Print 36 comment(s) - last by phxfreddy.. on Mar 30 at 7:59 PM

Who could be behind the wave of online attacks that have the internet community seeing red?

A series of online strikes has been carried out in the last few months on several high profile international targets.  Among those targets are the Falun Gong and pro-Tibetan liberation organizations.  Also targeted is the Save Dafur campaign. 

As Sherlocke Holmes might say, "The game is afoot!"

The Internet Storm Center, an news organization focusing on online threats, announced this week, "On Friday we reported on targeted attacks against various pro-Tibet non-governmental organizations (NGO) and communities, as well as Falun Gong and the Uyghurs."

One technique that is being used to attack these organizations is a fake memo with a malicious attachment.  This memo claims to have a human rights report about Tibet attached.  Analysts state that the memo uses several key social engineering tricks to lull the readers into a false sense of security.  Among these are the use of pertinent language in the memo and official looking numbers and titles. 

Even trickier, the attachment is actually two files -- a legitimate flier for a real life book on the state of Tibet and a separate malicious trojan binary. 

Eight types of trojans have been employed by the attackers, including the well known Enfal, Riler and Protux attacks.  While some machines are merely crippled, others are maintained and controlled through remote access using the Gh0st RAT tool.  The majority of control servers were identified to be on Chinese netblocks.  However some originated from the U.S., South Korea and Taiwan.

Tibet has been under Chinese rule since military occupation in 1951.  The Falun Gong claims its a spiritual organization focusing on meditation, boasting as many as 70 million members in China.  The organization has been labelled as a cult by China.  China regularly breaks up its public practices and jails its leaders.

The Save Darfur group has been under heavy attack from hackers.  The FBI is currently investigating these attacks, which they say may have a possible Chinese connection.  The Save Darfur campaign is a rather altruistic-spirited, nonprofit group whose well-intentioned goal is to bring attention to the ongoing genocide in western Darfur region of Sudan. 

Allyn Brooks-LaSure, a spokesman with the group, says the group contacted the FBI after someone last week gained unauthorized access to its email and web servers. While Brooks-LaSure is certain the identity of the attackers, he did note that the IP addresses of the hackers were located in China.  He states, "Someone in Beijing is trying to send us a message."

The hackers appeared to have focused primarily on gathering data on the group.  Save Darfur has been trying to convince China to pressure Sudan, one of its largest trading partners, into stopping the bloodshed.  Experts warn that while the attacks appear to have originated in China, they may merely have been routed through China.

Groups affiliated with the Save Darfur group have also been hit.  Among the attacks they have noticed are emails with malicious attachments, very similar to those used against the Tibetan organizations.  FBI Spokeswoman Debbie Weierman confirmed that the FBI was investigating, stating that they were "looking into the matter."

With the latest rash of attacks, one is left to wonder -- who might want to attack Save Darfur, pro-Tibetan liberation and the Falun Gong?  Is this just an innocent set of unrelated attacks, or perhaps is it, along with other attacks in past months, the sign of a growing online military campaign?

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Rather more likely
By masher2 on 3/26/2008 10:50:07 AM , Rating: 5
I think assuming a few young Chinese nationalists, anxious to show their patriotism, is more likely than a government-backed conspiracy. There's little hard benefit to hacking such sites, certainly not enough for a government to tip their hand by defacing them.

RE: Rather more likely
By JasonMick on 3/26/2008 11:02:35 AM , Rating: 5
I think most likely you're on the right track. However, if so, the government is partially to blame for egging them on as they've subsidized successful hacks on DoD computers among others in the past. Overzealous Chinese freelance hackers may be hoping that the government will reward them for their efforts.

However it is also possible that two different groups may be responsible for the Darfur and the Tibet hacks, though they appear similar. China has already made moves against Tibetan liberation online, so it would not be suprising to see a web attack from the PLA or a government subsidized freelance attack on such orgs.

However I would be more suprised to find out that the PLA was behind the Darfur attacks, as like you said, what would they gain from attacking a foreign nonprofit, even one that opposes the party line?

RE: Rather more likely
By BladeVenom on 3/26/2008 11:29:28 AM , Rating: 5
Another reason the Chinese government is to blame, is because of their ban on porn. Without good wholesome porn to look at a lot of frustrated young men are taking their frustrations out by vandalizing websites and other unwholesome activities.

RE: Rather more likely
By charliee on 3/26/08, Rating: -1
RE: Rather more likely
By therealnickdanger on 3/26/08, Rating: 0
RE: Rather more likely
By ComatoseDelirium on 3/26/08, Rating: 0
RE: Rather more likely
By Lazarus Dark on 3/26/2008 6:44:01 PM , Rating: 1
Okay, dude. I'm about as conservative as they come, but I'd rate you down too. First off, it was a joke. Even Christians should have a sense of humor, I know God does (for crying out loud, have you ever though of how utterly ridiculous sex is?)
Second, how dumb are you? This is surely not the place for scripture. What did you expect?

