realhackhistoryHistory of Hacktivism in China – 1998 Indonesia Riots (Chinese Patriotic Cyberwars)
Introduction
In May of 1998 unrest broke out on University campuses in the Indonesia city of Medan, protests had been ongoing but the death of a student that was blamed on security forces added fuel to the fire.
The Indonesia economy back then was devastated by the Asian Financial Crisis, the government was accused of intense corruption and there were food shortages and mass unemployment.
All of this was in the foreground, in the background was endemic discrimination and prejudice against ethnic Chinese people within Indonesian society dating back decades and decades.
When the protests turned into riots it was the ethnic Chinese community that bore the brunt of anger and violence, with 168 rapes recorded along with murder, violent attacks and looting of ethnic Chinese businesses and homes.
It is not the focus of this blog but it is interesting to note that some observers back in 1998 pinpointed the internet itself as one of the driving forces behind the initial riots in Indonesia.
I have made extensive usage of news articles, books and blogs in writing this, in some cases I have had to translate from Chinese to English using automated online services. I’ve done my best to note where these translations have taken place.
I recommend two different books if you want to better understand the origins and nature of Chinese hacktivism, these are The Dark Visitor: Inside the World of Chinese Hackers by Scott J. Henderson and Chinese Cyber Nationalism by Xu Wu.
It is well beyond the scope of this blog but it is interesting to note that some of the core members of groups involved in these early years of Chinese hacktivism have gone on to be accused of links to China’s current government backed APT hacking groups. One member in particular, coldface, who was a foundational member of a group we will be discussing in this blog, the Green Army, was indicted this year (2025) by U.S. authorities for his alleged involvement with APT27 intrusions into U.S. systems.
The Green Army
The Green Army, or Green Corps (绿色兵团), was founded in 1997 by a Shanghai based hacker known as goodwill, it was China’s first major hacker community and created to pursue the principles of “freedom, equality, and sharing”. This early community was explicitly founded around non-political ideals of knowledge sharing, peacefulness and cooperation. By 1998 the Green Army community numbered in the thousands.
I have tried to learn more about hacking in China before the patriotic cyberwars era, there certainly were some cases of data theft, fraud and website defacement but documentation of any of it is very slim.
The Nation, 13th of July, 1998It makes sense to me, and has been observed by other writer and some of the hackers involved themselves, that if the Chinese authorities were fearful of hackers then hackers championing Chinese patriotism and attacking perceived enemies of China must have gone a long way to shield them from repercussions. These self styled patriotic hackers called themselves “hong-ke”, which literally means “red guest” as opposed to “hei-ke” which means “black guest.” Red here is of course the color associated with the Chinese flag, so these red hackers were distancing themselves from the perceived criminal element in the Chinese computer underground at the time.
Old school Chinese hacker Wu Hanqing termed this time, from 1994 through to 1998, as China’s hacker Enlightenment Era, when people were motivated by curiosity and a love of technology without any malicious intent. What was to follow he called the Golden Age, the period in which nationalist fervour overtook the hacking scene in China and the Chinese public became fascinated with the exploits of home grown hackers.
China’s Internet in 1998
The internet had reached China in 1994 but by 1998 it is estimated only 0.2% of people were online, compared to an estimate of 30% adoption in the United States. Chinese colleges or universities were a place where people could more easily use computers and access computer networks, including the internet.
Reading account of events from 1998 it is very obvious that this first generation of Chinese hackers were, in general, older than the equivalent first generations of hackers in countries like America.
Chinese hackers realized that they could use their internet access and computer skills to assert themselves and bypass the Chinese government, to make their voices heard directly on the international stage.
“Fundamentally, the methods used by cyber hackers are no different from those used by college students to throw rocks and ink bottles at the U.S. Embassy. It’s just a means of venting, not an attempt at aggression,” said Min Dahong, a professor at the Institute of Journalism and Communication of the Chinese Academy of Sciences.
…
“Before 1998, in every major event that occurred in China, the only voice that could be heard abroad was the official Chinese voice. But after the anti-Chinese wave in Indonesia, Chinese netizens used their actions to convey their voices directly to the people they wanted to reach,” said Min Dahong.
The fleeting passion of hacker culture, http://www.sina.com.cn, March 9th, 2005 (translated by Google)
The Chinese government was not willing to countenance physical protests, even against the governments of other nations, in case those protests were to turn against the Chinese government itself. The internet then provided idealistic and outraged students an outlet to demonstrate the depth of their anger while avoiding making themselves obvious targets for a repressive government at home. The spectre of Tiananmen loomed less large on student BBSes.
The Passionate Era of Chinese Hacktivism Begins
It took three months for photos, news and accounts of the violence committed against ethnic Chinese Indonesians to reach the Chinese internet of 1998. When the nascent hacker scene in China became aware of what had transpired it transformed the hacking scene there and set into motion what became the first of “six cyber wars”.
