Cold Open
The following presentation is not suitable for young children…listener discretion is advised.
On the evening of April 11th, 2001, Beijing Time, TV, radio, and newspaper reports from China’s state-run media went out across the country. The gist of it was this:
Today, the humbled US ambassador Joseph Prueher was forced to hand-deliver a letter of apology to Foreign Minister Tang Jiaxuan. In it, the American president George W. Bush and his Secretary of State Colin Powell apologized, both for the death of Chinese fighter pilot Wang Wei, as well as for allowing its spy plane to enter Chinese airspace and land without clearance.
Days earlier, the so-called spy plane, a US Navy EP-3E ARIES II, sped up and rammed into Lieutenant Commander Wang’s J-8II interceptor—according to the Chinese state media’s version of events. The EP then made an unauthorized landing at an airbase on Hainan Island.
Also according to the Chinese state media, the “arrogant and aggressive” Americans deserved 100% of the blame. They didn’t know the American plane also suffered damage, or that it was physically impossible for a much slower EP to overtake a J8 and ram into it.
If you’d like the American version of events, go check out Episode 35 of Modem Mischief. But this was the Chinese version of events. And many Chinese were pissed.
One such Chinese was named Lin Yong. Online, he went by the handle “Lion.”
Lion was a founder of the largest hacking group in the world—depending on who you asked and how you counted. It was and is called The Honker Union. And in the wake of the Hainan Island Incident, he ordered his followers to begin an all-out assault on America’s Internet. Soon, American hackers retaliated.
Both sides hacked into whatever government websites they could find. For example, the Americans hacked into websites for the Chinese Agricultural University, the city of Huizhou, and the Chinese Department of Oceanography. Usually, they preferred juvenile insults, replacing Chinese government website headers with messages like “Slouching Tiger, Ridden Dragon.”
The Chinese, on the other hand, were more direct.
Their targets included the California Department of Justice, Ohio’s Bellaire School District, the Interior Department’s National Business Center, the homepage for the Department of Labor, over a hundred in all. In some hacks, they would change the homepage to read something like,
Beat down Imperialism of America! Attack anti-Chinese arrogance!
Other times they would simply upload the Chinese flag.
The hackers’ crowning achievement came on the first day of the hacker war. That day, Lion ordered his 80,000 followers—in reality far less than that—to simultaneously visit the website for the White House.
At 8 a.m. Washington time, anyone who tried logging onto the home page for whitehouse.gov would have gotten a 404-error message. By noon, the site was down entirely.
Lion’s plan worked.
Both governments noticed, and both were angry. The Americans were obviously furious to receive such a black eye. The Chinese didn’t like having their sites hacked either–but they weren’t just angry at America’s hackers. They were angry at their own, who were causing an international incident on top of the one already happening at Hainan Island.
Soon, The People’s Daily, the Chinese Communist Party’s official newspaper, condemned the hacker war. It characterized the attacks on both sides as “web terrorism,” and called them “unforgivable.”
A day later, Lion gave an interview with another Chinese newspaper and called off the war, saying “We’ve achieved our goal. It’s time for it to end.”
But this wouldn’t be the end of the Honker Union, or Chinese hacktivism. They would continue to operate with impunity, wreaking havoc across the web. It would take years before the West would start to get answers—and these have only led to more questions.
On this episode: patriotism, race riots, maritime disputes, cybercrime, a hostage crisis, and the first generation of Chinese hackers.
I’m Keith Korneluk and you’re listening to Modem Mischief.
You're listening to Modem Mischief. In this series we explore the darkest reaches of the internet. We'll take you into the minds of the world's most notorious hackers and the lives affected by them. We'll also show you places you won't find on Google and what goes on down there. This is the story of the Honker Union.
Act One
In 2004, Scott Henderson, 46, and still fit from his decades of military service, kissed his Taiwanese wife goodbye, got in his car, and headed to work.
Recently, Henderson had left the US Army after serving in military intelligence, where he specialized in China—specifically, China’s ongoing cyber espionage campaign against the US. For decades, China had long sought to catch up to the US, technology-wise, and it eagerly employed both civilian and military hackers to do it.
