25, 2015
President Obama with Chinese President Xi Jinping as he welcomes him the White House on Friday.
While criticism aimed at President Xi during his state visit has focused on China’s suspected cyberattacks on US agencies and businesses, activists also say they are under constant digital assault from the Chinese government.
“I don’t have any secrets,” Rose Tang says, defiantly. Ms. Tang survived the Tiananmen Square massacre as a 20-year-old college student, and she continues to be outspoken against the Chinese government. But she still found it unnerving when Google contacted her recently to say someone else had tried to access her Gmail account.
“It’s psychological warfare,” says Tang, who now lives in New York City, and blames elements within the Chinese government for attempting to hack her e-mail. “It’s a very uneasy feeling, that you do not know if and when Big Brother is watching you and when and how he is going to punish you.”
Cybersecurity has been a major focus during President Xi Jinping’s visit this week to the US. Indeed, the Chinese government, military, and business entities have been the chief suspects in a string of recent hacks, including the massive Office of Personnel Management breach. On Friday at the White House, President Obama and President Xi jointly announced they’ve come to an agreement that neither country would intentionally back cyberespionage for the purpose of stealing trade secrets.
But even though China’s suspected hacks on US businesses have received the most attention, many US-based organizations that focus on Chinese issues such as human rights also say they are under near constant digital assault. And while the attacks can be difficult to trace with certainty, they say all signs point to the Chinese government.
Could you pass a US citizenship test? Find out.
PHOTOS OF THE DAY Photos of the Day 09/28
“There’s always something, all the time,” Nathan Freitas explains. Mr. Freitas founded the Guardian Project, which creates secure mobile phone applications for journalists and activists working in high-risk situations – including many organizations focused on human rights in China.
The Guardian Project is under regular attack, according to Freitas – everything from “spear phishing” e-mails that purport to be from a legitimate source but contain malware to Distributed Denial of Service (DDoS) attacks that attempt to overload web servers with malicious traffic. Large DDoS attacks usually only happen around major events such as a software update, Freitas says. But the most damaging attacks come in phony e-mails.
These so-called “spear phishing” e-mails can be incredibly sophisticated, but they’re based on decades-old social engineering techniques. The goal is to get a target to trust an e-mail and its contents so they click on a link or open an attachment. Once they do, the e-mail installs software on the target system that can give hackers near total control. From there, an attacker can alter files, delete information or simply surveil passively.
