The next level of Chinese virus attacks
I woke up today to find an email in my inbox which looked like it was from an SFT UK member (I’ll call him “C”). It was sent to the SFT UK Board and copied to me. In the email C said he felt badly that he hadn’t been more involved since stepping down from the board a while back (true information) but his work was keeping him busy (work was correctly identified). C said a good Tibetan friend of his had come to him recently and asked him to recommend his young Tibetan nephew “Rinzen” to the SFT UK Board. He said he would be forwarding Rinzen’s CV shortly and ended the email with this:
“p.s. He is a Tibetan friend of mine who I trust, so I trust his nephew.”
About 45 minutes later another message came from C with the nephew’s “CV” attached. Smelling something fishy, SFT UK folks called C and, sure enough, he confirmed that the email was not from him. The alarm was sounded and nobody opened the attachment.
Attacks like these, on people in the Tibet support world, have been going on for a long time now and are regularly traced back to China itself. But this email is different from all the rest in a few ways:
1) The sender knew a lot of personal information about our friend - creepy.
2) It addressed the “trust” issue directly - pretty sneaky.
3) It didn’t send the attachment immediately and instead broke the attack up into two parts with the first designed to gain our trust giving us all a “heads up” to expect an attachment thus making it more likely we’d open it - nice try!
It is clear that we are receiving an increased level of “attention” from Beijing and our Chinese hacker friends. This is because our work is effective and is making them look bad all over the world. And while this kind of attack is mostly just an irritant for those of us working for Tibet, one doesn’t have to look very far to see that Chinese geeks (fully funded and supported by the Chinese government) are getting better and better at what they do and actually pose a serious threat to the free world. See how they even put viruses in digital frames made in China and how they attack foreign governments and corporations.
Remind me again why China gets away with this stuff?
Posted: February 19th, 2008 under News.
translate:
Comments: 9
Comments
Comment from jampa
Time: February 20, 2008, 12:15 am
TIME: Enemies at the Firewal
“A current wave of hacking attacks seems to be aimed mainly at collecting information and probing defenses, but in a real cyberwar, a successful attack would target computer-dependent infrastructure.”
I don’t think it would take much of a second for them to decrypt your encrypted information since they are the Notorious “NCPH” who shits worms out of their infested mind plugged in by the Chinese Government.
Use of external backup device such as flashdrive, external harddrive that is plugged in only during the time when its being used. CES 2008 item like “flash drive internet security” are also great tools to protect your resourceful information.
Comment from aqua
Time: February 22, 2008, 10:35 am
Dear Lhadon,
Can you remind me why you are sure these two e-mails come from China or a Chinese source? Can you give evidence for that? Are you making assumptions? I will join your condemnation of the “Chinese hackers” if I am convinced of your allegation that Chinese hackers did this. I understand that being one of the Tibetan support group, fighting the Chinese regime full-time, you are emotionally inclined toward believing all these sabotage behaviors are from China. But when you want to appeal to the real world, please use your reasons, not your gut.
Comment from Spyral
Time: February 22, 2008, 11:40 am
You get spammed by anti-SFT hackers. I get spammed by Epoch Times fanatics. Nothing new on either front.
Get a Mac or use some version of Linux and you’ll greatly decrease your vulnerability anyway.
Comment from Rich
Time: February 24, 2008, 1:01 pm
@aqua: I have been receiving similar attacks and I can tell you that the compromised host sending them was not in China, but that the included trojan is configured to connect back to an ip address in China to wait for commands. Interpret this as you like.
@Spyral: Actually it is something newsworthy. This is a new social engineering threat that’s more sophisticated than similar past attacks and it’s quite pragmatic to warn people about it. And by the way, if “Epoch Times fanatics” (why do you call them this? do you have evidence that they work for Epoch Times?) have motive to attack you maybe you should ask yourself why that is… Do you work for the Chinese government?
Comment from Aqua
Time: February 26, 2008, 2:32 am
got here through Thupten’s blog. I am surprised to see that a person calling him/herself ‘aqua’ has posted a comment here. I would like to ask this aqua to hyperlink an email id or webpage first.
Coming to Lhadon’s post, I am fully with you on this. It is disturbing and worrisome that attacks like this are happening. China gets away with genocide and mass massacre…this is nothing!
I have noticed that whenever I post about Tibet on my blog, I immediately get hits and visits from China (most govt IPs) and HK. I found this disturbing initially but didn’t post about it lest people thought I was being paranoid. After thinking it through I was glad that ppl in China were watching my blog. At least they will know that voices of protest cannot be silenced and where there is injustice and oppression, there will be others whowill find ways to speak up.
Comment from aqua
Time: February 26, 2008, 2:31 pm
Dear Aqua,
I prefer not to disclose my e-mail address and website URL. I hope you can understand that this is my right. I didn’t replicate your name on purpose. If it’s inconvenient for you, I can switch to other nicknames in the future.
Comment from H20
Time: February 27, 2008, 10:30 am
@Rich. Thanks. Now if what you said is true, I am more convinced that those trojans are from China. But it’s not conclusive, as you yourself can presumably see too.
As for why spyral might think those spams come from “Epoch Times Fanatics”, I have received that kind of spams too - they usually contain contents explicitly about Falun Gong. That’s the reason. But I know this is off-topic. You may or may not reply to me.
Comment from H20
Time: February 27, 2008, 10:32 am
As a matter of fact, if you ask people in China, most of them have received Falun Gong / Epoch Times spam e-mails. This is not about fine targeting a few individuals on the “black list”, it is about massive spamming, which is different from the type of trojan attacks you and Lhadon have been getting. But this is off-topic.
Comment from KingJames
Time: March 2, 2008, 12:02 pm
I am not surprised, because of the shit coming out from you mouth. Too bad, I don’t know how to hack a computer, or I will destroy your computer. Too bad, I am not living in the same city as you do, or I will hunt you down. Too bad, I am not an assassin, or I will KILL you.
Please stop looking like an ugly bitch, and sounding like a moron. We have enough things to deal with in today’s world.
Write a comment