These days, Henderson worked for a private security company based in Fort Leavenworth, Kansas. He wasn’t looking forward to today’s work. His first assignment, and it seemed impossible. His bosses wanted him to give a report on the Chinese hacker situation—meaning, a comprehensive map of the state of hacking in China—government-sponsored, civilian, criminal, cyberpunks, all of the above.
In a country with over a billion people.
Henderson had no idea where to even start. He arrived at work and headed for his office, nodding “hello” to his coworkers. He sat down at a desk overlooking the Fort Leavenworth military base and booted up his computer.
Henderson spoke fluent Mandarin, so he did what you or I would do in this situation. He Googled “Chinese hackers.” More specifically, he Googled the Mandarin characters for the Chinese equivalent of the word “hacker,” or “heike,” which literally means “black guest.”
What he found overwhelmed him.
He expected a few lightly detailed news reports about Chinese hacking. Instead, Google returned webpages for the actual hacker gangs themselves, with names like hackbase.com, or hacker123.com, hack8.cn. Hundreds of them, maybe thousands. Just sitting out in the open.
He opened the first one, and was stunned. These hackers made no effort to disguise themselves. They used their website for communication, recruitment, and blowing off steam. Since their messages were written in Mandarin, Henderson figured, the hackers felt little need to disguise their activities from snoopers.
Henderson understood what he’d discovered. In total, all of these hundreds or thousands of hacker websites would offer a composite picture of Chinese hacking—which would take years to decipher.
It was the first time a Westerner could glimpse the full landscape of Chinese civilian hacking.
Last year, we did a four-part series about how China built one of the world’s most advanced cyberwarfare programs from scratch. Through heavy investment, industrial espionage, and outright theft, China cobbled together an army of hackers. Today, it uses this army to conduct surveillance on its citizens, steal technology, and outright attack foreign governments.
Some of these hackers are trained soldiers. Others are recruited from China’s civilian hacking community—like Wicked Rose, the subject of Modem Mischief episode 35.
But where did this civilian hacking community come from? How did China become home to hundreds of thousands if not millions of hackers within just a couple years of getting the Internet? And why were the vast majority of them so patriotic?
The story of the Honker Union is representative of the early Chinese hacking community. But it’s also just a piece of the puzzle. With their story and others, we hope to give you a composite image of the whole, just like Scott Henderson pieced together.
1840 was the beginning of what the Chinese call the “century of humiliation.” That’s when the so-called Opium Wars started, in which the British defeated the ruling Qing dynasty and forced China to import cheap opium, creating a generation of addicts. From there, China faced a series of would-be conquerors, from the British to the Americans to the Japanese.
The Century of Humiliation ended in 1949, when Communism arrived. But it was far from an easy transition. Under Chairman Mao, the Chinese population suffered from famine, government suppression, and other hardships. Some Chinese protested the Communist regime and suffered even more—like during the Tianmen Square massacre of 1989.
The Chinese government knew it needed to modernize to keep up with its Western rivals, and fast, so it began overhauling the economy in the 1970’s. By the 90’s, the standard of living began improving.
China got the Internet in 1994, but it wouldn’t become popularly available until 1996. The first known Chinese hacker gang would form one year later. It was called the Green Army. Some members called it the Whampoa Military Academy, named after a Communist military school founded in 1924.
But who were these hackers?
Let’s start by contrasting them with the average American hacker. In the 1980’s and 90’s, most American hackers were young men from middle- and upper-class backgrounds, seldom politically minded. If they even had a goal, it was to create chaos, expose flaws in the system, or just demonstrate their intellectual superiority. Americans did and do hack for patriotic reasons, as we saw earlier, but this was the exception.
Chinese hackers of this era were also usually males in their teens and twenties. Unlike earlier generations that suffered under Communist hardship, these youngsters were relatively privileged. To them, the Communist regime was legitimate, even righteous. Their nationalism ran deep. The government openly made getting revenge for the Century of Humiliation part of its foreign policy, and many of these youngsters bought into it.
Yes, this is a generalization. Not all Chinese hackers were nationalists. Some were anti-Communism, and some were just hackers who liked breaking into networks and messing shit up, like hackers everywhere do. But these were the exceptions.
