Working on her blog in California one day, Vietnamese democracy activist Ngoc Thu sensed something was wrong. It took a moment for a keystroke to register. Cut-and-paste wasn't working. She had "a feeling that somebody was there" inside her computer. Her hunch turned out to be right.
A few days later, her personal emails and photos were displayed on the blog, along with defamatory messages. She couldn't delete them; she was blocked out of her own site for several days as her attackers kept posting private details.
"They hurt me and my family. They humiliated us, so that we don't do the blog anymore," said Thu, who is a U.S citizen. She has resumed blogging, but now the Vietnamese government is blocking her posts.
Activists and analysts strongly suspect Hanoi was involved in that attack and scores of others like it.
They say a shadowy, pro-government cyber army is blocking, hacking and spying on Vietnamese activists around the world to hamper the country's pro-democracy movement.
IT experts who investigated last year's attack on Thu said the hackers secretly took control of her system after she clicked on a malicious link sent to her in an email. By installing key-logging software, the hackers were able to harvest passwords, gaining access to her private accounts.
Subsequent investigation also found that an upgraded version of the malicious software, sent by the same group, was emailed to at least three other people: a British reporter for the Associated Press reporter based in Hanoi; a France-based Vietnamese math professor and democracy activist; and an American member of the Electronic Frontier Foundation, an online activist group, living in the United States. None of the three clicked the link.
It appears to be the first documented case of non-Vietnamese being attacked by a pro-government hacking squad that had already conducted attacks well beyond the borders of this Southeast Asian nation. Its actions would appear to violate the law in the United States at least.
"You see campaigns being waged against Vietnamese voices of dissent in geographically disparate regions. Now we have seen an escalation against people who report on those voices," said Morgan Marquis-Boire, a University of Toronto researcher and online privacy activist who dissected the malware and published the findings with the EFF. "It's unlikely that this is the work of an opportunist individual."
Suspicion of state involvement is based in part on the fact that attackers have spent tens of thousands of dollars hiring servers around the world from which to launch attacks, often changing them after a few days. This is because the attackers know activists will ask service providers to take them down, said Dieu Hoang, an Australian computer engineer who, along with several other activists, works to help defend the Vietnamese activists online. (continued...)
© 2014 Associated Press/AP Online under contract with YellowBrix. All rights reserved.