Vietnam: Stop Cyber Attacks Against Online Critics
Government Crackdown on Bloggers and Websites



(New York, May 27, 2010) – Vietnam has launched a sophisticated and sustained two-pronged attack against online dissent, Human Rights Watch said today. The government is detaining and intimidating independent Vietnamese bloggers while also permitting cyber attacks from Vietnam to disable websites critical of the government.

In the past two months, Vietnamese authorities detained at least seven independent bloggers, subjecting them to extended interrogations and, in some instances, physical abuse. This intensified harassment has coincided with systematic cyber attacks targeting websites operated by some of these bloggers and other activists in Vietnam and abroad. The most damaging attacks are deploying “botnets” – malware disguised as software to support a Vietnamese-language keyboard – to spy on individual users and to carry out crippling denial-of-service attacks against websites. The attacks were confirmed by Google as well as McAfee, a major internet security firm.

“The government targets these internet writers simply because they voice independent opinions, criticize government policies, and expose wrongdoing,” said Phil Robertson, deputy Asia director at Human Rights Watch. “Evidently the government is worried that these bloggers will reveal the inside story of government abuse and corruption, and report on incidents and issues it prevents from appearing in the state controlled media.”

Detention of Bloggers
The following are some of the recent incidents in which bloggers were detained: 

  • On May 8, 2010, provincial authorities terminated the telephone and internet service at the home of Ha Si Phu, one of Vietnam’s best known dissident bloggers. Ha Si Phu’s telephone service was disconnected at the written instructions of the Bureau of Information and Media, based on a police investigation alleging that he had used his telephone lines to transmit “anti-government” information. Since the beginning of 2010, Ha Si Phu’s blog and website have been plagued by periodic cyber attacks.

  • On May 1, police detained two bloggers, Vu Quoc Tu (also known as Uyen Vu) and Ho Diep (also known as Trang Dem), at Tan Son Nhat airport in Ho Chi Minh City as the couple was boarding a plane to Bangkok for their honeymoon. The police held and interrogated them for hours and forbade them from traveling abroad, contending the restriction was based on reasons of national security.

  • On the morning of April 28, Lu Thi Thu Trang, an internet activist associated with the pro-democracy group Block 8406, was beaten by police officers in front of her 5-year-old son. The police then took her to the police station and detained her for seven hours, interrogating her and repeatedly hitting her on her neck and face.

  • Another blogger, Ta Phong Tan, has been detained at least three times during the last month, the last time on May 9. On April 20, police forced their way into her home in Ho Chi Minh City, took her to the police station for interrogation, and later released her. Ta Phong Tan is a former policewoman who blogs about corruption and injustice in the Vietnamese legal system. “Just like the last time [April 13],” she reported on her blog, “I was not allowed to wash my face or brush my teeth. I was barefoot and in my pajamas when I was taken into custody.”

  • On April 17, police detained and interrogated Phan Thanh Hai – a blogger known as AnhBaSG who frequently reports on illegal land seizures – and Le Tran Luat, the defense lawyer for Catholics at Hanoi’s Thai Ha Church protesting government confiscation of church properties. They were released after several hours of interrogation.

 

Attacks on Websites
Meanwhile, both Google and McAfee found that the attacks on dissident websites facilitated by botnets are primarily coming from Vietnam. McAfee, which discovered the botnet when it was investigating the “Operation Aurora” cyber attacks originating from China earlier this year, stated it believes the attacks on Chinese and Vietnamese sites are unrelated.

In a blog on March 30, the McAfee chief technical officer, George Kurtz, wrote: “The rogue keyboard driver … connected the infected machines to a network of compromised computers. During our investigation into the botnet we found about a dozen command and control systems for the network of hijacked PCs. The command and control servers were predominantly being accessed from IP [Internet Protocol] addresses in Vietnam.”

Kurtz continued that “we believe that the perpetrators may have political motivations and may have some allegiance to the government of the Socialist Republic of Vietnam … This incident underscores that not every attack is motivated by data theft or money. This is likely the latest example of hacktivism and politically motivated cyber attacks.”

Neel Mehta from Google’s security team wrote in his security blog: “This particular malware broadly targeted Vietnamese computer users around the world. The malware infected the computers of potentially tens of thousands of users who downloaded Vietnamese keyboard language software. These infected machines have been used both to spy on their owners as well as participate in distributed denial-of-service (DDoS) attacks against blogs containing messages of political dissent. Specifically, these attacks have tried to squelch opposition to bauxite mining efforts in Vietnam, an important and emotionally charged issue in the country.”

