[ISN] State hackers spying on us, say Chinese dissidents

From: InfoSec News (isnat_private)
Date: Thu Sep 19 2002 - 02:45:54 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, September 18, 2002"

    Forwarded from: Greg Walton <jamyangat_private>
    
    http://technology.scmp.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=SCMP/Printacopy&aid=ZZZ5CRL256D
    
    South China Morning Post
    Wednesday, September 18, 2002
    DOUG NAIRNE
    
    Overseas-based dissident groups have been bombarded with Internet
    virus and hacking attacks from mainland sources in what they say is a
    co-ordinated attempt to disrupt their operations and spy on their
    computer networks.
    
    The targeted groups are the same ones whose Web sites this month
    became inaccessible to mainland users through the Google search
    engine, leading some to suggest that the attacks are part of a wider
    campaign to crack down on what Beijing views as subversive activity.
    
    The dissident groups say the scale of the attacks goes far beyond what
    they have experienced in the past, making it unlikely that it is the
    work of amateur Chinese hackers. Some of the attacks have been traced
    to China Telecom regional offices in several provinces.
    
    "In some cases we can pinpoint the actual workstation, office, and
    street address that the [attack] originated from," said Greg Walton,
    an Internet activist who works with Tibetan freedom groups. "If this
    is Chinese hackers playing around, then they are Chinese hackers
    employed by a state-owned industry operating on the state's time."
    
    The attacks have come in the form of hundreds of e-mails using false
    or spoof addresses which appear to come from a friendly source. In
    some cases, the e-mails appear to originate from the Tibetan
    government-in-exile.
    
    The e-mails contain so-called Trojan horse programs which seek out
    files and attempt to e-mail them to an address on the mainland. Other
    files open so-called back doors, allowing hackers to take control of
    the target computer through its Internet connection.
    
    "It has never been as bad as things have become in recent months," Mr
    Walton said.
    
    Bill Dong, a spokesman for Dynamic Internet Technology, a company
    providing technical services to Voice of America's Chinese-language
    Web site, said the attacks started at the end of April, around the
    same time the Minister for Public Security, Jia Chunwang, urged
    mainland law enforcers to be more aggressive in fighting hostile
    foreign forces subverting China via the Internet.
    
    "We believe the viruses were specially created as an organised massive
    attack," he said.
    
    Mr Dong said the viruses were mainly targeting well-known e-mail
    addresses for Falun Gong Web sites, banned news sites and technology
    sites set up to penetrate the information blockade in China such as
    freenet-china.org. They have also been sent to mailing lists and a
    wide range of groups Beijing considers subversive, including Chinese
    dissidents and Xinjiang independence activists.
    
    The organisations said their security software had so far prevented
    any large-scale damage that they know of, but that it was impossible
    to tell how many of their computers may have been infected. There are
    reports that the virus activity has increased in recent weeks as China
    gears up for the 16th Communist Party Congress in November.
    
    Jigme Tsering, a computer manager for the Tibetan government-in-exile
    in India, said he had found viruses that tried to collect files from
    an infected computer and e-mail them to a computer in Yunnan province.
    
    "Luckily our firewall is blocking it, but I am worried about other
    offices without a proper firewall," he said.
    
    Jack Churchward, a system administrator and activist for the East
    Turkestan independence movement, said he had seen virus attacks three
    or four times a week for the past month using group e-mailing lists.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Sep 19 2002 - 05:29:40 PDT