Filmmakers: China Hackers Nearly Destroyed Our Movie (Guest Column)
Police follows, surveillance, a vicious cyber-assault: Two directors tell how their documentary about Tibet turned into a personal nightmare.
This story first appeared in the April 26 issue of The Hollywood Reporter magazine.
In 2008, after months of careful preparation, we traveled into Tibet during the Beijing Olympics to shoot a documentary about the conflict between Tibetans and the Chinese government.
Having shot films in Afghanistan and Rwanda, we did extensive due diligence, contacting experts and humanitarian agencies for advice about how to talk to sources while ensuring they remain safe from retaliation. We settled on a ruse of acting as carpet buyers to access areas off the beaten path.
Experts aided us in figuring out what technology and equipment could be brought in that wouldn't be detected and would protect the privacy of anyone we interviewed. We reconfigured iPods to include hidden storage sectors to hide camera files. We spent weeks clearing out our private data and devised a coded vernacular in anticipation that files and texts would be read.
With a certain amount of luck, we obtained last-minute entrance visas and arrived in eastern Tibet. As our guides took us deeper into the Tibetan autonomous region of China, we were followed constantly. At one point, we counted eight to 10 vehicles trailing us, the occupants blatantly taking photos. Plain-clothed police closely followed our every move. We tried numerous times to sneak out of the hotel and avoid the police tail, but we were immediately followed. Frustrated by the surveillance, we reluctantly decided to turn the cameras on ourselves to document the harassment we were experiencing.
Then the stakes intensified. Our passports were taken by police and, in the interest of safety, we decided to have the guides separate from us. We were alone in a small city near the Tibetan border, a place where Westerners rarely are seen and no one speaks English but the police. Our e-mail contact with producers in the U.S. and Europe had triggered an outbreak of computer viruses that had infected their systems and phones, deleted e-mails and crashed websites. Our hotel rooms were subjected to surveillance and illegal searches, and our communications to the crew around the world were disrupted. Few options remained. With a frightening threat to our personal safety, we knew things were quickly spinning out of control. We eventually heeded the police request to leave the country.
Upon returning to the U.S., the extent of the cyber-assault on the production began to reveal itself. Producers in Amsterdam, Los Angeles and Atlanta all had their computers and e-mails hacked. The malware in the Atlanta computer was evaluated by an IT expert who determined that it originated from an IP address in China. One producer was so startled by the attack on his computer that he backed out of the project altogether.
Tenzin Seldon, a Tibetan activist in San Francisco and one of the film's production associates, suffered a hack that prompted Google's head of security to investigate. Google's original decision to cease service in the Chinese market was partially based on the incident involving Seldon's e-mail account.
During postproduction, we kept cameras rolling as the hacking continued. We sought alliances with leading cyber-security experts like Dmitri Alperovitch of CrowdStrike and Ralph Echemendia of RED-E Digital to help uncover the scale and scope of the attacks. Tracing the hacking back through e-mail servers such as Yahoo and 123 Ehost was not an easy task. Accessing the backup data to trace the specific locations inside China where the hacking originated was complicated by an onslaught of internal bureaucracy and missing data, legal smokescreens and a lack of archived logs. Our investigation continues.
State of Control, our movie, is not alone in this conundrum. No one is immune from the long reach of cyber-espionage. Google, The New York Times, The Washington Post, The Wall Street Journal and almost one-fifth of the Fortune 100 companies are facing unprecedented cyber-assaults generated from within China. Security breaches even have reached the White House. Cyber-warfare is a disturbing trend that has grave consequences, not only for independent documentaries like ours but also for blockbuster movies, activists, journalists and others who are not aware that their privacy is being violated.
The experience that we endured should be a wake-up call to all Americans and especially those in the media and entertainment industries. Nobody is off-limits. The public needs to know that they are under attack in the name of the Chinese government's calculated control of its public image. At some point, a line must be drawn. Not to do so would be death by a thousand blows.
Christian Johnston and Darren Mann are the directors of State of Control. They will hold a private industry and press screening of their documentary April 29 at the Hot Docs festival in Toronto.