More on Cyber Attacks from China

Business Week has followed up their previous story on cyber attacks from China on US military and intelligence agencies and defense contractors with another detailed piece on how similar attacks from China are being directed at Students for a Free Tibet and other Tibet support groups. The piece discusses a specific, targeted attack disguised as an email from a member of the Tibetan independence movement, sent with a hidden virus aimed at damaging SFT’s efforts.

When Conall Watson resigned from the board of directors at activist group Students for a Free Tibet UK in June, 2007, someone—not a friend—was watching on the Web. The 25-year-old British pharmacist, who worked for the free-Tibet movement in his spare time, had sent a mass farewell e-mail mentioning his departure and a change in his e-mail address. “I’m stepping down from the SFT UK organizing group,” part of the message, reviewed by BusinessWeek, reads.

Nine months later, Conall Watson’s name—and parts of that same 2007 sayonara e-mail—returned to haunt the activist organization in the form of a stealthy cyber-attack the group believes was launched from China. On Feb. 19, Students for a Free Tibet Executive Director Lhadon Tethong and other board members found a new message in their in-boxes. The note, addressed from Conall Watson, mentioned that he planned to pass along the résumé of a potential new activist.

“Dear Alex, Ben and all other SFT friends,” the message, also reviewed by BusinessWeek reads. “What a pity I can do little for the Tibetan cause, while I know you are all still fighting bravely for it. Yesterday a Tibetan friend came to my office and asked me to recommend his nephew Rinzen Yeshe to join the SFT UK.… I will email his [résumé] very soon. Best wishes, Conall. p.s. He is a Tibetan friend of mine who I trust, so I trust his nephew.”

An hour later, the résumé arrived. But suspicious SFT UK members called Watson to ask if he had sent the message. He had not. An alert was sent out, say SFT officials, and nobody opened the résumé. How did the unknown attackers learn so much about Conall Watson? “Either the message was intercepted, or it might have been an inside job,” says Watson. SFT UK members have received harassing phone calls in the past, he says. “But the Internet was new.”

These attacks are quite common. I hear regularly from friends in the Tibetan independence movement about new viruses and email attachments that must not be opened. In recent weeks, this has been happening daily. The Business Week piece doesn’t make the conclusion that the attacks are authored by the Chinese government, but it’s clear that the Chinese government is a beneficiary of digital attacks on Tibetan groups in exile. In any case, whoever is sending messages like the one described above has dedicated serious resources to learning about the individual members and activities of Students for a Free Tibet. Separate from any blame being assigned to the source of the attacks, it has simply raised the awareness of the Tibetan independence movement to not trust attachments, even when they know the sender. These attacks don’t work when the recipients are cautious and thoughtful about their e-communications.

Cyber Attacks From China

Business Week has an in-depth, cover article on cyber attacks originating from China on top US defense contractors and military and intelligence agencies in the American government. Tibetan support groups like Students for a Free Tibet also receive frequent cyber attacks.

Peng’s 3322.org and sister sites have become a source of concern to the U.S. government and private firms. Cyber security firm Team Cymru sent a confidential report, reviewed by BusinessWeek, to clients on Mar. 7 that illustrates how 3322.org has enabled many recent attacks. In early March, the report says, Team Cymru received “a spoofed e-mail message from a U.S. military entity, and the PowerPoint attachment had a malware widget embedded in it.” The e-mail was a spear-phish. The computer that controlled the malicious code in the PowerPoint? Cybersyndrome.3322.org—the same China-registered computer in the attempted attack on Booz Allen. Although the cybersyndrome Internet address may not be located in China, the top five computers communicating directly with it were—and four were registered with a large state-owned Internet service provider, according to the report.

A person familiar with Team Cymru’s research says the company has 10,710 distinct malware samples that communicate to masters registered through 3322.org. Other groups reporting attacks from computers hosted by 3322.org include activist group Students for a Free Tibet, the European Parliament, and U.S. Bancorp (USB), according to security reports. Team Cymru declined to comment. The U.S. government has pinpointed Peng’s services as a problem, too. In a Nov. 28, 2007, confidential report from Homeland Security’s U.S. CERT obtained by BusinessWeek,

“Cyber Incidents Suspected of Impacting Private Sector Networks,” the federal cyber watchdog warned U.S. corporate information technology staff to update security software to block Internet traffic from a dozen Web addresses after spear-phishing attacks. “The level of sophistication and scope of these cyber security incidents indicates they are coordinated and targeted at private-sector systems,” says the report. Among the sites named: Peng’s 3322.org, as well as his 8800.org, 9966.org, and 8866.org. Homeland Security and U.S. CERT declined to discuss the report.

