Take this article from Al Jazeera about Anonymous hacking Chinese government websites.
Examine the language used by the hacker. Quoting from the article:
"Dear Chinese government, you are not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall," the message read. "So expect us because we do not forgive, never. What you are doing today to your Great People, tomorrow will be inflicted to you,"
That's where we can start. Then, take into account the context: "smaller sites for government bureaus and minor cities." Also, the posting was in English.
The motivation for the attacks was to show Chinese citizens how to circumvent government internet controls.
And finally, the perpetrator was Anonymous, a group of hacktivists, lacking (as far as we know) a unified structure. In essence, anybody can claim to be in Anonymous. That's the point. It's more of an idea than an organization. By lacking a hierarchical structure, the group can avoid collapse from the arrest of high-ranking members because there are no "high-ranking" members. (Note: Al Qaeda uses the same strategy. Hey, it works.). At least, that's my understanding of it.
Now the fun part. Let's put it all together. The first clue in our treasure hunt is the language used. To put it bluntly, the writing is awful. "So expect us because we do not forgive, never."?? That sentence alone tells me that the writer -- and by logical extension, the hacker -- is not a native English speaker. Most native English speakers would not use "never" to put the punch at the end of that sentence. They would use "ever" instead. Otherwise, the sentence would have been written, poorly, as: "So expect us because we will never forgive, never." Or something like that. However, using a word like "infallible" correctly means that this is no dummy.
Let's ignore the use of punctuation, because that's a problem with most non-writers. The use of "Great People" is interesting. Capitalizing "Great People" makes me think that this isn't a child or 16 year old kid pulling off this hack. Going out of the way to capitalize that phrase means that this person probably has some idea of the richness of Chinese history and civilization, and has a corresponding appreciation for it. Sophisticated thoughts, indeed.
Lastly, we must consider that only minor government websites were targeted, and one might assume that these are "easier" targets than the Chinese National Bank, for example.
Conclusions, thus far: non-native, but quite competent, English speaker, probably 18-25 years old, non-veteran hacker.
Why post in English on a Chinese government site for a Chinese audience? Remember that the purpose of the hack was to show ways to circumvent Chinese government censorship, so the argument that this was a publicity stunt for a non-Chinese audience is rather weak, but still possible.
My feeling is that the hackers are probably non-Chinese, or at least they don't speak Mandarin (the possibility that the hacker/s are non-Mandarin speaking Chinese expats striking back at the government is very probable). The Al Jazeera article spoke about an Anonymous China twitter account, making me think that these attacks were conducted from outside the country, as Twitter is blocked in China. (Check out a list of blocked websites in China).
Further Conclusion: Not a Chinese resident, non-Mandarin speaker.
Progress, dear friends! Unfortunately, I think that's about all the detective work we can accomplish on this case. We have a non-Mandarin and non-native English speaking, non-Chinese resident, 18-25 year old, non-veteran hacker on the loose! Check under your sofas in Western Europe and the United States!