By Rory Cellan-Jones
24 March 08
We know that YouTube has been blocked in China, as the authorities seek
to control what they see as biased Western coverage of events in Tibet,
but there is a wider battle being fought in cyberspace.
Tibet protest groups have been in touch to say they are under attack,
with emails arriving containing attachments that are designed to infect
or take over their computers. These attacks have been going on for
months, but appear to have grown in intensity in recent days. Alison
Reynolds of the International Tibet Support Network told me, "There are
surges of activity which coincide with our busiest campaign periods and
obviously now we are seeing a lot of attacks." She says most members of
the movement know not to open attachments - but some do still get
Maarten van Horenbeeck, a security researcher, works with the Tibet
groups to monitor these attacks, and says he is currently seeing three
times as many as he saw last month. He says the attackers appear to be
interested in emails and word documents stored on the machines they
infect. He describes an attack on one NGO which involved a search for
the keys to the system used to encrypt its emails.
Sometimes the original emails from the attackers appear to contain press
releases from other Tibet campaigners - but when they are opened they
install a trojan, enabling the machine to be controlled remotely. The
security company F-Secure has blogged on the techniques being used by
whoever is responsible and shows how well they craft their attacks.
But is this the work of the Chinese authorities? "Impossible to say,"
according to Martin van Horenbeeck. "Yes, the vast majority of attacks
connect back to servers on CHINANet, a major Chinese network.
However, CHINANet, due to its sheer size hosts many vulnerable machines,
so these are most likely all compromised themselves. In addition, there
have been several samples that connect back to the USA, Taiwan or South
He makes the point that China has thousands of hackers - many of whom
may be hostile to Tibetan groups - so there is plenty of scope for
mischief. And here is what's interesting, and perhaps unique about
China. It is a country which has allowed the web to flourish, while
imposing pretty strict limits on the dissemination of information which
it regards as subversive. So a generation of hackers which in other
countries would be anti-establishment and would use the web to attack
their own government, may be happy to lend the Chinese government a hand
in any cyber-war. Forty years after the cultural revolution saw the Red
Guards take to the streets with their little red books, is a new
generation using the web to similar ends?
A friend who's a British reporter based in China - doing a great job
amidst growing hostility to the Western media - says he winces when he
hears overseas journalists like me trot out "the new cultural
revolution" cliche. But isn't it rather apt here?
Subscribe to InfoSec News