A Vietnamese government spokesperson dismissed Google and McAfee’s allegations as “groundless.”

But there is evidence that challenges the government’s claims, Human Rights Watch said. Websites that have been bombarded by hundreds of attacks recently – including the political commentary website Thong Luan (www.thongluan.org) and a Catholic website, Dong Chua Cuu The Viet Nam (www.dcctvn.net) – traced some of the attacks to the IP address for Viettel, a state-owned telecommunication company operated by Vietnam’s Defense Ministry.

Since all IP addresses in Vietnam are owned and controlled by state-owned Internet Service Providers (ISP), it is the responsibility of the Vietnamese government and its ISPs to put an end to cyber attacks sourced to IP addresses in Vietnam, Human Rights Watch said.

“The Vietnamese government needs to end the ongoing barrage of cyber attacks originating from IP addresses in Vietnam, even if it means shutting down addresses that may have been hijacked by botnets and are being used fraudulently,” Robertson said.

Since September 2009, attacks are known to have been mounted on more than two dozen Vietnamese websites and blogs, ranging from sites operated by Catholics criticizing government confiscation of church properties, to political discussion forums and opposition party sites, to an environmentalist site opposed to bauxite mining.

 Vietnamese officials have openly admitted that the government is shutting down websites. At a national news conference on May 5, Lt. Gen. Vu Hai Trieu, deputy director of General Department 2 of the Public Security Ministry, proudly announced to several hundred Vietnamese media representatives that the department had “destroyed 300 bad internet web pages and individual blogs.”

Sites that are subject to ongoing cyber attacks include boxitevn.info, blogosin.org, caotraonhanban.com, danchimviet.com, danluan.org, doi-thoai.com, dangvidan.org, dcctvn.net, hasiphu.com, minhbien.org, talawas.org, thongluan.org, viettan.org, ykien.net, vietbaosaigon.com, and x-cafevn.org. While some of these sites began operating inside Vietnam, the cyber attacks have forced most to relocate to servers outside of the country.

“This extensive attack originating in Vietnam shows just how intolerant the Vietnamese government is to peaceful criticism at home and from abroad,” Robertson said. “Rather than allowing the internet to be used to carry out cyber attacks, spy on bloggers, and cripple the websites of online critics, the Vietnamese government should ensure that the internet remains a vehicle for peaceful expression, communication, and learning.”

Other Repressive Measures
While the DDoS attacks represent a new instrument of repression, the Vietnamese government has long deployed firewalls against international news and human rights websites such as Human Rights Watch, Voice of America, and Radio Free Asia. In the last six months, firewalls have been extended to the Vietnamese service of the BBC and to the popular social networking site Facebook.

In addition, the Vietnamese government monitors and controls internet expression through an internet surveillance unit in the Ministry of Public Security, and with internet surveillance software and strict regulations. Internet cafe owners are required to obtain photo identification from internet users, monitor and store information about their online activities, and block access to banned websites. In April, the government issued new regulations requiring installation of internet monitoring software developed by the National University of Vietnam in computers in all internet cafes in Hanoi by the end of 2011.

Ministry of Information Circular No. 7, issued in December 2008, requires bloggers to restrict their postings to personal content, and bans posting articles about politics or issues the government considers state secrets, subversive, or threats to national security and social order.

“These blatant efforts by the Vietnamese government to suppress free and open debate on the internet is yet another sad example of the government’s hostility toward free speech and other basic human rights,” Robertson said.

For more Human Rights Watch reporting on Vietnam, please visit:
 https://www.hrw.org/en/asia/vietnam

For more information, please contact:
In New York, Phil Robertson (English): +1-917-378-4097 (mobile)
In Washington, DC, Sophie Richardson (English, Mandarin): +1-202-612-4341; or +1-917-721-7473 (mobile)
In Brussels, Reed Brody (English, French, Portuguese, Spanish): +32-498-625786 (mobile)
In London, Tom Porteous (English): +44-20-7713-2766; or +44-79-8398-4982 (mobile)

Annex:

Incidents in which internet activists have been harassed, detained, and jailed during the past six months include: 

  • May 9: Police arrest blogger Ta Phong Tan as she leaves a Sunday mass with a friend and detain her for nine hours. Police also detain and threaten the friend for “being in touch with a dangerous figure.” 
  • May 8: Provincial authorities terminate the telephone and internet service at the home of Ha Si Phu, a prominent dissident in Da Lat. 
  • May 1: Police detain bloggers Vu Quoc Tu (Uyen Vu) and Ho Diep (Trang Dem) at Tan Son Nhat airport in Ho Chi Minh City and forbid them to leave the country. 
  • April 28: Police detain and interrogate Block 8406 activists Do Nam Hai and Lu Thi Thu Trang, as well as Duong Thi Tan, wife of the jailed blogger Nguyen Hoang Hai (Dieu Cay). 
  • April 20: Police interrogate Ta Phong Tan for more than nine hours. The head of a newly opened law firm receives warnings and is pressured not to hire Le Tran Luat, the lawyer for the Catholic group, as an assistant in a newly opened law firm. 
  • April 17: Police interrogate Phan Thanh Hai (who blogs as AnhBaSG) for three hours. 
  • April 15: Officials pressure Le Tran Luat’s landlord to terminate his rental contract. 
  • April 5: Officials summon a geophysicist, Nguyen Thanh Giang, for questioning by the police about his advisory role in the online magazine To Quoc (Fatherland). Hackers hack and steal the email address of the editorial board of the website www.doithoai.org.. 
  • April 3: Hackers break into the internet accounts (including Skype and Yahoo Messenger) of the blogger Bui Thanh Hieu (who blogs as Nguoi Buon Gio, or “Wind Merchant”). Ho Chi Minh city police also detained and interrogated him for a week in early March and for 10 days in August 2009, after he posted blogs criticizing the government’s policies toward China, bauxite mining in the Central Highlands, and disputes with Catholics over church properties. 
  • March 23: Ho Chi Minh City police detain and interrogate Ta Phong Tan for four days and Phan Thanh Hai (AnhBaSG) for more than two days. 
  • March 23: A mob identifying themselves as “army veterans” harass Pham Hong Son, a physician formerly imprisoned for his internet writings, at his home in Hanoi. A member of the mob threatens him, saying, “Stop writing what you write or we won’t leave you alone.” 
  • March 17-19: Police interrogate editorial members of the online magazine To Quoc, including Nguyen Thanh Giang; Nguyen Phuong Anh, an engineer; Pham Que Duong, a retired army officer; and Nguyen Thuong Long, a teacher, about their roles in the magazine. 
  • March 4: Police refuse to grant a passport to a blogger, Nguyen Ngoc Nhu Quynh, who writes under the name of Me Nam (Mother Mushroom). She was previously detained for a week in August 2009 for her online postings criticizing the government’s policies toward China. Local police continue to pressure her to shut down her blog. 
  • February 5: Tran Khai Thanh Thuy, a writer and member of the editorial board of To Quoc, is sentenced to three and a half years in prison. The day of her trial, three popular blogs – Blog Osin (blogosin.org), Đan Chim Viet (danchimviet.com), and Minh Bien (www.minhbien.org) – crash after being hacked. In addition, the email accounts of Pham Thi Hoai, editor in chief of Talawas blog, and a blogger-journalist, Huy Duc (Osin), are hacked. 
  • January 29: An activist writer, Pham Thanh Nghien, is sentenced to four years in prison. 
  • January 27: Multi-party activists Le Cong Dinh, Nguyen Tien Trung, Le Thang Long, and Tran Huynh Duy Thuc are sentenced to prison sentences ranging from 5 to 16 years for their writings published on the internet and other peaceful activities. 
  • January 19: A political discussion forum, X-café, suffers denial-of-service attacks and is unable to operate for several days. 
  • January 13: Police search the house of the co-founder of the Bauxite Vietnam website, Nguyen Hue Chi, confiscate his computer, and then interrogate him daily until January 30. 
  • December 31, 2009: The Gmail accounts of Nguyen Hue Chi and of Phung Lien Doan, an important contributor to the Bauxite Vietnam website, are hacked and fake letters are sent from both accounts to a large Vietnamese email list. 
  • December 27, 2009: A hacker invents an email very similar to the one used by Bauxite Vietnam’s co-founder Pham Toan and sends out a fake message to a large email list, alleging internal conflicts among the board of editors of Bauxite Vietnam. 
  • December 21, 2009: The websites talawas.org and boxitevn.info are hacked. Readers who visit these two websites find identical messages left behind by the hacker (“Due to technical reasons, Talawas [Bauxite Vietnam] is closed forever.”).
 

 

Vietnam Human Rights Network
[Home] [About us] [Bills of Rights] [Documents] [Human Rights news] [Forum] [Join] [Downloads] [Links]