Numerous Chinese women were brutally raped and murdered, Chinese supermarkets were looted, and many inhumane Indonesian anti-Chinese elements posted numerous images of Chinese people being brutally assaulted online. This series of actions infuriated the nascent Chinese hackers, who spontaneously gathered in IRC chat rooms and, in groups of eight to six, spammed Indonesian government websites and used ping attacks. These seemingly naive attack methods forged the initial unity and tenacity of Chinese hackers, laying the foundation for the later formation of the “Red Hacker” movement. .
Essential Cybersecurity Top-Secret Analysis: The X-Files of Chinese Hackers – Chapter 3, September 2009 (translated by Google)
On Friday, August 7th 1998 tokobudi.co.id was hacked by Chinese hacktivists and an accompanying post was made on a ChinaByte discussion forum. ChinaByte had been founded the previous year and was China’s first IT news portal. The post about the Indonesian government website defacement had caught the attention of a ChinaByte editor who then included the url of the defaced site and a few lines about the hack in an email newsletter sent out to tens of thousands of subscribers.
The Green Army were about to transform from a curiosity driven loose collective into a hacktivist fighting force.
This was the start of what was known in Chinese hacking circles back in the early 2000s as the first of six patriotic hacktivist “cyber wars” that were to take place between 1998 and 2001.
Defacement of tokobudi.co.id, August 7th, 1998Sunday the 9th of August saw a further Indonesian website defacement, this time http://www.vsi.dpe.go.id, a government site.
Defacement of http://www.vsi.dpe.go.id, August 9th, 1998The lengthy text of the defacement included the following poem:
A meteor streaks across the sky, fleeting and ephemeral,
Is it the crystalline tear of a falling petal?
Such beautiful flowers, cut down so cruelly by vile hands?
Simply because they share a common name: “Chinese”?
A meteor streaks across the sky, fleeting and brief,
Is it the fiery blossoms welcomed by angels?
Such young bodies, reduced to ashes in the flames of evil?
Simply because they share a common name: “Chinese”?
A meteor streaks across the sky, fleeting and brief,
Is it the cold gleam of a vengeful crescent moon?
Such crimson blood must not flow in vain on that filthy land!
Simply because we share a common name: “Chinese”!
Translated by Google from defacement of http://www.vsi.dpe.go.id, August 9th, 1998
The same defacement also included the exhortation “let us, China’s hackers, teach these barbaric outsiders a lesson”. Many hackers were to answer this call to arms. You can find archives of these early defacements here, many other defacements by Chinese hacktivists from around this time have proven impossible for me to track down, along with coverage on sites like ChinaByte.
On Monday the 10th of August news of the hacking of these Indonesian websites was on the front page of ChinaByte with a headline that read roughly “Indonesian anti-Chinese violence angers Chinese hackers”, and the subtitle “Internet anger rises.”
At this point the more technical portion of China’s online population, the exact people who would frequent a tech news site, were aware not only of the terrible events surrounding the riots in Indonesia back in May, but also that Chinese hackers were taking action to address the atrocities that were committed.
Second defacement of http://www.vsi.dpe.go.idTo rally more people to join the fight, several technical hackers spearheaded the formation of the “China Hacker Emergency Conference Center,” responsible for coordinating attacks on Indonesian websites. The anti-Chinese incidents in Indonesia inspired a large number of netizens to engage in hacking. Some returned to real life after the attacks, while others pursued their hacker ideals with unwavering dedication. This incident also made the hacker group “Green Army” famous on the Chinese internet, giving rise to the later “China United Green Alliance.”
Essential Cybersecurity Top-Secret Analysis: The X-Files of Chinese Hackers – Chapter 3, September 2009 (translated by Google)
The Green Army worked with other smaller Chinese hacker groups and the “China Hacker Emergency Conference Center” (“中国黑客紧急会议中心”) group was set up to coordinate attacks on Indonesia websites.
From here tactics ranged from website defacement to DoS and email bombing (flooding Indonesian government email inboxes with spam).
A list of 700 Indonesian government websites that were considered potential targets were circulated on Chinese university bulletin boards and IRC servers.
On 12 August 1998, an unnamed hacker posted in a
chat room “My experience of Chinese hackers’ attack on Indonesia’s websites,” she detailed how she wound up attacking the Indonesian government website at
http://www.dgtl.dpe.go.id.
That day, I entered the “home of hacker” BBS in the morning. After knowing some hackers had “blackened” Indonesia’s websites, I was so excited. There were more than 700 Indonesian government’s web addresses posted by “root.” I downloaded the addresses, and began to search for potential targets…. While using five computers to crack passwords, I logged on to the “home of hacker” BBS to look for help. I am not so familiar with “Unix,” so I asked a friend named “killer” to help me. She tried my passwords, and came back to me within five minutes. She told me that there was a big “bug” in the system that we could utilize. But, because the network in our city was so slow, we made an appointment to come back that evening at 10:30 PM. Another hacker “dreamy” agreed to design an English-version protest poster for us….
Chinese Cyber Nationalism: Evolution, Characteristics, and Implications by Wu Xu
The quote above matches roughly with information I found in an article from Chinese publication Computer News from 1998 in which a reporter spoke with a person on the Tsinghua University BBS who claimed to be hackers involved in the hack detailed above.
Are we a gang? First of all, we are not a gang. There were several of us: Xiaoqian (the Hunan female hacker) and I were responsible for the intrusion. Killers not only helped us crack the password but also provided all the hacked images. Ms. Dreamy was responsible for the content related to the “Letter to People of Conscience in Society.” But we are not a gang. We all met on the newsgroups and came together out of a sense of righteous indignation.
Is Xiaoqian a novice? Xiaoqian is indeed a novice. However, she worked in telecommunications and was very familiar with networks. I remember that night, when we split up, she changed several accounts to superusers, giving us free access. She was surprised to find that she couldn’t log in directly as root remotely, but had to use the su command. (Perhaps she hadn’t read any hacking books, otherwise she would have known that to prevent hackers, most Unix systems don’t allow system administrators or superusers to log in directly remotely, requiring the su program.)
My first attack: That morning, I had just joined the newsgroup and saw that someone had attacked an Indonesian website. I was very excited. Later, I saw someone post over 700 Indonesian URLs online, and I started looking for Indonesian websites that could be attacked.
After a long test, I finally found a few that could be hacked. After logging in anonymously using FTP, I began cracking the passwords.
After much effort, I managed to find 52 of the 54 valid passwords, excluding those for root and sysadmin. Cracking the remaining two accounts became the key.
At 5 p.m., Xiaoqian showed up. She was quite knowledgeable about networking, and with her help, we cracked the other two passwords. Killers then told us he had system administrator privileges, free to do whatever he wanted. I immediately spent 10 minutes creating the homepage, but unfortunately, I wasn’t satisfied. By this time, I’d been online all day and was feeling a bit tired. We decided to officially change the homepage at 11:30 p.m.
We reunited at 11:30 p.m., and thanks to our system administrator privileges, everything went smoothly. By the next morning, we were done.
“The news behind the “Chinese hacker” incident”, Huayin, Computer News (Issue 32, Page 17), 1998, (translated by Google)
Worth noting that based on both of these accounts there were women involved in both the hacking and creation of defacement pages for at least some of the Indonesia government sites.
I have found accounts on Chinese forums and blogs that claim to include quotes from an unnamed Indonesian government spokesperson on different dates in August, implying that the Chinese government was responsible for the attacks, I can’t find the actual source for this quote though so will not include it here. Supposedly there was a Voice of America report on Indonesian government reaction to the hacktivist attacks that went out on August 9th of 1998, if you have a copy of this please let me know.
Most accounts agree that the attacks on Indonesia peaked on August 17th, Indonesia’s Independence Day, with defacements and DoS attacks. It was after this that the Indonesia government began to implement blocking of Chinese IP addresses and improved defences, Chinese hackers began to gradually lose interest.
“This page is hacked for your national day. Please keep this page for 48 hours and punish the murderers in May immediately,”
Chinese protesters attack Indonesia through Net, BBC, Wednesday, August 19th, 1998
The Aftermath
Reading over accounts of the cyberattacks on Indonesia on Chinese forums or blogs it is apparent both how proud people are of the hacks but also how critical some of them are of specific aspects. Some accounts call out people who were simply hungry for internet fame and even people who registered Indonesian domains to then upload fake defacements, a tactic that also saw some popularity during the middle period of Anonymous.
when the country was still weak and hiding its strength, this was the first public appearance of Chinese hackers, the first group of Chinese keyboard warriors. In the invisible battlefield of cyberspace, this group expressed their deep love for their fellow Chinese and their motherland in their own way. They exemplified the chivalrous spirit and restrained elegance of China’s cybersecurity, as well as their passionate and patriotic spirit.
Chinese hackers realized that they could wield influence and gain notoriety by taking on China’s enemies, some of the people involved in these early patriotic cyberwars are still infosec celebrities in China.
The cyberwars became as much about defending the dignity of China itself as it was about attacking perceived enemies, the hackers involved were desperate to prove that China would not be humiliated on the international arena.
A year after the cyberwar between Chinese and Indonesian hackers ended there were print publications in China dedicated to hacking, many of which lasted into the early 2010s. While hacker culture blossomed in some ways the Chinese state was to intervene a few years down the line to persuade fervently patriotic hackers to not take actions that might embarrass the government.
The Green Army fell apart in the early 2000s due to conflicts over rights to the name of the group when members in different cities decided to found cybersecurity companies. Factions in Shanghai and Beijing split acrimoniously.
#1998 #BBS #China #ChinaUnitedGreenAlliance #ChinaByte #ChineseHackerEmergencyConferenceCenter #coldface #cyberwar #绿色兵团 #绿色军团 #黑客 #goodwell #GreenArmy #GreenCorps #GreenLegion #hacker #hackers #hacking #heiKe #history #hongKe #Hongke #Hongker #Honker #HonkerUnion #Indonesia #IRC #May #Peristiwa98 #riot #Tragedi1998 #中国黑客紧急会议中心
