Apr. 4 – The Yahoo e-mail accounts of China and Taiwan-based journalists and other users have been hacked, apparently from China, in attacks similar to those that prompted Google to exit the country, the Economic Times has reported.
Apparently a number of China-based journalists had found their Yahoo accounts were inaccessible from March 25 with access only restored last Wednesday. Upon re-accessing their accounts however, many had found that their outgoing e-mails were also being secretly set to additionally forward outgoing messages to another, unknown address. This is similar to the circumstances surrounding the hacking of Google’s Gmail accounts.
Yahoo has not yet commented on the intrusions, except to state that it condemns all cyber attacks regardless of origin or purpose. Unlike Google, Yahoo maintains some of its email servers in China and did draw criticism from the U.S. Congress some years ago when it released to Chinese authorities details relating to the Yahoo email account of Chinese journalist Shi Tao.
Shi, who was later sentenced to ten years imprisonment for “illegally providing state secrets to foreign entities,” had sent an email from his Yahoo account to a U.S.-based pro-democracy web site summarizing a government order directing media organizations in China to downplay the then upcoming 15th anniversary of the 1989 crackdown on pro-democracy activists in Tiananmen Square. The Chinese authorities used email account holder information supplied by Yahoo to convict Tao in April 2005.
The issue again highlights the difficulties of using e-mails in China and of sensitive content falling into the hands of others.
I’m not sure yet about the implications of this, and it seems unclear how widespread the issue is. However, there are three main causes for worry: (1) Journalists being tracked is one thing, but for what purpose? If they offend China then surely deportation or cancellation of entry visas is the norm. The effective “spying” on prospective commentary doesn’t stack up again normal Chinese behavior concerning intrusive media. So why is it occurring? (2) I have concerns over how much hacking has / could be conducted (or could be) on key business accounts. I accept that many CEO’s in China communicate via their corporate accounts but many also use Yahoo etc for other personal matters that could also hacked into and contents revealed. Being regarded as secondary accounts, the users are unlikely to check them as often as journalists, (3) What is China trying to do? They’ll certainly deny it, but if China is behind this (which isn’t certain), what message are they sending? That being spied upon in China is OK? Subtle pressure on foreigners to leave? Pressure on Yahoo to follow Google out of the exit door?
Certainly the onus is on foreign executives to be very careful what information they transmit on what can now only be described as non-China secure public access email accounts.