Hacking Into Falun Gong’s Email Accounts
Jeremy Howard of FastMail.FM, a very good and very secure email service run from Australia, tells me the story of how, four years ago, someone, or some people, or some organisation, or some country, tried to hack the accounts of six of his customers who happened to be Falun Gong members.
Jeremy was notified automatically when a host of computers tried guess the passwords of six customers he later found out were Falun Gong practitionera. The attacks were brute force dictionary attacks, meaning that the passwords were being guessed at, one word tried after another. After 100 attempts alarms went off at FastMail, but because the attacks were coming from compromised computers in different places it wasn’t a simple case of thwarting the attack by blocking the computer’s address. “Usually the server locks out an IP address, but these were distributed… so we contacted the users, and we told them that it was happening,” Jeremy says. Their replies surprised him.
“We know where this is coming from,” Jeremy says they told him, “We’re Falun Gong practioners, and our communications get intercepted all the time.” Jeremy solved the problem by setting up secure, anonymous, accounts and aliases (see my post here about aliases; this is another interesting use of them) and, despite another attack a week later, the accounts were never compromised.
So who was behind it? Jeremy has no evidence it was the Chinese government, but he did say he thought whoever did it were pros: “Obviously anybody could do something like this, but we’ve never seen anyone else do so,” he says. “The people involved in this case were more competent and more determined than anybody else we’ve seen.”
Certainly FastMail would seem an obvious target of anyone wanting to monitor overseas activities of the Falun Gong. A simple Google search of FastMail and Falun Gong throws up more than a dozen FastMail email addresses, a point that Jeremy acknowledges with a twinge of pride: After all, he says, it’s a sign they think his service is safe. “It seems we’re now the official provider of the Falun Gong,” he says.