March 25, 2008

China: Beijing Extends Its Offensive to Cyberspace

Active ImageChina is taking the crackdown on Tibet and its supporters into cyberspace with spyware targeting international organizations, including UNPO.

Below is an article published by F-Secure.com:

There's unrest on the streets of Tibet - clashes between Tibetans and the Chinese military.

[…]

However, there's unrest also on the net. Groups supporting freedom of Tibet have been attacked with highly targeted and technically advanced attacks.

Quoting an Asia Free Press news report: "AFP received an email Tuesday from someone claiming to be in Denmark, who had attached a file they said were pictures of Tibetans shot by the Chinese army. When AFP tried to open the attachment, a virus warning appeared."

[…]

Somebody is trying to use pro-Tibet themed emails to infect computers of the members of pro-Tibet groups to spy on their actions.

And this is not an isolated incident. Far from it.

Groups working for freedom of Tibet all over the world have been targeted. These emails have been sent to mailing lists, private forums and directly to persons working inside pro-Tibet groups. Some individuals have received targeted attacks like this several times a month.

The mails are almost always forged to look like they would be coming from trusted persons or organisations, making it more likely they get opened by the recipient.

Just the filenames of some of the recent malicious attachments tell a lot:

   UNPO Statement of Solidarity.pdf

   Daul-Tibet intergroup meeting.doc

   tibet_protests_map_no_icons__mar_20.ppt

   reports_of_violence_in_tibet.ppt

   genocide.xls

   memberlist.xls

   Tibet_Research.exe

   tibet-landscape.ppt

   Updates Route of Tibetan Olympics Torch Relay.doc

   THE GOVERNMENT OF TIBET.ppt

   Talk points.chm

   China's new move on Tibetans.doc

   Support Team Tibet.doc

   Photos of Tibet.chm

   News ReleaseMassArrest.pdf

   Whole Schedule and Routing for Torch Relay.xls

As you can see there's a variety of "trusted" filetypes used in these targeted attacks, including DOC, XLS, PPT, PDF, CHM.

The contents of these bait documents have been crafted very well.

 

Note:

Please view the F-Secure webpage for further details:

http://www.f-secure.com/weblog/archives/00001406.html

© 2010-2011 UNPO | Webdesign: IBIS Services