Monday, March 24, 2008

Similar Tactics Used to Attack Darfor and Tibet Support Groups

Several organizations have recently reported similar attacks against their computer systems. Organizations such as Save Darfur Coalition, the AFP and members of a pro-Tibetan mailing list have all been the victims of email infected attacks using similar methods.

Once again, China is most often named as the source.

F-Secure's weblog "News from the Lab" has a posting which details the specifics of the pro-Tibeten attacks with screen shots of the email message and details of the attached malicious code.

Perhaps most informative, the Washington Post ran an article with some specific details of malicious software that attempts to capture users encryption keys once a system is compromised:

"The specificity of information sought in the targeted attacks also suggests the attackers are searching for intelligence that might be useful or valuable to a group that wants to keep tabs on human rights groups, said Nathan Dorjee, a graduate student who provides technology support to Students for a Free Tibet.

"Dorjee said one recent e-mail attack targeted at the group's members included a virus designed to search victim's computers for encryption keys used to mask online communications. The attackers in this case were searching for PGP keys, a specific technology that group members routinely use to prevent outsiders or eavesdroppers from reading any intercepted messages.

"Dorjee said the attacks have been unsettling but ineffective, as the Students for a Free Tibet network mostly operates on more secure platforms, such as Apple computers and machines powered by open source operating systems."

Targeted Malware Attacks against pro-Tibet Groups

FBI Suspects Chinese Hackers Damaged Darfur Site

Cyber Attacks Target Pro-Tibet Groups

No comments: