[ISN] Tibet - the cyber wars

From: InfoSec News (alerts@private)
Date: Tue Mar 25 2008 - 22:02:26 PST


http://www.bbc.co.uk/blogs/technology/2008/03/tibet_the_cyber_wars.html

By Rory Cellan-Jones
dot.life
BBC News
24 March 08

We know that YouTube has been blocked in China, as the authorities seek 
to control what they see as biased Western coverage of events in Tibet, 
but there is a wider battle being fought in cyberspace.

Tibet protest groups have been in touch to say they are under attack, 
with emails arriving containing attachments that are designed to infect 
or take over their computers. These attacks have been going on for 
months, but appear to have grown in intensity in recent days. Alison 
Reynolds of the International Tibet Support Network told me, "There are 
surges of activity which coincide with our busiest campaign periods and 
obviously now we are seeing a lot of attacks." She says most members of 
the movement know not to open attachments - but some do still get 
through.

Maarten van Horenbeeck, a security researcher, works with the Tibet 
groups to monitor these attacks, and says he is currently seeing three 
times as many as he saw last month. He says the attackers appear to be 
interested in emails and word documents stored on the machines they 
infect. He describes an attack on one NGO which involved a search for 
the keys to the system used to encrypt its emails.

Sometimes the original emails from the attackers appear to contain press 
releases from other Tibet campaigners - but when they are opened they 
install a trojan, enabling the machine to be controlled remotely. The 
security company F-Secure has blogged on the techniques being used by 
whoever is responsible and shows how well they craft their attacks.

But is this the work of the Chinese authorities? "Impossible to say," 
according to Martin van Horenbeeck. "Yes, the vast majority of attacks 
connect back to servers on CHINANet, a major Chinese network.

However, CHINANet, due to its sheer size hosts many vulnerable machines, 
so these are most likely all compromised themselves. In addition, there 
have been several samples that connect back to the USA, Taiwan or South 
Korea."

He makes the point that China has thousands of hackers - many of whom 
may be hostile to Tibetan groups - so there is plenty of scope for 
mischief. And here is what's interesting, and perhaps unique about 
China. It is a country which has allowed the web to flourish, while 
imposing pretty strict limits on the dissemination of information which 
it regards as subversive. So a generation of hackers which in other 
countries would be anti-establishment and would use the web to attack 
their own government, may be happy to lend the Chinese government a hand 
in any cyber-war. Forty years after the cultural revolution saw the Red 
Guards take to the streets with their little red books, is a new 
generation using the web to similar ends?

A friend who's a British reporter based in China - doing a great job 
amidst growing hostility to the Western media - says he winces when he 
hears overseas journalists like me trot out "the new cultural 
revolution" cliche. But isn't it rather apt here?


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Tue Mar 25 2008 - 22:08:52 PST