Business Week has followed up their previous story on cyber attacks from China on US military and intelligence agencies and defense contractors with another detailed piece on how similar attacks from China are being directed at Students for a Free Tibet and other Tibet support groups. The piece discusses a specific, targeted attack disguised as an email from a member of the Tibetan independence movement, sent with a hidden virus aimed at damaging SFT’s efforts.
When Conall Watson resigned from the board of directors at activist group Students for a Free Tibet UK in June, 2007, someone—not a friend—was watching on the Web. The 25-year-old British pharmacist, who worked for the free-Tibet movement in his spare time, had sent a mass farewell e-mail mentioning his departure and a change in his e-mail address. “I’m stepping down from the SFT UK organizing group,” part of the message, reviewed by BusinessWeek, reads.
Nine months later, Conall Watson’s name—and parts of that same 2007 sayonara e-mail—returned to haunt the activist organization in the form of a stealthy cyber-attack the group believes was launched from China. On Feb. 19, Students for a Free Tibet Executive Director Lhadon Tethong and other board members found a new message in their in-boxes. The note, addressed from Conall Watson, mentioned that he planned to pass along the résumé of a potential new activist.
“Dear Alex, Ben and all other SFT friends,” the message, also reviewed by BusinessWeek reads. “What a pity I can do little for the Tibetan cause, while I know you are all still fighting bravely for it. Yesterday a Tibetan friend came to my office and asked me to recommend his nephew Rinzen Yeshe to join the SFT UK.… I will email his [résumé] very soon. Best wishes, Conall. p.s. He is a Tibetan friend of mine who I trust, so I trust his nephew.”
An hour later, the résumé arrived. But suspicious SFT UK members called Watson to ask if he had sent the message. He had not. An alert was sent out, say SFT officials, and nobody opened the résumé. How did the unknown attackers learn so much about Conall Watson? “Either the message was intercepted, or it might have been an inside job,” says Watson. SFT UK members have received harassing phone calls in the past, he says. “But the Internet was new.”
These attacks are quite common. I hear regularly from friends in the Tibetan independence movement about new viruses and email attachments that must not be opened. In recent weeks, this has been happening daily. The Business Week piece doesn’t make the conclusion that the attacks are authored by the Chinese government, but it’s clear that the Chinese government is a beneficiary of digital attacks on Tibetan groups in exile. In any case, whoever is sending messages like the one described above has dedicated serious resources to learning about the individual members and activities of Students for a Free Tibet. Separate from any blame being assigned to the source of the attacks, it has simply raised the awareness of the Tibetan independence movement to not trust attachments, even when they know the sender. These attacks don’t work when the recipients are cautious and thoughtful about their e-communications.