Hackers clash over China's rule in Muslim province

Messages left on defaced Web sites have supported or condemned China's rule over Xinjiang

Pro-China and pro-Muslim hackers have clashed online in a series of attacks on Web sites triggered by deadly ethnic riots in China's Muslim region last month.

Messages left on defaced Web sites have either supported or condemned China's rule over Xinjiang, the western province where rioting killed nearly 200 people. Chinese government Web sites have become the latest targets, adding to online attacks against an Australian film festival and a Turkish government site.

Searches on Friday revealed a dozen Web sites of local Chinese government offices that had been defaced with messages in support of the country's Uighur ethnic minority group. The Uighurs, a mostly Muslim group native to Xinjiang, have complained of poor protection of their culture and a lack of economic opportunity as China has encouraged migration to Xinjiang by Han Chinese, the country's large ethnic majority. Uighurs and Han Chinese carrying sticks and shovels hunted each other in packs during the rioting last month, which was triggered by an ethnic brawl in far-away southern China that left two Uighurs dead.

Messages on some of the defaced Web sites called China's policies toward Uighurs "genocide," and images left behind included the flag of the region's independence movement.

Hacking activities that support Uighurs have been uncommon, though local Chinese government Web sites are often defaced.

"Honestly, I've never seen or heard of a pro-Uighur hacker before," said Scott Henderson, the author of a blog that covers Chinese hackers, in an e-mail. "That was really unusual."

Chinese Web sites are often hacked, due mainly to weak security, Henderson said.

Pro-China hackers last month defaced the Web sites of the Turkish Embassy in China and the Melbourne International Film Festival. The embassy was targeted after Turkish officials criticized China following the unrest in Xinjiang, and the film festival was targeted as it prepared to show a documentary about Rebiya Kadeer, a Uighur leader accused by China of organizing the riots.

Attackers placed the Chinese flag and messages blasting Kadeer on the film festival Web site, and later organized a flood of the festival's online ticketing system that left the showing of the Kadeer documentary sold out.

Uighurs have links to Turkey, including their Turkic language and practice of Islam. Greater autonomy for Xinjiang and Tibet, among the most politically charged issues in China, is hotly opposed in the media and much of the country's populace.

Patriotic Chinese hackers have launched attacks on foreign Web sites before, including against CNN last year over its coverage of an uprising in Tibet.

The attacks this time seem to follow the usual pattern, Henderson said.

"When questions of sovereignty arise, the government issues a strong statement against the action, and the Chinese hackers find a way to give it an exclamation point," he said.

The attacks appeared to be done by individuals, though the mass ticket purchase was more clever and could have been social mobilization rather than a hack, Henderson said.

China blocked all Internet access in Xinjiang after the rioting last month, and Twitter and Facebook have been inaccessible across the country since the days following the event. China said late last month it had started restoring Internet access in the province only for certain businesses.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackerssecurityChina

More about CNNFacebookNN

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Owen Fletcher

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place