In the summer of 2005, Tan Dailin, a 20-year-old graduate student at Sichuan University of Science and Engineering, caught the attention of the People’s Liberation Army (PLA) of China due to his involvement with a burgeoning hacker community known as the Honkers. This group was made up of young Chinese hackers who launched patriotic cyberattacks against Western targets that they perceived as disrespectful to their country. The initial interventions from the Honkers were relatively low-sophistication attacks, primarily website defacements and denial-of-service operations directed at entities in the United States, Taiwan, and Japan.
Tan, leveraging his skills and experiences, documented his activities in online blogs. He and his friends participated in a PLA-affiliated hacking contest, which they won, leading to an invitation for an intensive hacking training camp. This experience kickstarted Tan’s journey into the world of professional hacking, during which he formed his own hacking group, the Network Crack Program Hacker (NCPH). This group quickly made a name for themselves by creating notable hacking tools, including the GinWui rootkit, one of China’s first remote-access backdoors. Between the spring and summer of 2006, they executed a series of high-profile hacks against U.S. companies and government entities, actions reportedly conducted on behalf of the PLA.
Tan later transitioned to contracting for the Ministry of State Security (MSS) and became part of the infamous hacking group APT 41. His trajectory is emblematic of many former Honkers who began as self-directed patriotic hackers before being integrated into China’s extensive espionage infrastructure. Despite limited documentation about the Honkers in relation to China’s Advanced Persistent Threat (APT) operations, a new report has shed light on their evolution from patriotic hackers to elite state-sponsored cybercriminals.
The Honker community originated when China connected to the internet in 1994. Early members were self-taught tech enthusiasts who exchanged programming tips on electronic bulletin boards. They founded various groups like Xfocus and the Honker Union of China, cultivating a culture that initially prioritized defending national cyber interests through ethical hacking. This focus shifted toward more aggressive tactics following national incidents that ignited patriotic sentiments, leading to coordinated cyberattacks against foreign targets, particularly after events such as the violence faced by ethnic Chinese in Indonesia in 1998 and the Nanjing Massacre historical debate in 2000.
However, the status of the Honkers changed dramatically after a 2001 incident in which a Chinese fighter jet collided with a U.S. reconnaissance plane. The resulting nationalist fervor sparked retaliatory cyber-attacks from both American and Chinese hackers, prompting the Chinese government to express concern over the Honkers’ lack of control. They warned that these patriotic hackers could become liabilities in international relations.
In the years that followed, the PLA and MSS began formally recruiting members from the Honkers, particularly after several high-profile hacking incidents, establishing a more structured approach to integrating these skilled individuals into state-sponsored initiatives. As hacker forums closed under new legal frameworks criminalizing unauthorized intrusions, many Honkers either sought legitimate work in tech and cybersecurity firms or transitioned into roles supporting state operations.
Several tools developed by Honkers have been repurposed for APT operations, demonstrating how this early hacker culture laid the groundwork for China’s sophisticated state-sponsored hacking efforts. Former Honkers have since been implicated in various high-profile cyber incidents, illustrating a continued intertwining of patriotism, personal interest, and state security imperatives.
The evolution of the Honkers encapsulates the trajectory of tech-minded youth co-opted by the state into its broader cybersecurity and espionage agenda, revealing a complex relationship shaped by national interests and personal aspirations in the digital world.