The Internet gave these Chinese nationalists a way to congregate. They didn’t yet have their own hacking tools—they still had to rely on foreign ones—but they were computer savvy, they were angry, and they were legion. They just needed an excuse to start a fight.
In 1998, they got one.
Indonesia is home to an ethnic Chinese minority, about 3% of the population. Many Chinese Indonesians can trace their time in Indonesia to the 17th century, when the Dutch began colonizing the country and brought in Chinese bureaucrats to run their colonial administration. Over the centuries, these Chinese Indonesians took a prominent role in the economy. Many Indonesians came to resent them.
The Dutch left in 1949. Since then, many of these Chinese Indonesians faced discrimination, or worse.
Which brings us to 1998.
That year, President Suharto passed laws raising the price of basic essentials like rice and cooking oil. This led to widespread protests across the country.
On May 13, about 10,000 students from Indonesia’s top-tier Trisakti University in the capital of Jakarta marched from campus to a major highway, where they met a crowd of riot police. The police ordered them to disperse, but they refused, singing songs and demanding Suharto’s resignation.
The police attacked. First with clubs and tear gas, then with bullets. Six died and a dozen more were injured.
Jakarta was outraged, and the next day that rage boiled over. Thousands of Jakartans took to the streets. Some protested peacefully. But many others rioted, and these riots targeted the Chinese Indonesian community.
They smashed windows and tore down signs. They physically assaulted the men and sexually assaulted the women. They looted some businesses and set fire to others. Twelve Chinese died in a burning building. Another six died in a burning bar. Overall, at least 1,188 people died, including both Indonesian looters and their Chinese Indonesian victims.
The Chinese state-run media didn’t report any of this. If it had, China would have no doubt been outraged.
But the Chinese hacker community, which had access to foreign news reports via the Internet, did learn about it. They read graphic stories and saw graphic pictures. And they vowed to take revenge.
The Green Army and other fledgling hacker groups banded together and formed the Chinese Hacker Emergency Conference Center. Communicating mostly over Internet Relay Chat, these Chinese patriotic hackers launched a cyber assault on Indonesian government websites, which included email bombs, DDoS attacks, and website defacements.
One read:
Your site has been hacked by a group of hackers from China. Indonesian thugs, there can be retribution for your atrocities.
This time, the popular Chinese media did pick up the story. The computer magazine China Byte published the account across China, portraying the young hackers as heroes.
The Indonesian riots and ensuing hacker war were a watershed moment for China’s patriotic hackers, who reveled in the positive publicity. Existing groups began to grow, and others were formed, with names like China Eagle Union, Javaphile, the Red Hacker Alliance, and of course the Honker Union.
Like with many stories about hacker groups outside the US, the origins of the Honker Union are murky. Much of this is due to the twin barriers of language and Internet censorship.
But we do know the Honker Union emerged during the aftermath of the hacker war against Indonesia.
Where does their name come from? Essentially it’s a bad translation. During the Indonesia hacker war, Chinese hackers began referring to themselves as “Hongke,” which loosely translates to “Red Visitors.” An apt name for what they were doing, i.e. intruding on Western websites on behalf of China.”
At some point, “Hongke” became “Honkers.” And at some point after that, Lin Yong, aka Lion, started a website called “The Honker Union.”
It was a savvy move, naming his hacking group after a common term for Chinese patriotic hackers. Soon, thousands of Chinese Internet users found the Honker Union’s website and registered accounts. At its peak, the Honker Union boasted 80,000 users—although just a tiny fraction were active at a time.
Almost nothing is known about Lin Yong/Lion’s biography. We don’t know where he was born or how he came to learn computer programming. All we have is a photo of him in front of a computer. He’s a slim cigarette smoker with short hair and a taste for leather bracelets. He’s given interviews to Chinese media, but these reports are mostly untranslated and inaccessible. As a result, we don’t really know who he is or what motivates him specifically.
Lin Yong founded the Honker Union in 2000–just in time for it and the rest of the Chinese patriotic hacking scene to find its next target: Japan.
China and Japan have long been adversaries, especially since World War II, when Japan invaded China and committed several atrocities against the population, an awful capper to China’s “Century of Humiliation”
In the decades since the war ended, China and Japan held simmering resentment toward each other.
In the 1990’s China and its hacker community watched in outrage as Japan committed a series of perceived insults against its honor.
There was a libel trial against Azuma Shiro, an 86-year-old army veteran who published an unsparing account of Japanese war crimes committed during the Nanking Massacre. A Japanese court ruled that Azuma’s account was fabricated, angering many Chinese.
There was an incident involving Mitsubishi in China, when a Japanese-built vehicle suffered brake failure and caused a serious traffic accident. The Chinese felt that Mitsubishi, which used Chinese slave labor during World War II, didn’t adequately address the problem—particularly when Mitsubishi admitted to covering up brake problems with its vehicles for 20 years.
There was the time when Japan Airlines allegedly discriminated against a group of 90 Chinese passengers trying to get from Beijing to Tokyo. When snowy weather forced the plane to land in Osaka, Japan Airlines allegedly isolated the Chinese passengers for 16 hours, denying them food and water
There was the Japanese textbook fiasco in April 2001. That month, the Japanese Ministry of Education and Science approved history textbooks that sanitized Japan’s misdeeds during the war, like the scorched earth Sanko Policy, the use of comfort women, and once again the Nanking Massacre.
But the final straw came in August 2001, when Japanese Prime Minister Junichiro Koizumi visited the Yasukuni War Shrine, which memorializes Japanese war criminals.
This visit was about a year after Lin Yong formed the Honker Union, and about two months after the Honkers declared all our cyberwar against the United States in the wake of the Hainan Island Incident. Thanks to his hackers’ performance in that war, Lin Yong was confident they could wreak havoc in Japan, too.
Lin Yong, aka Lion, ordered his hackers to attack any Japanese website they could. They hacked into Japan’s Chemicals and Research Institute, the Strategic Materials Research Center, the Defense Systems Research Committee, the Central Convention Service, the Fire and Disaster Management Agency, the Defense Facilities Administration Agency, the Communications Research Laboratory, and websites for members of the Japanese parliament, defacing them with messages like:
The Honkers Union expresses its regret they this matter has occurred, and takes responsibility for the attacks on these websites. History should not be ignored. How can the truth be changed? We win respect by counterattacking. We are in the right.
With these hacks, the Honker Union was now a major player in the Chinese hacking scene.
But its future was uncertain. Hacktivism was fun, but it didn’t pay the bills. And Lin Yong only wielded so much control over his group.
Act Two
Sfx: fishing trawler engine
It was a little before 6 a.m. on March 24th, 2004. Feng Jinhua looked out over the bow of the fishing trawler that held his precious cargo—15 of his fellow activists, all young men and women, plus 20 stone slabs. Each was carved with a message:
Chinese territory, Diaoyu Islands.
That was their destination.
Of course, “Diaoyu Islands” is their Chinese name. In Japan, they’re called the Senkaku Islands. The Chinese claimed the islands for centuries. But the Japanese took them in 1895. The Americans also played a role in reinforcing the Japanese claim, taking the islands during World War II, then officially handing them back in 1971.
To China, the whole situation was shameful, reminiscent of the Century of Humiliation. And Feng and his team were going to do something about it.
Feng watched as the other protesters loaded the slabs and their essentials onto some smaller boats. He had no idea how long they’d be gone for. He hoped their months of training would be enough.
The islands came into view on the horizon. Just then, a ship appeared. Feng recognized it at a Japanese coast guard vessel. Its loudspeaker roared to life.
You are trespassing in Japanese territorial waters! Turn around immediately or face the consequences!
Feng didn’t hesitate.
Into the boats!
The activists scrambled into the small boats and lowered them into the water. Their engines sputtered to life and they raced across the water, barely outrunning the coast guard.
Feng knew they didn’t have much time. The boats made landfall on Uotsori-Jima, the largest of the Diaoyu Islands. They hastily began unloading the stone slabs and placing them around the beach.
Sfx: helicopter
Just in time for a helicopter to arrive.
It landed nearby and out spilled officers from the Japan’s coast guard and its immigration department.
Feng’s people knew not to resist or run. Feng approached the Japanese to negotiate. He convinced them to let nine of the activists return home, while he and the others would be arrested.
These protests became known as the Senkaku Islands Incident, or the Diaoyu Islands Incident, depending on whom you asked. It was widely published in the media of both countries. People were outraged, especially hackers.
Like they did in 1998, Chinese patriotic hackers including those from the Honker Union banded together to form a supergroup, this time called the China Federation of Defending Diaoyu Islands, with up to 1,900 participants.
In August, a Japanese hacker defaced the website for the hacker federation with the message, “the Uotsori Island belongs to Japan!”
In retaliation, the federation launched an all out assault on Japanese government websites, hitting them with websites defacements and DDoS attacks.
It was the first major action attributed to the Chinese patriotic hacking community since 2001, and specifically members of the Honker Union.
Like we said, a full account of the hacker group doesn’t exist, at least not in Western media. We don’t know what the group did in the meantime. But we do know that in the weeks after the assault on Japanese government websites, Lion issued a message to his followers:
“Today is a special day, a day worth celebrating for us, because today is the 4th Anniversary of the establishment of the Honker Union of China. However, today I am not writing this to celebrate the 4th Anniversary birthday of the Honker Union of China, it is to tell everyone about something else.
To be truthful, the Honker Union of China has been surviving in name only. Talking about the technical side, there have only been three people providing technical support for the Honker Union including myself. Talking about the passion, we had already passed that age and no longer had the impulses of those years. Talking about the atmosphere, we haven’t been able to get people into the mood to study or get them to feel freshly about things...
“Similarly, the country’s Internet security situation is very disappointing and there is no reason for the Honker Union of China to exist. We do not need to continue so that other hacker sites can use our name. We do not need to let others once again use the Honker Union of China name for commercialization or to use it as a scapegoat. Not too much left to say. Thank you to all of the friends who have continuously supported the Honker Union of China.”
Lion was out. After Lion’s announcement, the group’s membership dropped from 80,000 to zero.
But the Honker Union wouldn’t be down for long.
But within weeks, a new leader emerged. His name was Yang. He was said to be a sophomore computer science major at the Chengdu University of Electronic Science and Technology, but we know even less about his background than we do Lion’s.
Under Yang’s leadership, the new Honker Union attracted between 8,000 and 20,000 members. Yang created a leadership board that would vet members and expel them for breaking the rules.
What rules?
Lion’s farewell statement provided a clue, when he complained about the poor security of the Chinese internet. Yang would echo this complaint in his first statement as the Honker Union’s leader:
I can design a computer virus in a few minutes, which can dysfunction the use of a mouse and computer, but I will not do this because the mission of a “Red Hacker” member is to protect websites from being attacked.
And specifically, Chinese websites.
It was a shift in philosophy, away from patriotic website defacements and towards protecting their comrades’ web domains.
But the new Honker Union wouldn’t exist as an independent entity for long.
Like we said, the Honker Union was just one group of Chinese patriotic hackers operating during this time. Many hackers belonged to multiple groups. Further confusing the situation, some groups began to absorb other groups. Soon after Yang took over, the Honker Union became part of the Red Hacker Alliance, as did other groups like the China Eagle Union, Javaphile, and the Ultra Right-Wing Chinese Hackers Opposed to Japan Alliance (rolls right off the tongue!)
The origins of the Red Hacker Alliance are murky, naturally. It possibly emerged in the wake of the Indonesian riots of 1998, or the accidental U.S. bombing of the Chinese embassy in Belgrade the year after.
It’s unknown how many members belonged to the Red Hacker Alliance, but its website claimed the number was in the tens of thousands. Most were based in Shanghai, Beijing, and Sichuan, although others were spread across China. They participated in many of the hacker wars that we’ve seen already. But they also engaged in others.
One such activity was likely cybercrime. Hackers need to eat, after all. Frequently in the early 2000s, Chinese hackers belonging to one or more of these groups were caught scamming people online.
One group of hackers conspired to steal $150,000 in virtual valuables like in-game items and gold from a South Korean video game company.
Another hacker ring broke into eBay accounts in Germany and used them to fraudulently sell non-existent products.
Another Trojan Horsed their way into five Taiwanese banks, making millions of dollars in unauthorized ATM transactions.
In one case, an Internet cafe owner named Mr. Chen noticed that the mouse cursors on his computers began moving on their own. Then, his server suddenly shut down by itself. Suspecting a hack, Chen erected several firewalls. But the next day he got a message from a fellow calling himself “Black Network”:
You know how serious I am. That’s right, I am that person who can shut down your computer whenever I want to. Don’t make a futile attempt to shake off my control, because I can see every move you make. If you don’t believe me, then try.
The cat and mouse game continued for a few days, until the hacker demanded 200 prepaid phone cards worth about $12 US. Chen turned the case over to police, who determined that Black Network was a local high schooler named Wang Jian, who just wanted to pay for his computer usage.
But another type of activity the Honker Union engaged in? Hacking for the Chinese government.
Like we covered in our China series, the Chinese government considers its entire population to be part of its national security plan. It calls this its “Comprehensive National Power.”
This means that when the Chinese government needs its citizens, they’re expected to comply. And this certainly includes hackers.
Since the Internet arrived in the 1990’s , the Chinese government heavily monitored its use—its Internet surveillance system is colloquially known as “The Golden Shield.”
So the government was well-aware that groups like the Honker Union were active. It could have crushed them, but it recognized their usefulness.
We’ll never know the extent to which the Honker Union and others cooperated with the Chinese government. But some of their attacks certainly aligned with China’s policies.
Like the 2008 incident involving Tsering Woeser.
She’s a Tibetan activist, journalist, poet, and author, and she’s long been critical of the Chinese government’s treatment of her homeland. In 2003, it banned her book, Notes on Tibet, which speaks favorably about the Dalai Lama. Her employer, the Tibet Autonomous Region Literature Association, fired her and evicted her from her home. She moved to Beijing to “follow her conscience as a writer,” and she kept publishing, blogging, and reporting.
In April 2008, protesters in Lhasa, Tibet’s capital, spoke out against the Chinese government. When Woeser and her husband gave interviews about the protests to reporters, the Chinese government placed them under house arrest.
A month later, several of Woeser’s friends told her they’d received files infected with malware…from her Skype account.
She’d been away from her computer when the messages were sent. She suspected a hack. Then it was confirmed when her blog was defaced.
One message read:
Long live the People’s Republic of China! Overthrow all Tibetan separatists!
Another included a picture of Woeser, and read:
Please remember this Tibetan separatist’s Woeser’s ugly face. Whoever sees this ugly face, please beat her hard like one beats a dog.
On their website, the Honker Union took credit for the hacks.
Before, most Honker Union attacks were undertaken on their own initiative, against perceived enemies who’d insulted China. This was the first time we know about that the Honkers went after a stated enemy of the regime.
Whether the government was coordinating with the Honker Union or not, one thing was clear: after years of dormancy post-2005, the group was back.
So too was Lin Yong, aka Lion. In 2010, he gave a phone interview to the Reuters News Agency, in which he identified himself as a core member of the group. At some point, he’d rejoined the Honker Union, although we don’t know when. Lin said little about himself in the interview, only admitting that he was now head of a department for a major state-owned telecommunications firm.
Lion wasn’t there to talk about himself. He was there to state the Honker Union’s mission:
The Honker Union has no interest in getting involved in politics, he said. We work only for the security of Chinese websites.
A year later, Lion gave an interview to the Wall Street Journal, in which he outlined an even more ambitious plan.
Lion explained that he came back to the Honker Union because he wanted to help its members parlay their skills into legitimate jobs—this way, they wouldn’t be forced to resort to cybercrime or government hacking. This included hosting training sessions in network-security at Chinese universities.
Mainly now we want to get our members to put energy into researching technology, he explained. And to help protect the networks of Chinese companies, government ministries, and research institutions.
A noble goal. The reporter asked Lion if the Honkers would continue their cyberattacks.
We won’t, he responded. We probably won’t. If there’s some special incident, I can’t guarantee that other members won’t have their own ideas. At least, right now there aren’t signs of that.
Was Lion telling the truth, or was he just trying to muddy the waters? Either way, no matter how lofty Lion’s intentions may have been, the group’s actions told a different story.
Act Three
That’s our time! Everyone please board the bus, tour guide Tse Ting Chunn said with a big smile.
The 31-year-old employee of Hong Thai Travel counted off all 25 tourists as they filed onto the bus. Twenty-two were from Hong Kong, like Tse, and the other three were local Filipinos.
Tse had just finished showing them the Rizal Monument, a stone obelisk with a bronze statue of the Philippines’ national hero, Jose Rizal, an ophthalmologist turned journalist executed by the Spanish for protesting their colonial rule.
It was the final day of a four-day excursion, and Tse was looking forward to showing his tourists the last few stops on their exploration of Manila.
The last tourist climbed aboard and Tse followed.
But another man followed him. He wasn’t part of the tour group.
At first, Tse didn’t notice the man. Neither did the bus driver, who put the bus in gear and started off for the next destination.
Sfx: bus engine
As Tse took his seat, he finally saw the stranger, a middle-aged Filipino man who looked agitated. He also seemed to be holding something behind his back.
Sir? I think you’re on the wrong bus, Tse said in English.
Stop the bus.
Sir, is everything OK?
Suddenly the man revealed what he was holding—an M16 assault rifle.
Sfx: gunshot
The man fired a shot into the ceiling. The passengers screamed.
I said pull over!
The driver did.
The gunman pointed his weapon at Tse, then gestured at the passengers.
Tell them they can call their loved ones or whoever. You too.
Tse immediately took out his phone and called his employer.
There is a serious incident. A soldier came aboard the bus and took us hostage.
I’ll call police. Just keep everyone calm.
Tse hung up and picked up the microphone.
Everyone, please stay calm. You’re free to call your loved ones.
People took out their phones. As they did, the gunman locked the bus door, handcuffed the driver to the steering wheel, and closed the drapes on every bus window. then he opened up a satchel and took out some pieces of white cardboard, tape, and a marker.
BIG MISTAKE TO CORRECT A BIG WRONG DECISION, he wrote on one, then taped it to the windshield.
I DEMAND TO BE REINSTATED, read another message
Tse had no idea what the hell that meant. He had no way of knowing.
The gunman was 55-year-old Rolando Mendoza. He was a Manila police officer for 30 years before he was fired. Allegedly, for forcing a chef into confessing to deal drugs.
The standoff lasted 12 hours. Mendoza’s wife and brother arrived to beg him to give up and save his life. Mendoza let nine hostages go, while the bus driver escaped.
Mendoza gave The Philippines police drafted an agreement to reinstate the disgruntled officer, but the courier got stuck in traffic.
And Mendoza lost it.
SFX: gunshots
He shot two of the tourists. Philippines SWAT police advanced on the bus, and he opened fire, hitting one of them, plus a TV news engineer and a child.
SFX: gunshots
The SWAT team made a second attempt
SFX: shootout
When the smoke cleared, Mendoza was dead. But so were eight others, including Tse Ting Chunn.
In the wake of the tragedy, millions of Chinese were outraged. Eighty thousand people marched in Hong Kong to demand justice.
And once again, the hackers did their part.
In the wake of the hostage crisis, members of the Honker Union hacked into 10 government agencies, including the Philippine Information Agency and the website for the city of Bulacan, defacing them with pro-Chinese slogans.
Over the next several years, the Honker Union would find several more opportunities to flex their hacking muscles in defense of China—even if this went against what Lin Yong stated earlier about only wanting to defend Chinese websites.
An increasingly expansionist China engaged in even more territorial disputes.
As it did with the Diaoyu Islands, China has long claimed the entirety of the South China Sea. Problem is, Vietnam also claims a sizable portion of these waters—which include an estimated 17 million barrels of untapped oil, more than Kuwait.
In June 2011, a Vietnamese petroleum survey ship was mapping part of the South China Sea, trailing a series of long cables attached to sensitive oceanographic equipment behind it.
But then, a Chinese fishing vessel appeared and “happened” to ram into those cables, severing them.
