I'm en route to the ONI-Asia meeting in Chiang Mai. I'll be presenting "Year of the Gh0st RAT" - an investigation into cyber-esiponage.

I haven't been blogging here lately, but you can read what I've posted as Asia editor of the Information Warfare Monitor . . .

BusinessWeek has learned the U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks.

I'm speaking at a WAN conference in Paris
next week for journalists covering the Beijing olympics. The title of
my presentation (on cyber espionage) is "Year of the Gh0st RAT"

A Spanish language article about the recent cyber attacks on Tibetan computers:

«Hemos detectado un incremento de un 50 por ciento en los ataques en las últimas dos semanas, y hay pruebas circunstanciales apabullantes de que la mayoría tiene su origen en China», afirma Gregory Walton, investigador de la universidad de Sunderland (Reino Unido) y consultor en temas de seguridad informática. Walton es una de las personas a los que RSF y otros organismos envían los correos sospechosos para su análisis. «Analizando los troyanos, vemos que el servidor de control está ubicado en China y Hong Kong en el 70 por ciento de los caso», explica.
Un troyano es un programa informático maligno que utiliza el correo electrónico para alojarse en un ordenador ajeno sin ser detectado, y permite al ciberpirata espiar su contenido y controlar las funciones (como el Caballo de Troya de la Antigüedad que da origen al nombre). «Estamos hablando de ciberespionaje a gran escala, por lo que es razonable concluir que no se trata del trabajo de piratas amateur», aclara Walton. «Parecen ser grupos de hackers patriotas chinos a los que el Gobierno de Pekín otorga licencias a cambio de que colaboren con las autoridades», cree el experto.

The University of Sunderland posted a blog post about my research:

A C&T [computing & technology] student, who has spent the last nine years using his computing skills to support Tibetan democracy, claims that the freedom fighters are now facing online espionage on an industrial scale.

(9)Hacker worry for Tibetans

NISHIT DHOLABHAI, Dharamsala/New Delhi, March 22
http://www.telegraphindia.com/1080323/jsp/nation/story_9047568.jsp

(10)Chinese hackers and Tibet

Published by Heike at 4:02 pm, March 23 under Nationalism, Tibet
http://www.thedarkvisitor.com/?p=429

(11)Tibet - the cyber wars

Rory Cellan-Jones, 24 Mar 08, 07:42 GMT
http://www.bbc.co.uk/blogs/technology/2008/03/tibet_the_cyber_wars.html

(12)Analysis: Cyberattacks on Tibet groups

UPI Published: March 24, 2008 at 11:51 AM
http://www.upi.com/International_Security/Emerging_Threats/Analysis/2008/03/24/analysis_cyberattacks_on_tibet_groups/9260/

(13) Pro-Tibet groups under virus attack

by Jon Newton (p2pnet.net) Tuesday 25 March 2008
http://www.agoravox.com/article.php3?id_article=7917

(14) China: Beijing Extends Its Offensive to Cyberspace

Tuesday, 25 March 2008, UNPO
http://www.unpo.org/index.php?option=com_content&task=view&id=7924&Itemid=69

(15) Malware writers target pro-Tibet groups

Written by Shaun Nichols in California, vnunet.com, 25 Mar 2008
http://www.vnunet.com/vnunet/news/2212635/malware-writers-aim-pro-tibet

(16) China's Wandering Eye

25.03.2008 Eric Reeves
http://blogs.tnr.com/tnr/blogs/the_plank/archive/2008/03/25/china-s-wandering-eye.aspx
N.B. This article doesn't quote anyone from our group but I have included it because it is an interesting Op Ed.

(17) Malware writers target pro-Tibet groups

Shaun Nichols in California, vnunet.com, 25 Mar 2008
http://www.channelweb.co.uk/vnunet/news/2212635/malware-writers-aim-pro-tibet

(18) Net activists in the firing line / Pro-Tibet groups have been hit by targeted cyber attacks

Bill Thompson Last Updated: Wednesday, 26 March 2008, 10:34 GMT
http://news.bbc.co.uk/1/hi/technology/7314201.stm

(19) Overview of cyber attacks against Tibetan communities

Published: 2008-03-24, Last Updated: 2008-03-24 20:40:40 UTC by Maarten Van Horenbeeck (Version: 1)
http://isc.sans.org/diary.html?storyid=4177&rss

(20) Hackers target pro-Tibetan networks

26/03/2008 08:18:00 - by Comms Day
http://web20.telecomtv.com/pages/?newsid=42879&id=e9381817-0593-417a-8639-c4c53e2a2a10&view=news

(21) Tech talk from Tibet to Terminal 5

Last Modified: 27 Mar 2008, By: Newsroom blogger
http://www.channel4.com/news/articles/science_technology/tech+talk+from+tibet+to+terminal+5/1877147

(22) China Hacks Tibet

March 28, 2008: Tibetan exile groups believe they are being attacked by Chinese Cyber War units.
http://www.strategypage.com/htmw/htiw/articles/20080328.aspx

(23) Guarding the guardians: a story of PGP key ring theft

Published: 2008-03-27, Last Updated: 2008-03-27 17:25:58 UTC by Maarten Van Horenbeeck (Version: 1)
http://isc.sans.org/diary.html?storyid=4207

(24) Mysterious Forces Hack Pro-Tibet, Save Darfur, Falun Gong Sites

Jason Mick - March 26, 2008 10:15 AM
http://www.dailytech.com/Mysterious+Forces+Hack+ProTibet+Save+Darfur+Falun+Gong+Sites/article11240.htm

(25) Cyber-attacks on Tibet Groups

Thu, Mar 27, 2008 The California Report
http://www.californiareport.org/archive/R803270850

Attacks against Tibet supporters computers are ongoing.

