Vietnamese Blog Back on Line

The Vietnamese political news blog Anh Ba Sam has regained its equilibrium and its name after a series of mysterious attacks in March. Attackers took over the site, replacing its articles with their own content and changing passwords for the site's administrative sections.

When Anh Ba Sam's owners contacted WordPress, the blog's hosting service, in an effort to reclaim access to their site, the company asked the owners to verify their identities. But that wasn't easy – the attackers had changed the site's security information, leaving the owners temporarily unable to prove they were the legitimate administrators.

The US-based WordPress plays an irreplaceable role on the Internet for those who have a voice but no money. It is an open-source, free blogging tool and content management system, using plug-in architecture and a template system. It powers more than 60 million websites worldwide free, playing an enormously valuable role for those who can't afford a complicated system or lack the technical skills to manage one.

'The Gossiper'

Anh Ba Sam itself has established a unique position in recent years as a consolidator of reportage on events and trends in Vietnam. The site features articles re-posted from the foreign press (disclaimer: My articles are frequently translated and published there) and original reporting from the Anh Ba Sam community, many members of which identify themselves as dissidents. The site publishes news updates four times daily and regularly posts political, economic and social analyses contributed by respected intellectuals and experts. Before the attack, the site was garnering roughly 100,000 hits daily.

In Vietnamese, "Anh" is a personal pronoun, used for an older, male person. "Ba Sàm" means "the Gossiper". One site administrator explained that readers developed a saying after the blog was founded: "Ba sàm thông tin chính thống, chính thống nói chuyện ba sàm," or, "The Gossiper communicates official news, while the official media merely gossips."

The attacks started amid a lively debate on the Ba Sam blog about how the Vietnamese Constitution ought to be revised. The National Assembly is scheduled to vote on a new text in the third or fourth quarter of the year. In anticipation, the legislative body called for the people to express their ideas.

Taking the legislature at its word, commentaries posted on Anh Ba Sam tilted sharply toward freeing the current constitution's guarantees of human rights from a host of eviscerating national security-based limitations. There has also been considerable support for diluting the Communist Party's monopoly of political decision-making and freeing the courts and the mainstream media from a surfeit of political instruction.

That nearly ended on March 8. Several years' reportage and commentary were deleted. The e-mail accounts of the blog's editorial team were also compromised although all but a few days' content was backed up on offshore servers.

Anh Ba Sam was a high-value target for Vietnam's internal security agencies, though there is no hard evidence that government actors were involved in the attack. Accordingly, hackers took control of the site, locking out its true owners and deleting all of its content. On March 13, hackers posted on the site a lewd and defamatory 'exposé' of Anh Ba Sam's managing editor Dinh Ngoc Thu, derived from materials she suspects hackers looted from her own computer.

Thu sent urgent requests to the customer assistance staff of WordPress, asking that control of the site be restored to her and her colleagues. WordPress's response was that Thu must first prove that she was the true owner of the site, but the attack was so thorough that this was impossible - all identifying data, correspondence with WordPress, billing records, and other evidence of ownership had been stored on subdirectories of the site and was either deleted or no longer accessible by the Anh Ba Sam team.

One of Thu's Western contacts brought the issue to the attention of the general counsel of Automattic,'s parent company. WordPress customer assistance staff then became more cooperative and control of the blog was eventually restored. Yet it required substantial effort to persuade WordPress to remove various sub-blogs and other booby traps hidden within the site by the hackers. Had the Anh Ba Sam team not been able to connect with influential staff at WordPress and Automattic, they may have spent far longer working to regain access to their site.

Not long after this, deployed a two-step authentication procedure for all its clients' use. There is no way to know for sure, but some believe that the incident catalyzed this change.

Anh Ba Sam was been up and running again, with tighter security and a new URL, since late March 2013. Average daily hits have climbed back to 73,000. On June 1, Anh Ba Sam staff moved the blog to a new and inherently more secure server.

Increasing security for vulnerable blogs

Anh Ba Sam administrators have urged WordPress to adopt a policy of proactive, preemptive assistance for bloggers facing challenges similar to those of Anh Ba Sam. WordPress should also take responsibility to the fullest extent possible for ensuring that their clients' sites aren't hacked, for example by strongly recommending two-factor authentication and being more aggressive about helping to ensure that all WP scripts and plugins being used by blog administrators are up-to-date.

There is also a need for developing a mechanism that enables clients to recover control of a hacked account. As was the case with Anh Ba Sam, suppose a person claiming to be the site owner urgently requests help regaining control of the site. WordPress staff very possibly won't be fluent in the language used on the site. How can they tell who is the bona fide owner? A recent, sudden and radical change in the pattern of administrative access to the site should be prima facie evidence that a hijacking has taken place. At that point, WordPress could deny administrative access to the site by any party pending a sorting out of claims.

WordPress should take pride in its unique role as an enabler of free political speech around the world. To this end, the company should provide interactive security counseling to the many alternative and dissenting bloggers it hosts. Such a commitment would strengthen the public image of both WordPress and Automattic, and provide an invaluable service to its community.

(David Brown is a retired US diplomat who often reports about Vietnam. A version of this article first appeared on the webpage of Global Voices, a community of more than 700 authors and 600 translators around the world who work together to bring reports from blogs and citizen media.)