Visitors To Dalai Lama's Website At Risk: Chinese Site Hacked

We often stress the importance of guarding your cheap hosting site against hackers, but at the end of the day, your best layer of security is no match for a malicious hacker.
 
WEST VANCOUVER, British Columbia - Aug. 21, 2013 - PRLog -- Even the Dalai Lama has fallen victim. An expert claims the viruses infecting the visitors to this site were put there in order to keep an eye on human rights activists that frequent the site.

Kurt Baumgartner, Kaspersky Lab researcher, issued a warning for Internet users: stay away from the Chinese-language website of the Central Tibetan Administration (CTA) until they can eliminate all viruses.

The Attack

Baumgartner analyzed data gathered during the attack and he believes these same hackers were responsible for prior security breaches on CTA's website, as well as other attacks on cheap hosting human rights sites based in Asia.

These prior attacks relied on a technique called "water holing," a two-stage breach where hackers infect a site with a virus that installs malicious software on the computers of visitors to that site, giving hackers unauthorized access to their computers. In this case, activists are being targeted.

The Victim

The Dalai Lama is who the Beijing government considers a violent separatist after fleeing China in 1959 in an effort to escape Chinese rule in the midst of an uprising. Chinese media portrays him as evil, but the Dalai Lama claims to be seeking more freedom for his people. The US-based office of Tibet based in NY has not commented on the subject.

The Chinese-language site is the official site of Dalai Lama's government, and has been the victim of attacks since 2011 by the very same hackers. You may not have heard about these attacks and that's because they were dealt with swiftly and silently before becoming media fodder.

Who's Responsible?

It isn't clear who is out to get the Dalai Lama. Baumgartner said, "They have been trying repeatedly to find vulnerabilities in the site." Only the Chinese version of the site is affected. Visitors to the English and Tibetan sites are completely safe.

Baumgartner believes this group of hackers is responsible for all of the hacks, and their viruses affect both Microsoft and Apple operating systems. They rely on security bugs in Java software, which gives them backdoor access to take control of a user's computer. "This is the initial foothold. From there they can download arbitrary files and execute them on the system," he said.

Will Gragido, researcher with EMC Corp and expert on water holing, said this attack looks like something called an APT, or advanced persistent threat. APTs are usually launched in a tainted email, but can also be performed through water holes. Why, exactly, do they call it a water hole? Because lions head to water holes in order to stalk their prey much more easily than hunting them in the thick, dense jungle.

Other Attacks

Last year, AlienVault Labs uncovered attacks on the CTA and also the International Campaign for Tibet. They were crafted by a Chinese APT group who were also responsible for other attacks called the "Nitro" attacks, caught by Symantec Corp in 2011.

Numerous human rights groups involving China were affected by denial of service attacks, controlling their emails and websites during the period between 2010 and 2011. Each one of them is attributed to China.

What are your thoughts on this issue?

read more on http://www.ananova.com
End
Source: » Follow
Email:***@ananova.com Email Verified
Tags:Hackers, Security, IT, It Law
Industry:Technology, Internet
Location:West Vancouver - British Columbia - Canada
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
Ananova PRs
Trending News
Most Viewed
Top Daily News



Like PRLog?
9K2K1K
Click to Share