restricted access 7 Interconnected Contests
In lieu of an abstract, here is a brief excerpt of the content:

7 Interconnected Contests Distributed Denial of Service Attacks and Other Digital Control Measures in Asia Hal Roberts, Ethan Zuckerman, and John Palfrey In early 2008 the Vietnamese government announced plans to mine bauxite, the mineral used to make aluminum, in the Central Highlands of Vietnam in cooperation with a Chinese company. These plans became the subject of increasing protest beginning in 2008 and continuing thereafter. Protesters have expressed environmental concerns about damage to mined areas and toxic by-products of bauxite mining. While some activists involved with the bauxite protests have been connected to banned prodemocracy movements, others have been protesting the Chinese-backed mine on grounds of environmental concern or national pride.1 In 2009 a group of activists distributed a petition and created a Web site named http:// to protest the bauxite mining. According to reports from Vietnamese free-speech advocates, both the site and the larger bauxite protest movement have been under constant attack since 2009. The government has repeatedly detained and interrogated both the founders of and many of those who signed the petition. Forged e-mails, purportedly by the founders of the Web site, have been distributed online, falsely claiming that the leaders were quitting the protest. Activists report that the Vietnamese government broke into the site’s servers to steal protester information and shut down the site.2 In January 2010 a flood of traffic from compromised computers overwhelmed, making it inaccessible not only in Vietnam but also throughout the entire Internet.3 Political actors increasingly use this type of attack, known as a distributed denial of service (DDoS) attack, to control content on the Internet. Vietnam has routinely filtered Internet sites the government considers to be controversial, preventing users in Vietnam from accessing them without taking unusual steps. In contrast, a DDoS attack makes a Web site inaccessible to all online audiences by disabling a targeted Web server under a flood of traffic. This particular DDoS attack used a botnet, an army of “zombie” computers that have been taken over, in the vast majority of cases, without their owners’ knowledge. These zombie computers are generally used to commit some sort of fraud on the network. For example, some computers controlled by botnets are used to sign up for thousands of 134 Hal Roberts, Ethan Zuckerman, and John Palfrey free e-mail addresses and send spam. In this case, the zombie computers sent an extraordinary number of requests to, crashing the site. Shortly after the DDoS attacks on the site began, Google announced that it would no longer censor its search results in China4 because of attacks on its Gmail service, which it found had originated from within China. While investigating the source of those Gmail attacks, Google found evidence that the botnet attacking bauxitevietnam .info—though not involved in the Gmail attacks—consisted largely of computers that had been infected by a malicious program hidden by an attacker within a program called VPSKeys.5 Technicians at Google and at the antivirus firm McAfee then unraveled the story of the DDoS attacks. VPSKeys is the most popular Vietnamese keyboard input program. Distributed by the Vietnamese Professionals Society (VPS), it allows Vietnamese users to enter Vietnamese characters easily using Western keyboards . Some months before the attacks on, likely in late 2009, the Web site hosting the VPSKeys software had been compromised. The attacker replaced the VPSKeys program with a Trojan version designed to infect the host computer with botnet software. The attackers also alerted thousands of VPSKeys users by e-mail that a new (secretly infected) version of the software was available. Many Vietnamese users updated their software in response. It is likely that the attackers were able to obtain the mailing list used to send this e-mail through a separate attack— possibly intrusions that seized membership databases of popular Vietnamese discussion forum sites in 2009. Tens of thousands of users downloaded the Trojan software, which infected the host computers and added them to a botnet before the Trojan software was discovered. The makers of VPSKeys replaced the infected software with a clean version, but not before the Trojan software had created the network of compromised computers. This botnet was used to mount the DDoS attack on and may have been used against additional targets. Why did the attackers go through the effort of compromising computers and creating their own botnet? There is a thriving...