Political bloggers in Vietnam are under a round of cyberattacks designed to block their websites, a sign of the widening use of targeted hacking to stifle government dissent worldwide, according to a new analysis by U.S. computer experts.
More than 15,000 infected computers are involved in the attack on just a handful of websites, and a "group of young people of Vietnam" has claimed credit. The attack coincides with a police crackdown in Vietnam on bloggers critical of the government.
But the analysis done by Atlanta-based SecureWorks, an Internet security firm, was not able to determine if the hackers were operating independently or at the behest of the Vietnamese government or Communist Party. The new analysis was obtained by The Associated Press.
The cyber strikes in Vietnam raise worries that such high-tech, carefully-aimed efforts to stamp out political criticism — potentially by foreign governments — are now expanding well beyond Eastern Europe, where cyber attacks used for political intimidation flared several years ago.
While using a network of computers to take down websites is fairly common, the latest attack is more targeted than most, said Joe Stewart, director of malware research for the SecureWorks Counter Threat Unit. Stewart said the strikes show there is a growing trend to use such attacks to send a political message, rather than to simply extort money — as has been done in other parts of the world.
"It is clear that the purpose of the botnet is to silence critics of the Vietnamese political establishment where their voices might reach beyond the borders of Vietnam," said Stewart in the analysis.
Vietnamese police arrested two bloggers over the past week. A third blogger, Nguyen Van Hai, continues to be detained, even after serving his 30-month jail term. Hai, known as Dieu Cay, was charged with tax evasion and sentenced to jail after encouraging people to protest at the Olympic torch ceremonies in Ho Chi Minh city shortly before the Beijing Olympics. He had been critical of Chinese and Vietnamese government policies.
Stewart, in an interview, said that the attack appears to have been timed around Dieu Cay's expected release date, and could have been designed to stunt the reach of protests when his incarceration was extended.
If that is so, Stewart said, "it would indicate some sort of collusion" between the authors of the attack and Vietnam's political establishment.
A message from the hackers posted on a website claimed that they are young people from Vietnam who want positive change in the country. The hackers did not respond to an e-mail request for further comment or information.
Earlier this year, Vietnamese-speaking Internet users around the world were targeted by an attack — dubbed Vulcanbot — that duped people into downloading a malware program. Analysts at the time said the attack was aimed at activists, including those who had been critical of a bauxite mining project in Vietnam that has ties to China.
Stewart said that the latest attacks, which he called Vecebot, may be a more targeted continuation of the Vulcanbot attacks, and could have been done by the same hackers. There has been some speculation that Vulcanbot was orchestrated by the Vietnamese government or Communist Party, but there has been no solid evidence connecting them to the attack.
According to the SecureWorks analysis, more than 13,000 of the infected computers in the botnet — or network of infected computers — are in Vietnam, while a couple hundred are in the U.S. Others are spread across Europe and Asia, including France, Germany, Italy, Japan and South Korea.
Vietnam, a one-party state, tightly controls the flow of information and has said it reserves the right to take "appropriate action" against websites it deems harmful to national security.
In 2007, Russian hackers crippled computer networks in Estonia for nearly three weeks. Around the same time, opposition party and independent media in Russia also charged that their websites were attacked.
And in the weeks leading up to the 2008 war between Russia and Georgia, Georgian government and corporate websites were hit with denial of service attacks. The Kremlin denied involvement.