RE: Rather more likely
By Steve Guilliot on 3/26/2008 9:35:47 PM , Rating: 5
Your bible-fu is so strong, that I can barely resist the urge to convert. Must...not...succumb.


RE: Rather more likely
By eye smite on 3/26/2008 2:46:57 PM , Rating: 4
I'm not going to speculate on who's doing these attacks but I can see some reasons why......

I've stated my historical research on China before, so I'll just ask the question this time. How many millenia has China shown this same behavior over and over again?

RE: Rather more likely
By rotarysports on 3/26/2008 2:53:27 PM , Rating: 4
I'll let you in on a little secret:

Every nation/groups of people shows this behavior. Look at white people in 1600-1900s, the USA to some degree recently although covertly, etc.

What are you 9 ? Don't be so naive.

RE: Rather more likely
By eye smite on 3/27/2008 8:45:09 PM , Rating: 4
Naive? Buddy you're barking up the wrong tree. I've seen what goes on in America, I was born in 1970. I saw KKK marches and the unrest it created. Key difference here, we don't shoot people for demonstrations and protests. The most that happens is they go to jail overnight if they start to become unruly. I realize all too well I was born and live in a country that was founded on militant behavior and war. There's always going to be something in America's history you can cite to counter any argument I present, but the simple fact is, America has never killed hundreds or even thousands dead in the street for protesting the government. And that little fellow is where you're naive.

RE: Rather more likely
By JustTom on 3/26/2008 1:50:47 PM , Rating: 2
While I agree that the Chinese government is probably not explicitly responsible for these attacks on the free Darfur site it is not beyond reasonableness to think so. China is the major foreigner supporter of the Sudanese government and has much to lose if that government is overthrown. China supplies over 90% of the small arms used by the Sudanese army, , and controls 40% of the Sudanese oil industry.

RE: Rather more likely
By Carter642 on 3/26/2008 2:58:28 PM , Rating: 2
I doubt that the Chinese government sent any memo's out suggesting that hackers might want to go after tibet/darfur sites, but I think China's made it pretty clear that they'll just look the other way when it suits their interests.

The more disturbing possibility is that China has realized that there isn't a whole lot that can be done about online attacks such as this. What exactly is anyone going to do about it? Send them an angry letter? Have some famous humanitarian condem thier actions? We've tried that when the world's had proof that they were opressing folks, or killing demonstrators, or tossing dissidents in jail and look how far it got us. Good luck is all I can say.

RE: Rather more likely
By P4blo on 3/27/2008 6:59:30 AM , Rating: 3
Our parent company in Australia got attacked from China last year, no reason ever found. Apparently they're attacking lots of stuff right now, this just seems like a very small extension of that.

What chinese websites does the rest of the world ever access? They just use the Internet to crap on us. We should ban them :)

RE: Rather more likely
By on 3/26/2008 11:03:00 AM , Rating: 3
I think it's quite naive to think that in a police state such as China, anyone could do something like this without, at a minimum, tacit approval from the government.

I think it's far more likely that the Chinese government supports this kind of information suppression in a way that offers plausable denial, if that even becomes necessary.

RE: Rather more likely
By afkrotch on 3/26/2008 11:18:20 AM , Rating: 2
You're talking a group of hackers that can break into other nation's government computers. Who's to say the Chinese government could stop them even if they wanted to?

Shoot we could say the person pulling these attacks works for the Chinese government on net security and is simply doing this to have a good time, without government approval. Easiest way to hide your activities is to be the person who is suppose to investigate these activities.

Too many "what ifs" to be pointing fingers atm.

RE: Rather more likely
By masa77 on 3/26/2008 11:16:19 AM , Rating: 2
I suspect you are correct.

RE: Rather more likely
By Polynikes on 3/26/2008 12:12:26 PM , Rating: 2
...a few young Chinese nationalists, anxious to show their patriotism...

I find it scary that there are such people out there. They blindly accept their government's point of view, and do terrible things in the name of "patriotism."

RE: Rather more likely
By PrinceGaz on 3/26/2008 12:27:54 PM , Rating: 2
Yes it is scary, and it isn't just in China. There are just as many people in Western countries who blindly believe the government's propoganda and do terrible things, like voting the Republicans back into office.

RE: Rather more likely
By Donkeyshins on 3/26/2008 2:12:54 PM , Rating: 2
by Polynikes on March 26, 2008 at 12:12 PM

I find it scary that there are such people out there. They blindly accept their government's point of view, and do terrible things in the name of "patriotism."

Polynikes, meet the neo-Conservatives. Neo-Conservatives, Polynikes.

RE: Rather more likely
By BZDTemp on 3/26/2008 7:50:55 PM , Rating: 1
Try taking a look at who runs the Bush administration!

RE: Rather more likely
By djkrypplephite on 3/26/2008 4:38:35 PM , Rating: 3
You have to remember this is the CHINESE government we're talking about. I mean they jail bloggers.

"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov
Related Articles

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Laptop or Tablet - Which Do You Prefer?
September 20, 2016, 6:32 AM
Update: Samsung Exchange Program Now in Progress
September 20, 2016, 5:30 AM
Smartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki