Dalai Lama's Chinese-language website hacked, warns computer security firm

The Dalai Lama's Chinese-language website is infecting visitors' computers with viruses in what could be an attempt to spy on human rights activists, according to the computer security firm Kaspersky Lab.

|
AP Photo/ File
Tibetan spiritual leader the Dalai Lama speaks to Tibetan monks in Leh, India. The Dalia Lama's Chinese-language website has been attacked, according to a computer security research firm.

A prominent computer security firm warned that the Dalai Lama's Chinese-language website has been hacked and is infecting visitors' computers with viruses in what may to be an effort to spy on human rights activists who frequently visit the site.

Kaspersky Lab researcher Kurt Baumgartner told Reuters on Monday that he is advising web surfers to stay away from the Chinese-language site of the Central Tibetan Administration, or CTA, until the organization fixes the bug. He described the attack on his company's blog.

Technical evidence suggests the group behind the campaign was also responsible for previous breaches on that site as well as attacks on groups that focus on human rights in Asia, Baumgartner said.

Those breaches involved a two-stage attack technique known as "water holing," where hackers first infect a site that is frequently visited by people whose computers they want to control. That compromised site automatically seeks to infect the PCs of all visitors, downloading malicious software that the hackers can use to take control of their computers.

Officials with the Office of Tibet in New York could not be reached for comment. That office is the official representative to the United States for the Dalai Lama, Tibet's 78-year-old exiled spiritual leader, who fled China to India in 1959 after an abortive uprising against Chinese rule.

Beijing considers the globe-trotting monk and author a violent separatist and Chinese state media routinely vilify him. The Dalai Lama, who is based in India, says he is merely seeking greater autonomy for his Himalayan homeland.

Baumgartner said that the Chinese-language site of the Central Tibetan Administration, which is the official organ of the Dali Lama's government in exile, has been under constant attack from the same group of hackers since 2011, though breaches have been quietly identified and repaired before garnering significant attention.

SAME GROUP OF ATTACKERS

"They have been trying repeatedly to find vulnerabilities in the site," he said.

He said that it is safe to visit the group's English and Tibetan sites.

He said he believes the same group of attackers has repeatedly infected the site with malicious software that automatically drops viruses on computers running Microsoft Corp's Windows and Apple Inc's Mac operating systems.

They infect machines by exploiting security bugs in Oracle Corp's Java software, he said. An Oracle spokeswoman had no immediate comment.

That gives them "back doors" into those computers. "This is the initial foothold. From there they can download arbitrary files and execute them on the system," Baumgartner said.

Will Gragido, a researcher with the RSA security division of EMC Corp who is an expert on water holing, said the attack on the Tibetan site had the look of a type of campaign known as an "advanced persistent threat," or APT.

In some cases APTs are launched through tainted emails. In others this is done through "water holes," which are named after specific locations that lions stake out to attack their prey, rather than traveling the wild to hunt them out.

"The CTA is a site most people are not going to traverse," Gragido said. "They are less likely to see my grandmother traversing that site than they are somebody with a vested interest in seeing what's going on in Tibet."

In March of last year, the cybersecurity firm AlienVault Labs reported that it identified cyber attacks on Tibetan organizations including CTA and the International Campaign for Tibet.

AlienVault said those attacks were engineered by a Chinese APT group also responsible for the "Nitro" attacks on dozens of companies identified by Symantec Corp in 2011.

The report of the cyber attack is the latest to involve human rights groups in greater China.

Human rights groups and other NGOs focused on China were hit by denial of service attacks that disrupted their websites and several said their emails were infiltrated during a spate of cyber attacks attributed to China in 2010 and 2011.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Dalai Lama's Chinese-language website hacked, warns computer security firm
Read this article in
https://www.csmonitor.com/Technology/Latest-News-Wires/2013/0813/Dalai-Lama-s-Chinese-language-website-hacked-warns-computer-security-firm
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe