Cyber attacks against Tibetan communities
There is lots of media coverage on the protests in Tibet. Something that lies under the surface, and rarely gets a blip in the press, are the various targeted cyber attacks that have been taking place against these various communities recently.
These attacks are not limited to various Tibetan NGOs and support groups. They have been reported dating back to 2002, and even somewhat before that, and have affected several other communities, including Falun Gong and the Uyghurs.
The attacks generally start with a very trustworthy looking e-mail, being spoofed as originating from a known contact, to someone within a community. Some impressive social engineering tricks are used.
Anti virus is generally not proving effective against these attacks.
SANS have been working with several groups on these attacks since early 2007. If you or your organization has also been targeted, now or in the past, please get in touch. SANS will not publish any data on your specific attacks without your permission.
Full, unmodified article: SANS
1 Comment »
Leave a comment
Introduction
.
Welcome to Smokey’s Security Weblog!
Like my board Smokey’s Security Forums, this blog is mainly devoted to Security and all related issues. However, other issues like e.g. major occurances on my forum and social topics will be blogged too.
My forum offer free security and malware related Support, Help, Advice and Education.
As extra service we have a HijackThis & OTL (formerly OTListIt2) Logs Analyzing and Malware Removal/Cleaning Help Forum, full qualified HJT/OTL Analysers/Malware Hunters will be pleased to help you for free to clean your malware infected PC.
We are hosting and maintaining the Official Jetico Inc. Support Forums, including the following products:
- Jetico Personal Firewall V1
- Jetico Personal Firewall V2
- Jetico BestCrypt for Windows
- Jetico BestCrypt for Linux
- Jetico BestCrypt Volume Encryption
- Jetico BCArchive
- Jetico BCWipe for Windows
- Jetico BCWipe for UNIX
Disclaimer: information in this blog can be based on (not confirmed) statements of (anonymous) sources, Smokey’s Security Weblog don’t take any responsabilty for the credibility of these sources and their statements.
The posts/articles in this blog can be supplemented with so called “Possibly related posts” links. Because these links are automatically generated by WordPress.com, Smokey’s Security Weblog have no influence on the links itself and/or content of them. Therefore this Weblog don’t take any responsability for these links and all related issues.
About Copyright and this Blog: it is allowed to reproduce (parts of) posts in this blog if this reproduction is provided with a direct link to the original blog post. It is NOT allowed to copy, use and/or reproduce any image or blog banner.
Blog comments policy: to restrain indecent and off-topic comments and spam, comments are reviewed before publishing. Therefore, delay in comment publishing is unavoidable. Obligatory language of comments is English.
.
Smokey’s Security Forums is Site Member ASAP
My main task
Smokey’s Weblog RSS Newsfeed
Smokey’s Weblog Google FeedBurner
Technorati
Recommended: Free network protection with OpenDNS
Recommended: Kaspersky Free Online Antivirus Scan
Recommended: Free Online Safe Password Generator
Advertisement: Buy the #1 ad blocker via Smokey’s
Advertisement: Meg&Millie’s hand-made, personalised gifts
Your IP and location
Blog Visitor Statistics
F-Secure Weblog: Groups working for freedom of Tibet all over the world have been targeted. These emails have been sent to mailing lists, private forums and directly to persons working inside pro-Tibet groups. Some individuals have received targeted attacks like this several times a month.
The mails are almost always forged to look like they would be coming from trusted persons or organisations, making it more likely they get opened by the recipient.
Just the filenames of some of the recent malicious attachments tell a lot:
UNPO Statement of Solidarity.pdf
Daul-Tibet intergroup meeting.doc
tibet_protests_map_no_icons__mar_20.ppt
reports_of_violence_in_tibet.ppt
genocide.xls
memberlist.xls
Tibet_Research.exe
tibet-landscape.ppt
Updates Route of Tibetan Olympics Torch Relay.doc
THE GOVERNMENT OF TIBET.ppt
Talk points.chm
China’s new move on Tibetans.doc
Support Team Tibet.doc
Photos of Tibet.chm
News ReleaseMassArrest.pdf
Whole Schedule and Routing for Torch Relay.xls
As you can see there’s a variety of “trusted” filetypes used in these targeted attacks, including DOC, XLS, PPT, PDF, CHM.
The contents of these bait documents have been crafted very well. Below are some examples of what the user sees after he has been duped into opening one of these files. The content is mostly recycled from real announcments and messages of the pro-Tibet groups.
http://www.f-secure.com/weblog/archives/00001406.html