Highlights
– Recent attacks against various non-governmental organizations are traced to servers in China
– Attack patterns mirror previous attacks attributed to Chinese hackers
– While it is unclear whether or not the Chinese government authorized these attacks, it is clear that these attacks will continue
Recent reports from various cyber security vendors and experts indicate that Chinese hackers may be responsible for a series of attacks against various non-governmental organizations (NGOs) focused on increased freedom for Tibet as well as groups established to raise awareness about the humanitarian crisis in Darfur, Sudan.
Attacks Against Tibetan Groups
The recent unrest in Tibet has also spawned a number of attacks in cyber space against a number of Tibetan advocacy organizations. According to Alison Reynolds, the director of the Tibet Support Network, affiliated pro-Tibet groups have received an average of 20 e-mail virus attacks per day since the unrest in Lhasa, Tibet started (source). Mikko H. Hypponen, Chief Research Officer at anti-virus software vendor F-Secure, said, “somebody is trying to use pro-Tibet themed e-mails to infect computers of the members of pro-Tibet groups to spy on their actions (source).”
Attack on the Save Darfur Coalition
According to Allyn Brooks-LaSure, a spokesman for the Save Darfur Coalition, hackers that appeared to be based in China had hacked the organization’s network and “seemed intent on subversively monitoring, probing and disrupting coalition activities (source).” The Federal Bureau of Investigation (FBI) has opened a preliminary investigation into reports the Save Darfur Coalition was hacked. The Save Darfur Coalition’s mission is to end the conflict in Sudan and has previously criticized the Chinese governments support of the Sudanese government.
Similarities to Previous Attacks
The tactics of these attacks mirror previous attacks against various US government agencies and military organizations also attributed to Chinese hackers. In both cases, the attacks were carried out via phishing emails – a social engineering tactic designed to fool the recipient of a virus-laden email into infecting their computers with Trojan horses and or keystroke loggers. Further, according to Maarten Van Horenbeeck, an incident handler with the SANS Internet Storm Center, recent attacks against various Tibetan groups originated from the same Beijing-based source as previous attacks against 28 defense contractors in the United States (source).
While the Chinese government has an obvious interest in keeping tabs on groups that promote increased autonomy for Tibet and seek to pressure the Chinese government to curtail its support for Khartoum government in Sudan, it is unclear whether the government is directly ordering these cyber attacks. Many cyber security experts point out that although these attacks can be traced back to systems hosted in China, it is impossible to say with certainty that Chinese citizens are controlling these systems, or if these systems have been compromised by citizens from other countries.
Assuming that Chinese citizens have in fact executed these attacks, it is still difficult to tie these attacks to the Chinese government. It is possible that Chinese hacking groups not subordinate to the central government organized many of the attacks, as many Chinese hacking groups are motivated by nationalist fervor and may well execute attacks against organizations that they believe are acting in opposition to China’s interest. Therefore, in the case of the recently reported attacks, patriotic Chinese hackers may have seen it as their civic duty to attack Tibetan advocacy groups.
Improved Defenses Required
Regardless of who is responsible for these attacks, it is clear that cyber security must be taken seriously and all organizations big or small, government, private, or non-government must exercise extreme diligence and secure their information technology infrastructure lest they suffer the same fate as the organizations highlighted above.