Subscribe free to our newsletters via your
. Military Space News .

Subscribe free to our newsletters via your

Analysis: Cyberattacks on Tibet groups

An internet user reads a website in Beijing on 21 March, 2008 which contains a list and photos of what the Chinese government calls "The 19 most-wanted Lhasa rioters", vowing to punish those responsible for last week's violence in the Tibetan capital Lhasa. The photos, which appeared on top websites such as and, were taken from grainy footage shot during the unrest which exploded through the city on 14 March. Photo courtesy AFP.
by Shaun Waterman
Washington (UPI) Mar 24, 2008
Malicious e-mail and other cyberattacks on Tibet advocacy groups in the United States are linked to Internet servers used in past hacker intrusions traced by U.S. law enforcement to China.

The link, made by security experts on the basis of publicly available data, is the first direct evidence the recently intensified attacks against the Tibet groups, reported by United Press International a week ago, were launched from China. But it remains unclear to what extent -- if any -- the Chinese government or military is implicated.

The news follows charges last week from the Save Darfur Coalition, a group opposing Chinese policy in Darfur, they had been the target of intrusion attempts "which appeared to originate in China and seemed intent on subversively monitoring, probing and disrupting coalition activities."

The recent cyberattacks on several Tibet groups were analyzed by a security researcher for the SANS Internet security organization, Maarten Van Horenbeeck, who followed cyberattacks against Tibet organizations, and advocates for other Chinese ethnic groups such as the Uighurs, for many years.

Van Horenbeeck told United Press International that the attacks used e-mails purporting to come from known associates of the victims with attachments containing malicious code -- so-called Trojan horse software -- that stole e-mail and contact data, passwords and other information and covertly sent it on the Internet to special command servers. One domain address that came up as the destination for data stolen from supporters of the Students for a Free Tibet group was familiar to him. has been used by hackers "again and again" over the years, he said.

Since earlier this month, the domain has been "moving around," he said. But until March 8, it was based on a server previously identified by the FBI as the source for an e-mail attack aimed at U.S. defense contractors launched in August last year, according to a report from the Air Force Association.

The link, though a narrow one, is significant because of the well-acknowledged difficulty of attributing cyberattacks. Hackers can take control of computers, or even whole servers, without the knowledge of their owners and use them to launch attacks.

China has some of the world's tightest government restrictions on the use of the Internet, which makes many observers skeptical hacker gangs could operate from within China without government approval or acquiescence.

The attacks against the Tibet groups were "very professional and well-coordinated," Van Horenbeeck said, though he said no definitive evidence linked the Chinese government to the attacks.

Some of the e-mails used highly sophisticated "social engineering techniques" to trick their victims into opening the attachment, he said.

Rather than just faking the e-mail address of an associate as the sender of a general message, these e-mails would refer to discussions that the intended victim had conducted with that associate on open Internet bulletin boards or e-mail lists, Van Horenbeeck said, suggesting the hackers had done a great deal of research on individual targets.

"These were very sophisticated," he said, adding that unlike conventional hacker attacks, these were not aimed at defacing the group's Web site or driving it offline with a series of crude denial-of-service bombardments. "These attacks were designed to steal data," he said.

He said they might also be designed to "disrupt (the groups') operations by making people wary of using their e-mail, which is a vital tool for their coordination."

Some of the attacks did seem designed to undermine trust in e-mail. Last week a security professional working with one group posted a message to a Tibet discussion list warning people to expect an increase in e-mail and other attacks. The following day hackers sent another message, faked to look as if it came from the same address, containing a security document as a Word attachment. The attachment contained a Trojan horse malware package, Van Horenbeeck said.

Similarly sophisticated social engineering techniques were noted by security researchers at MessageLabs last month in e-mail malware sent to members of an Olympic committee.

"These are otherwise perfectly valid documents," Maksym Shipka, senior architect at MessageLabs, told SCMagazine, an IT security trade publication. "It's real information. It's a continuation of actual email conversations. Yet the document is bad."

Shipka said the e-mail was so convincing that recipients forwarded it to other members of the committee.

The Trojans and other malicious software used in the Tibet attacks are similar to those used in attacks against the unclassified computer networks of U.S. defense contractors, the Department of Energy's nuclear labs and other sensitive government agencies, but experts caution against reading too much into this, saying that the software is easily available on hacker Web sites.

Email This Article
Comment On This Article

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Memory Foam Mattress Review
Newsletters :: SpaceDaily :: SpaceWar :: TerraDaily :: Energy Daily
XML Feeds :: Space News :: Earth News :: War News :: Solar Energy News

Yahoo! denies posting web photos of Tibetan protesters
Paris (AFP) March 22, 2008
US Internet giant Yahoo! denied Saturday posting on its websites pictures of 19 people wanted by the Chinese authorities for protesting in the Tibetan capital Lhasa.

  • France And UK To Forge Deals On Nuclear And Defence Issues
  • Putin hails 'very serious' letter from Bush
  • Russia strikes upbeat note on easing tension with US
  • NATO, EU should pool defence resources: Scheffer

  • US Sent Taiwan Nuke Fuses By Mistake
  • 16 National Religious Organizations Oppose New Nuclear Bomb Plant
  • Thompson Files: The U.S. Navy and Iran
  • Marine Corps Embedded Platform Logistic System on Track For Delivery

  • India Test Fires Nuclear-Capable Missile
  • US cutting operations at main Pacific missile testing range
  • Pakistan says Indian missile test to trigger arms race: report
  • India, Israel to jointly develop anti-aircraft missiles

  • The ABM Deadlock Melamedov Version Part One
  • The ABM Deadlock Petrov Version Part One
  • Upgraded Early Warning Radar In Greenland Completes Construction Phase
  • Russia obtained US guarantees on missile shield: Lavrov

  • Europe's EADS finds sweet home in Alabama despite uproar
  • A380 superjumbo makes European debut in London
  • Aviation industry must act fast on climate change: Airbus chief
  • China air passenger traffic up 16.8 percent in 2007: state media

  • Radar Sensor To Be Incorporated Onto Northrop Grumman's MQ-8B Fire Scout
  • Boeing Tests Two-Pound Imaging Radar Aboard ScanEagle Unmanned Aircraft
  • Pakistan test-flies pilotless plane: military
  • Northrop Grumman BAMS Global Hawk Exceeds Requirements

  • US wants Britain to lead 'surge' in southern Iraq: report
  • US defense chief meets commanders over Iraq strategy
  • Analysis: Marriage of convenience in Iraq
  • Walker's World: Why the war worked

  • Fighter Production To Rise Over The Next Decade
  • F-35C Stealth On The Carrier Deck Means High Performance, Low Maintenance
  • Boeing Awarded Joint Helmet-Mounted Cueing System Contract
  • Raytheon To Supply 16 AESA Radars To Boeing For USAF And Air National Guard F-15Cs

  • The content herein, unless otherwise known to be public domain, are Copyright 1995-2007 - SpaceDaily.AFP and UPI Wire Stories are copyright Agence France-Presse and United Press International. ESA Portal Reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement,agreement or approval of any opinions, statements or information provided by SpaceDaily on any Web page published or hosted by SpaceDaily. Privacy Statement