State hackers spying on us, say Chinese dissidents

[InfoSec News <isn () c4i org>]

Forwarded from: Greg Walton <jamyang () openflows org>

http://technology.scmp.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=SCMP/Printacopy&aid=ZZZ5CRL256D

South China Morning Post
Wednesday, September 18, 2002
DOUG NAIRNE

Overseas-based dissident groups have been bombarded with Internet
virus and hacking attacks from mainland sources in what they say is a
co-ordinated attempt to disrupt their operations and spy on their
computer networks.

The targeted groups are the same ones whose Web sites this month
became inaccessible to mainland users through the Google search
engine, leading some to suggest that the attacks are part of a wider
campaign to crack down on what Beijing views as subversive activity.

The dissident groups say the scale of the attacks goes far beyond what
they have experienced in the past, making it unlikely that it is the
work of amateur Chinese hackers. Some of the attacks have been traced
to China Telecom regional offices in several provinces.

"In some cases we can pinpoint the actual workstation, office, and
street address that the [attack] originated from," said Greg Walton,
an Internet activist who works with Tibetan freedom groups. "If this
is Chinese hackers playing around, then they are Chinese hackers
employed by a state-owned industry operating on the state's time."

The attacks have come in the form of hundreds of e-mails using false
or spoof addresses which appear to come from a friendly source. In
some cases, the e-mails appear to originate from the Tibetan
government-in-exile.

The e-mails contain so-called Trojan horse programs which seek out
files and attempt to e-mail them to an address on the mainland. Other
files open so-called back doors, allowing hackers to take control of
the target computer through its Internet connection.

"It has never been as bad as things have become in recent months," Mr
Walton said.

Bill Dong, a spokesman for Dynamic Internet Technology, a company
providing technical services to Voice of America's Chinese-language
Web site, said the attacks started at the end of April, around the
same time the Minister for Public Security, Jia Chunwang, urged
mainland law enforcers to be more aggressive in fighting hostile
foreign forces subverting China via the Internet.

"We believe the viruses were specially created as an organised massive
attack," he said.

Mr Dong said the viruses were mainly targeting well-known e-mail
addresses for Falun Gong Web sites, banned news sites and technology
sites set up to penetrate the information blockade in China such as
freenet-china.org. They have also been sent to mailing lists and a
wide range of groups Beijing considers subversive, including Chinese
dissidents and Xinjiang independence activists.

The organisations said their security software had so far prevented
any large-scale damage that they know of, but that it was impossible
to tell how many of their computers may have been infected. There are
reports that the virus activity has increased in recent weeks as China
gears up for the 16th Communist Party Congress in November.

Jigme Tsering, a computer manager for the Tibetan government-in-exile
in India, said he had found viruses that tried to collect files from
an infected computer and e-mail them to a computer in Yunnan province.

"Luckily our firewall is blocking it, but I am worried about other
offices without a proper firewall," he said.

Jack Churchward, a system administrator and activist for the East
Turkestan independence movement, said he had seen virus attacks three
or four times a week for the past month using group e-mailing lists.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.