It’s hard to say whether the Chinese government is organizing these attacks themselves, or if they’re done by intrepid nationalistic Chinese hackers. But one source in the Business Week piece cites the People’s Liberation Army – China’s military – as having “”tens of thousands” of trainees launching attacks on U.S. computer networks.”

The attacks SFT, defense contractors, and the US government get are real. They seek to intimidate, threaten, and disable the targets of the attacks. When the target is a Tibet support group like SFT, the goal is to globalize the oppression found inside Tibet. When the attack is on governmental agencies and defense contractors, the goal may be something with far more deadly repercussions. In both cases this is a serious problem that needs to be addressed. If the Chinese government is organizing or funding these attacks, that should be a matter of international diplomatic debate. If they are done by private citizens, the Chinese government has an obligation to stop the source of the attacks. As there is massive censorship and tens of thousands of full-time Chinese government internet monitors, the continued propagation of attacks, even if done by private citizens, must be assumed to be taking place with at least the tacit approval of the Chinese government.

FBI: Joe Cried Wolf

The FBI has closed its investigation into the election day blackout of Joe Lieberman’s campaign website. Their finding? That its shutdown was the Lieberman campaign’s fault and no one elses. Not bloggers. Not the Lamont campaign. Not a stray cigarette but cast down from the lips of Tim Tagaris.

The FBI office in New Haven found no evidence supporting the Lieberman campaign’s allegations that supporters of primary challenger Ned Lamont of Greenwich were to blame for the Web site crash.

Lieberman, who was fighting for his political life against the anti- Iraq war candidate Lamont, implied that joe2006.com was hacked by Lamont supporters.

“The server that hosted the joe2006.com Web site failed because it was overutilized and misconfigured. There was no evidence of (an) attack,” according to the e-mail.

Of course, this is what the Lamont campaign, experts at Blue State Digital, and bloggers around the country said when joe2006.com went down. Lamont’s campaign immediately offered to host Lieberman’s site on their own servers to ensure parity in the closing hours of the election. Instead of realizing their own incompetence cost them at a critical time and taking the offered help, the Lieberman campaign went into rabid attack mode, blaming pretty much anyone who had ever typed the words “Ned Lamont” into a search engine as the culprits for the site crash.

I would say that I hope Ned Lamont, his campaign, and the bloggers that were slander by Joe Lieberman in August 2006 feel vindicated today. But there is nothing satisfying about being proven right when it just doesn’t change the final outcome of the 2006 Connecticut primary.

Update:

Here’s what Tim Tagaris says in response to this to TPM Election Central:

“The sad thing is, Lieberman himself repeated the charge all day in an attempt to discredit his opponents,” Tagaris instant messages to me. “It was broadcast on every cable news channel, and papers from The New York Times to the Hartford Courant wrote about it.”

“And he got away with it — who cares what’s reported today,” Tagaris continues. “He won the election based on a pattern of lies loudly repeated and dutifully stenographed.”

“Now maybe someone will run an investigation into Joe Lieberman’s repeated claim that no one wants to end the war more than he does,” Tagaris concludes.

To my knowledge, none of these outlets have ran retraction stories on their reporting at any point since primary day 2006. Perhaps now that the FBI has had the final word, we will begin to see these publications correct their past mistakes.

Microtrends Fail

microtrends fail

I was shocked to discover that Mark Penn’s book Microtrends has its own Facebook application. Here’s what it does:

One percent of the nation can make or break a business, tip an election, or start a social movement. Which 1% Are You? Take the Microtrends quiz to find out and compare results with friends. You’ll be automatically entered to win a $50 Amazon gift certificate.

A new winner is picked every month and contacted via their Facebook email. To qualify, please complete the quiz and be sure to keep the Microtrends application installed, as we can only contact active users. For complete details, please see the Microtrends Facebook Sweepstakes Official Rules.

So basically, famed consultant Mark Penn has created a Facebook application that does pretty much the same sort of inane polling as the Gigolo-Meter, only now there’s a gift certificate to win.

I was less shocked to discover that Microtrends only has eleven fans (and only 3 regular application users). Had I thought about for more than 2 seconds before checking out who they were, I probably could have predicted that at least 4 out of the 11 fans were Burson-Marsteller employees.

As the kids on the internet would say, You’re Doing It Wrong!

This is likely an example of where a social networking consultant went way wrong and predicted that there would be value in something that there clearly is not. Time was spent developing an application and if the people building it were anything like Mark Penn, they billed an obscene amount of money for what is effectively an inappropriate and ineffective product.

One of the worst trends in online political organizing is for campaigns or organizations to feel compelled to create their own internal social networking platform. These platforms almost universally tend to do poorly what Facebook and MySpace do quite well, at a tremendous cost to the client (while obviously the existing, successful social networking platforms are free). But I think there’s an equally bad trend emerging in social network weaving efforts which is demonstrated here by Microtrends. Not everyone needs a Facebook application. Some things just don’t have to be replicated in Facebook. Often times, like here, what is produced is either shoddy or lame, and thus unpopular. Since the whole point of doing things on social networks is to gain popularity and connect people to your work, I think it’s safe to say that Microtrends presence on Facebook is a failure.

“Yahoo and MSN helping to root out Tibetan rioters”

Yahoo! China helps crack down on Tibetans

The Observers, a publication of France 24 TV, has documented Yahoo! China and MSN posting banner ads and prominent photos of Tibetans the Chinese government have identified as “most wanted” in connection to recent protests inside Tibet.

Yahoo! China pasted a “most wanted” poster across its homepage today in aid of the police’s witch-hunt for 24 Tibetans accused of taking part in the recent riots. MSN China made the same move, although it didn’t go as far as publishing the list on its homepage.

The “most wanted” poster has been published on several Chinese portals like Sina.com and news.qq.com. It reads “The Chinese police have issued a warrant for the arrest of suspected rioters in Tibet” and provides a phone number for informants to use in total anonymity. Along with the text are photos of Tibetans taken during the riots. Of the 24 on the list, two have already been caught.

Yahoo Inc was quick to contact The Observers and say that they did not post any pictures of wanted Tibetans. Of course, they don’t deny that Yahoo! China, their subsidiary, did – and nowhere in The Observers’ report do they say that Yahoo Inc was the perpetrator.

Yahoo and MSN have a long and troubled history when it comes to respecting human rights in China. Both outlets, though Yahoo more prominently, have handed over private user data and emails to help China persecute cyber dissidents. Yahoo has given managerial control of Yahoo! China to Alibaba, a Chinese internet company, who evidently has far lower consideration for human rights and privacy than an American company like Yahoo! But the key distinction is that in a situation where Yahoo Inc could have had strong protections for Chinese users and high standards for content created in China, they refused the power in lieu of a set up that allows the Chinese government to use Yahoo! China as an extension of their police state.

A couple of years ago there was a hearing in the House of Representatives, lead by Tom Lantos and Chris Smith, into the business practices of American internet technology companies in repressive countries like China. They and other members of Congress harshly criticized the partnership between companies like Yahoo, Google, Microsoft, and Cisco with governments like China. The basic premise was that American companies should not do things in other countries that they wouldn’t do here in the US. As a result, the Global Online Freedom Act of 2006 was authored, and reintroduced in 2007, though it has never become law.

Congressman Lantos put it well at the time, “When I hear these companies say they have changed China, I think that China has changed them—for the worse.” Reading Yahoo! Inc’s pathetic self-defense to The Observers’ reporting makes me think that Lantos was entirely correct. The best Yahoo! Inc can offer is a soft defense that there is a wall separating them from control over who acts in their name. What Yahoo do not offer is that their Chinese edition will cease to help the Chinese government find people who seek independence from China (be they Tibetan or Uighur), Han Chinese dissidents who seek democracy and the rule of law, or practitioners of the Falun Gong who want religious freedom.

It saddens me that Congressman Lantos is not alive today, because I know that he would have met the flailing self-defense of Yahoo! Inc’s complicity in China’s hunt for Tibetans who stood up for their human right of self-determination with a condemnation of unquestionable moral clarity.

More on the Anti-Tibet Cyber Attacks

For those of you who found the recent BBC and Washington Post articles about Chinese cyber attacks on Tibetan support groups interesting, I recommend this post by Allan Benamer of the Non-Profit Tech Blog. It’s a somewhat more technical look at what these attacks consist of, how they’ve been designed to allude detection, and what people can do to protect themselves from these highly customized virus attacks. The post includes email interviews with Nathan Dorjee of Students for a Free Tibet and SFT’s IT security advisor, Maarten Van Horenbeeck. I highly recommend it, particularly if you’re a technologist.

Someone Finally Said It

The Editors on the energy crisis and global warming:

People, listen: reducing the concentration of CO2 in the atmosphere?  Obtaining all the energy we need directly from sunlight?  These are the kinds of insurmountable engineering challenges overcome every day by plants.  Plants.  And not just those clever trees or those cunning shrubberies, mind you – single-celled algae-type bullshit figured out workable solutions to these questions 3.4 billion years ago.  Call me speciesist (kingdomist?), but I’ve never found the flora to be particularly deep thinkers.  I suspect we can probably do a well if not better, but we might have to cease our incessant whining and excuse-making for a while.  Oh, and stop spending billions of dollars a week so that Friends of Dubya don’t have to admit that they fucked the dog.

Somewhere in this argument, a creationist is outraged.

Verizon’s Selective Regard for Customer Privacy

There’s been a number of stories recently about the potential for telecom companies to begin filtering all internet content to search for copyright violations, a move that would assist the entertainment industry police digital piracy. Early indication was that AT&T and others would also be filtering content for illegal or immoral material. In short, it’s a horrible idea that involves a complete invasion of privacy by telecom companies.

Thomas Mennecke of Slyck and Brad Reed of Network World had a good piece on the story when it broke. Joel Johnson of BoingBoing Gadgets took a shot at AT&T when he found out about this too.

Apparently, though, not all the big telecoms are going to go along for the ride. In an interview with the New York Times‘ Saul Hansell, Verizon VP Thomas Tauke says his company doesn’t want to participate in this kind of internet filtering, for a variety of self-interested and other reasons. One that caused me to raise my eyebrow throw the ceiling and quickly up six floors to the roof of my building: customer privacy.

“Anything we do has to balance the need of copyright protection with the desire of customers for privacy.”

This is the same company that turned over millions of its customers private records to the NSA. Recall the USA Today broke the story of this database in spring 2006.

The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.

The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans — most of whom aren’t suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews.

“It’s the largest database ever assembled in the world,” said one person, who, like the others who agreed to talk about the NSA’s activities, declined to be identified by name or affiliation. The agency’s goal is “to create a database of every call ever made” within the nation’s borders, this person added.

For the customers of these companies, it means that the government has detailed records of calls they made — across town or across the country — to family members, co-workers, business contacts and others.

At the time the story broke, Verizon offered no comment beyond they follow the law and try to protect customer privacy. They are now facing an unknown number of civil cases, presumably for this and other violations of customer privacy and eavesdropping laws. Not all telecom companies complied with

Verizon’s sentiment on this matter is certainly correct. I don’t think we want any of the big telecoms filtering the internet in an effort to track down copyrighted, illegal, or immoral content. But it’s a fantasy to think Verizon has a genuine regard for their customers’ privacy. They’ve disregarded privacy concerns at the behest of the Bush administration, without proper court order for years. They’ve lobbied the Senate heavily to try to secure retroactive immunity for their law breaking and pumped hundreds of thousands of dollars into campaign war chests this cycle.

While I welcome Verizon’s new desire to ensure customer privacy, I have to presume that it is their desire to avoid incurring costs for liability for copyright violations that motivates them here. Draping themselves in the concern for privacy is disingenuous at best and a slap in the face of anyone who has watched them partner with the Bush administration to violate the rights and liberties of Americans over the last seven years.

(Hat tip to Brett Schenker for alerting me to the story)

Update:

Martin Bosworth at Scholars & Rogues has more thoughts on Verizon’s new-found regard for customer privacy. He’s been writing a lot about the AT&T filtering the internet story and is a very good resource for people who want more information about this.

Mike Connery on Facebook Causes Giving Challenge

Youth vote and tech guru Mike Connery has posted his own post mortem on the Facebook Causes Giving Challenge at techPresident (and his own blog, Future Majority). I agree with Connery’s conclusion:

Most pertinent to youth organizers, this contest and any future iterations provides a model for organizational development that can at least begin overcome one of the most significant hurdles to sustainable youth organizing – building a donor base out of a young membership with huge amounts of disposable income, but very little willingness to spend it on political/activist causes. Very impressive all around, and certainly something to watch in the future.