Hackers Infect Exiled-Tibetan Government Website With Spyware
August 13, 2013

Hackers Infect Exiled-Tibetan Government Website With Spyware

Peter Suciu for redOrbit.com - Your Universe Online

The Chinese-language website of the Central Tibetan Administration, the Tibetan government-in-exile whose spiritual head is the Dalai Lama, was reportedly hacked and infected with a virus on Tuesday.

Tibet.net, which is located in Dharamshala in northern India, is the official website for the exiled government, and is meant to provide information about the parliament, cabinet, administrative departments and public offices. It is available in English and Tibetan.

However, according to computer security experts at Kaspersky Lab, the site offered more than government information as it had been compromised and was infected with malicious software that could be used to spy on visitors. Evidence obtained by the security firm suggested the same hackers may have carried out previous cyber-attacks on human rights groups throughout Asia.

“We are a prominent target for attacks by Chinese hackers,” Tashi Phuntsok, spokesman for the exiled government, told AFP. “I assume they do it to steal our documents, disable our communication systems or spy on people who visit our sites.”

According to Kaspersky, the CTA site has been under attack from the same group of hackers since 2011, but most breaches have been quickly identified and quietly repaired. Other Tibetan organizations, including the International Campaign for Tibet, have also been targeted by hackers.

In this attack, Kasperky Lab researcher Kurt Baumgartner told the BBC's Joe Miller the hackers used a method known as a “watering-hole attack.” In this type of attack, a security bug in Orcale’s Java software could have been exploited and provided the hackers with a “back door” to the organization’s computers.

“This is the initial foothold," Baumgartner added. “From there they can download arbitrary files and execute them on the system.”

The CTA’s spiritual leader is the 14th Dalai Lama – born Lhamo Dondrub, who had fled Tibet in 1959 after a failed anti-Chinese uprising. Since setting up a government-in-exile, the Dalai Lama has been considered a separatist threat and China claims he incites violence in Tibet. The Dalai Lama has countered his sole focus remains a peaceful campaign for greater autonomy in his homeland.

The official website for the 78-year old spiritual leader (www.dalailama.com) was apparently not comprised and continued to function normally.

It has been reported Beijing’s various security apparatus continues to closely monitor activities among the exiled Tibetan community, and works to identify and thwart dissidents inside the heavily militarized region.

Last fall, security experts at Intego discovered a piece of Mac malware, known as “Dockster,” that used a Java exploit and was reportedly used to target followers of the Dalai Lama. Earlier last year, another piece of malware, known as “Backdoor.OSX.SabPub,” or “SabPub” was found and distributed through Microsoft Office files sent to those who may have had sympathies with Tibet.

Earlier this year, security firm Mandiant released a report on a rash of cyber-attacks against companies in the United States and Europe, and how they were believed to have been launched from China. It was believed a specific brand of the People’s Liberation Army (PLA) called Unit 61398 was responsible for those attacks.