The Vietnamese viewed it as a provocation, but the Chinese denied any responsibility.
About a year later, China was involved in yet another maritime dispute. This time, over the Scarborough Shoals in the Philippines. To the Chinese, these are called the Huangyan Islands.
In April 2012, Philippine coast guard ships intercepted a group of Chinese fishing boats illegally fishing near the shoals. When they inspected the ships, they found enough illegal catches to warrant an arrest.
But then, a group of Chinese military surveillance ships arrived—they’d just “happened” to me in the area, too.
The Chinese navy demanded the Filipinos release the fishermen. Knowing they were outgunned, the Filipinos complied.
The Chinese media documented both of these maritime disputes—from an obvious pro-China perspective.
As a result, the Honker Union and other patriotic hackers took up the cause, once again.
After all these years, their tactics hadn’t changed much. They hacked dozens of websites in Vietnam and the Philippines with patriotic slogans and images of the Chinese flag.
In the Philippines, their targets included the University of the Philippines, the Philippines Official Gazette, the Presidential Communications Development and Strategic Planning Office, and even the Presidential Museum and Library.
A typical message from Chinese hackers read: “We come from China, Huangyan Island is ours!”
Filipino hackers retaliated by taking down the website for the China University Media Union, with the message, Chinese government is clearly insane! Scarborough Shoal is ours!
It was yet another hacker war in a long history full of them. But like we saw in 2004 and 2005, the Honker Union was losing membership and interest. It seemed that pro-China outrage could only sustain the community for so long.
Following these maritime disputes, the group once again became dormant.
But dormant doesn’t mean extinct.
Act Four
If there’s one takeaway we hope you get from Modem Mischief, it’s this: some hackers become famous, but the best hackers will never be known to the public.
These 51 episodes have told you about hackers from the first category. Their exploits are famous, but this is a double edged sword. With fame comes infamy, making it more and more difficult to operate in the shadows—
Especially if a particular hacking group publicizes their exploits on their public website, as the Honker Union did.
But the story doesn’t end there. To date, no known members of the Honker Union have been arrested, not by the Chinese, the Americans, or anyone else.
While avoiding capture, members of the Honker Union have also managed to capitalize on their infamy to become celebrities. Just like we’ve seen in the US, members of the Honker Union have positioned themselves as cybersecurity experts, developing sizable followings.
An account supposedly belonging to Lin Yong, aka Lion, on Douyin, the Chinese version of TikTok, has over 200,000 followers.
The Honker Union itself has a page on the popular Chinese social media platform, with over 157,000 followers.
Both accounts post regularly about the history of the Honker Union as well as tips on network security.
Most observers believe that these accounts are intended to recruit the next generation of Chinese hacktivists.
Today, while it’s likely the Honker Union and other groups like the Red Hacker Alliance are still active, although their membership and activities are unknown.
But like we saw earlier, the Honker Union and other hacker groups, whether they’re still active or not, are just pieces of the puzzle when it comes to Chinese hacktivism.
Like everywhere, the Chinese hacking scene has progressed considerably from where it was in the late 1990’s. Its members are better educated, have better tools, and stronger ties to the government. Their presence on the Internet is permanent. And whenever China needs them, they’ll be ready to fight.
CREDITS
Thanks for listening to Modem Mischief. Don’t forget to hit the subscribe or follow button in your favorite podcast app so you don’t miss an episode. This show is an independent production and is wholly supported by you, our listeners and the best way to support the show is to share it. And another way to support us is on Patreon. Just go to patreon.com/modemmischief or click the link in the show notes. You can also support us through a paid subscription on Apple Podcasts. For as little as $5 a month you’ll receive an ad-free version of the show plus bonus episodes exclusive to subscribers. Modem Mischief is brought to you by Mad Dragon Productions and is created, produced and hosted by me: Keith Korneluk. This episode is written and researched by Jim Rowley. Edited, mixed and mastered by Greg Bernhard. The theme song “You Are Digital” is composed by Computerbandit. Sources for this episode are available on our website at modemmischief.com. And don’t forget to follow us on social media at @modemmischief. Thanks for listening!