Journalists' Yahoo E-Mail Accounts Compromised In China

andy1307 writes "According to this article in the New York Times, 'In what appears to be a coordinated assault, the e-mail accounts of at least a dozen rights activists, academics and journalists who cover China have been compromised by unknown intruders. The infiltrations, which involved Yahoo e-mail accounts, appeared to be aimed at people who write about China and Taiwan, rendering their accounts inaccessible, according to those who were affected. In the case of this reporter, hackers altered e-mail settings so that all correspondence was surreptitiously forwarded to another e-mail address. ... The victims of the most recent intrusions included a law professor in the United States, an analyst who writes about China's security apparatus and several print journalists based in Beijing and Taipei, the capital of Taiwan."

Damn Chinese!

[fuzzyfuzzyfungus]

Don't you know that you should do your wiretapping directly at the ISP level, like real Americans?

Re:Damn Chinese!

[Marcika]

Don't you know that you should do your wiretapping directly at the ISP level, like real Americans?

I'm sure that they know and they do. But wiretapping at the ISP level doesn't help if their victims use HTTPS or SSL IMAP/POP like pretty much all Gmail (and Yahoo?) users do. Real Americans(TM) subpoena Google or Yahoo records directly over their convenient law-enforcement interfaces -- China can't do that...

Re:Damn Chinese!

[KiloByte]

https is very easy to MITM if you can inject bogus signed certificates. For that you need to control a CA. Like, for example, CNNIC whose root certificate is included in MSIE and Firefox.

Please to vote on the bug report to remove this security hole.

Re:Damn Chinese!

[muckracer]

> https is very easy to MITM if you can inject bogus signed certificates.

agreed

> For that you need to control a CA.

agreed

> for example, CNNIC whose root certificate is included in MSIE and Firefox.

agreed

> Bug 542689 - Please remove CNNIC CA root certificate from NSS

agreed BUT: Why do you single out this particular CA when the valid issues you raised APPLY TO ALL OF THEM?!

Is anyone surprised?

China is a totalitarian state. Has been since 1949. What free trade has done is to make it a rich totalitarian state instead of a poor one. I never understood the argument that capitalism would lead to anything like democracy. Democracy [usually] leads to at least some level of capitalist/free-enterprise economy, but not the other way around.

Re:Is anyone surprised?

[dkleinsc]

I never understood the argument that capitalism would lead to anything like democracy.

The reason you can't understand that argument is that it's complete BS. It was created to try to convince Americans that the reason our government is making it extremely easy to trade with China is to spread democracy, not increase corporate profits at the expense of American workers' careers.

And historically at least, the system of government best suited to corporate profits is not democracy, but fascist-leaning dictatorships. That's true whether we're talking about Mussolini, Hitler, Franco, Pinochet, or Batista.

Re:Is anyone surprised?

[Hijacked+Public]

I don't understand it either, mainly because I think the climate in China is closer to free market capitalism than the climate in the US. In relative terms China is a capitalist utopia, particularly from a producer's perspective.

Re:Is anyone surprised?

[jav1231]

We should have shit-canned our trade with China when Tienanmen Square happened. Period. Everything after was hypocrisy.

Re:Is anyone surprised?

[MightyMartian]

It doesn't always work out, but having a middle class helps, also because they have time, skills, and money to spend on politics.

China is the great experiment. It's been a given since the the English Civil War that a middle and mercantile classes will demand, and will ultimately take a greater share of the political system. I posit that the Chinese leadership is hoping to accomplish the creation of a thriving middle class without any great increase in political liberties. Will the experiment work? Hard to say. Damned scary if it does, that's for sure.

This is why you don't do business with China

[smooth+wombat]

People roll their eyes when I tell them I don't buy products made in China. I refuse to support a government with such an abusive human rights record.

It's tough at times finding a product not made in China, but I use the free market to make my point.

Some people talk the talk when it comes to making a statement. Very few actually walk the walk.

Re:This is why you don't do business with China

I carved it myself, out of a solid lump of silicon.

Re:This is why you don't do business with China

[east+coast]

This is all the more reason to actively avoid their product; so that we can make it profitable for other countries to take up the production of items that only seem to sell at the lowest price point possible. It may cost us a little today but in the long run we won't be so attached to one provider that we have to put up with their abusive nature if we need to "cut the cord."

Re:This is why you don't do business with China

[u38cg]

The quickest way to sort out the human rights situation in China is to create a population with enough of a stake in society for it to be worth standing up and be counted. Free speech means very little when you're on the breadline. Even if your boycott had any meaningful effect, it would just make government repression easier, not harder - and China is quite easily big enough to run a closed economy if it wanted to.

Yahoo, MS is poison

[AHuxley]

With reports like "Yahoo 'helped jail China writer'" in 2005 ... would most people with any public or private interest in China stay with Yahoo's products in any form after its "complicity" over the past years?
http://news.bbc.co.uk/2/hi/4221538.stm

Re:So let's get this straight:

[Asic+Eng]

for 20 years now malware targets mostly DOS/Windows, yet these guys still use exactly that

Like everyone else on the planet. Not that it matters whether you access webmail via Linux or via Windows.

the main vector of malware coming in is via e-mail attachments, yet these guys keep clicking on them

Webmail cracked - that's almost certainly not clicking-on-attachments territory, more likely poor password choice. Access to company servers from the inside (employees collaborating with the attackers) is another possible path of attack.

signed e-mails and attachments would make reception thereof fairly safe, yet these guys have no idea about it

Works only on a node-to-node basis. If their contact doesn't have the tools, then they can't use it. Same applies to encryption obviously. Is PGP freely available in China? How long till the government detects that you are using PGP and takes you in for questioning solely based on that fact?

but then these guys probably would feign complete ignorance and amazement over the fact, that especially the totalitarian governments of the world don't exactly work with white gloves

If the Chinese government attacks western computer systems, that's news. It might require a political response, that should be in the public discussion. Regardless, it's certainly worth reporting.

...don't give a shit about your self-aggrandized ego of 'a journalist' and the hallowed freedom of press

Freedom of the press is vital for my freedom and for yours. I think your disdain is completely inappropriate here.