Dalai Lama's Chinese Website Hacked
It seems Kurt Baumgartner, Kaspersky Lab researcher, spoke to Reuters, and has issued a warning for Internet users: keep your distance from the Chinese-language version of the Central Tibetan Administration (CTA) until they can rid the site of its viruses.
Dalai Lama's Chinese Website Hacked: The Attack
From technical data gathered and analyzed, Baumgartner thinks the hackers were responsible for prior security breaches on CTA's website, as well as attacks on other cheap hosting websites that deal with human rights in Asia.
The prior attacks involved a technique referred to as “water holing,” a two-stage breach that involves hackers infecting the site frequently visited by certain people whose computers they want access to. The site infects the computers of all site visitors by downloading malicious software to their machines, which the hackers then use to control their computers. In this case, the hackers appear to be targeting activists.
Dalai Lama's Chinese Website Hacked: The Victim
The Dalai Lama is considered by the Beijing government to be a violent separatist after fleeing China in 1959 to escape Chinese rule during an uprising. He is portrayed as evil in Chinese media, while the Dalai Lama says he seeks only more freedom for his people. The US-based Office of Tibet in NY has not offered comment on the subject.
The infected site is the official site of the Dali Lama's government, and has been repeatedly attacked since 2011 by the same hackers. If you haven't heard about these attacks, that's because they've been dealt with silently before becoming a big deal in the media.
Dalai Lama's Chinese Website Hacked: Who Are The Hackers?
So who has it out for the Dalai Lama and his supporters? It isn't known, but according to Baumgartner, “They have been trying repeatedly to find vulnerabilities in the site.” Although the Chinese-language version is infected, he said it is completely safe to click to the English and Tibetan sites.
Baumgartner has a feeling this group of hackers has infected the site time and time again, spreading the virus to both Microsoft and Apple operating systems. They do it by exploiting security bugs that exist in Java software, providing them with the perfect backdoor to gain control of a user's machine. “This is the initial foothold. From there they can download arbitrary files and execute them on the system,” he said.
Researcher with EMC Corp Will Gragido, an expert on water holing, said that this attack appears to be what is called an APT, or advanced persistent threat. APTs are typically launched in a tainted email, but are also performed through water holes. Why the term “water hole?” It is because lions head to water holes to find their next meal more easily rather than hunt them down.
Dalai Lama's Chinese Website Hacked: Other Attacks
Last year, AlienVault Labs discovered cyber attacks on not only the CTA, but also the International Campaign for Tibet. They were discovered to be crafted by a Chinese APT group who happened to be responsible for numerous other attacks referred to as the “Nitro” attacks and caught by Symantec Corp back in 2011.
Various human rights groups specifically involving China were affected by denial of service attacks, controlling their emails and websites during a period from 2010 and 2011, all attributed to China.
Did China have anything to do with this recent attack? It's too early to say, but history would indicate they did. What do you think?