Meet the hackers
Army geeks provoked cyberwar with U.S.
BEIJING In his free time, 30-year-old Wen Xinyu likes to read western philosophy, play Angry Birds on his iPad and listen to Beyond, a rock band from Hong Kong.
But it is his day job that has brought him to the attention of the FBI: Wen, a.k.a. WinXYHappy, is alleged to be a People’s Liberation Army hacker who has stolen reams of trade secrets from some of the largest companies in the United States.
The cyber-espionage claims have led to a diplomatic row with Beijing, which accuses the United States of hypocrisy.
Since the charges were revealed on Monday, Wen and four others accused of working with him in PLA Unit 61398, a cyber-espionage centre in a Shanghai suburb, have erased their online presence, wiping clean their profiles, blogs and comments.
But the fragments that remain show the cyber-spies to be low-paid geeks who never expected that anyone would pay attention to the hacking forums and gaming groups they frequented.
Wen, who appears in one photograph online wearing an orange polo-shirt and celebrating his 30th birthday, was by far the most active of the five men, often collaborating with others on programs. His account on Weibo, China’s version of Twitter, indicated that he liked “movies, travel and music.”
On one hacking forum, underneath a post about how to steal login passwords for computers running on Windows, Wen wrote: “Awesome! I happen to need this. Thank you!”
On another site, which offered a hack to download the Angry Birds computer game without buying it through the Apple store, Wen wrote: “It works on my iPad. But when I downloaded Plants vs Zombies for the iPhone it was too small (for the screen of the iPad).”
And at the beginning of this year he appealed for help on writing programs to “monitor, connect, transmit data, save files and disconnect” in WinInet, the Microsoft Windows Internet application programming interface.
“To all the masters,” he wrote. “Do you have any server-end experiments that I can study for a couple of days? I do not ask for all the codes, I know you must have your own secrets. I just want to know what kind of functions I need to use.”
Although it is not possible to confirm beyond doubt that all of WinXYHappy’s posts were made by Wen, details across different sites tallied and in some cases he also used the same instant messaging identification number.
One of the others named by the U.S., Ugly Gorilla, also appeared in a research report written last year. Recently, Ugly Gorilla, whom the U.S. said was Wang Dong, appears to have changed his screen name to “Say Goodbye to my youth,” but his avatar on WeChat, a Chinese instant messaging system, remains a gorilla. While his colleagues preferred to remain anonymous, he stamped some of his programs with his moniker, or left the letters “UG” in viruses he designed.
Of the other hackers, few traces remain. Both Sun Kailiang (Jack Sun) and Gu Chunhui (KandyGoo) have wiped the web of any comments or posts. Huang Zhenyu’s only remaining traces are technical comments on hacker forums.