I'm briefly quoted in an InformationWeek article today:

. . . But there's no direct proof that anti-Tibetan cyberattacks are being directed by Chinese authorities. "These attacks are sophisticated," said Greg Walton, who provides IT support for Tibetans and researches Chinese computer espionage at the University of Sunderland in the United Kingdom. "We can only speculate where they're coming from. We can say the control servers are based in China. But these servers can just be stepping stones."



Here is a collection of links to related articles today:

Targeted malware attacks against pro-Tibet groups

Posted by lab @ 16:24 GMT Friday, March 21, 2008
http://www.f-secure.com/weblog/archives/00001406.html

Cyber Attacks Target Pro-Tibet Groups

By Brian Krebs washingtonpost.com Staff Writer Friday, March 21, 2008; 6:12 PM EST http://www.washingtonpost.com/wp-dyn/content/article/2008/03/21/AR2008032102605.html

Pro-Tibet Groups Targeted In Cyberspace

By Thomas Claburn, Information Week March 21, 2008
http://www.informationweek.com/story/showArticle.jhtml?articleID=206905235

Cyber attacks against Tibetan communities

Published: 2008-03-21, Last Updated: 2008-03-22 12:26:51 UTC by Maarten Van Horenbeeck (Version: 4)
http://isc.sans.org/diary.html?storyid=4177

Cyber Attacks against Tibetan Communities

Posted to Slashdot by Scuttle Monkey on Saturday March 22, @05:22AM
http://it.slashdot.org/it/08/03/22/0219220.shtml

Cyber attacks target pro-Tibetan groups

By Dan Goodin in San Francisco Published Saturday 22nd March 2008 17:48 GMT
http://www.theregister.co.uk/2008/03/22/pro_tibetan_groups_targeted/print.html

China takes off cyber gloves

Submitted by stiennon on Sat, 03/22/2008 - 2:47pm EST
http://www.networkworld.com/community/node/26226

FBI looks at Chinese role in Darfur site hack

Robert Mc Millan, PC World, Saturday, March 22, 2008; 10:19 AM EST
http://www.washingtonpost.com/wp-dyn/content/article/2008/03/22/AR2008032201128.html

David Murakami-Wood (of the Surveillance Studies Network) and Richard Thomas (the UK's Information Commissioner) have released a report (via BBC):

Fears that the UK would "sleep-walk into a surveillance society" have become a reality, the government's information commissioner has said.

Reuters

ranked the country alongside Russia and China as "endemic surveillance societies".

Following WSIS the U.N. "Internet Governance Forum" in Athens is in progress.

Kieren McCarthy has some coverage here



And a BBC blog is here.

Hacktivismo, an international group of computer security experts and human rights workers, just released Torpark, an anonymous, fully portable Web browser based on Mozilla Firefox. . .

“We live in a time where acquisition technologies are cherry picking and collating every aspect of our online lives,” said Hacktivismo founder Oxblood Ruffin. “Torpark continues Hacktivismo’s commitment to expanding privacy rights on the Internet. And the best thing is, it’s free. No one should have to pay for basic human rights, especially the right of privacy.”

Torpark is being released under the GNU General Public License and is dedicated to the Panchen Lama*.

Five years into President Bush's global war on terror, the management consultants advising al-Qaida deliver their latest report

Faulty signals lead to derailment:

One of China's new trains to Tibet, the world's highest railway, has derailed, disrupting the line for five hours and delaying thousands of passengers. . .trains were running normally five hours later and no one was injured, it said, adding that an equipment failure involved switches and signals.

I've posted a few pieces on Nortel's GSM-R system along the Qinghai-Tibet railway & located a new tele-geography of security that parallels China's Western Development Strategy.

Lobsang Yeshi, takes up the theme; [“The only thing rising faster than China is the hype about China.”] . . :

The most precise location-tracking system GSM-R digital wireless communication network and surveillance system acquired from Canadian Nortel Networks Corp for the railway is believed to be meant for other strategic purposes.

Phayul had an article at the weekend that helps develop this theory:
Sabotage angst along Tibet Railway

Along the entire railway line, the Military Area Commands of the Tibet Autonomous Region (TAR) and Qinghai Province have reportedly deployed a security safety net with a contingent of up to ten thousand soldiers and civilians patrolling day and night. The Head Quarters of Qinghai Armed Police Force has assigned several branches of its force to safeguard the train throughout its journey.

Communication for security forces along the railway has been stepped up so that conversations on walkie-talkie are now possible on long distance. To this effect, China Telecommunication Company and China Railway Communication Company installed adequate communication equipment and communication stations every 6 kilometres along the whole railway line.

The report suggests that Chinese paramilitary forces are directly benefitting from the GSM-R installation along the railway.

I'm very excited by Praxis' soon-to-be published book on Cyberwar, Netwar, and RMA:

The end of the Cold War ushered in a new phase of global security in which new threats and challenges emanate from non-conventional sources, and in which the weapons and means to prosecute war harness new technology. By the mid-1990s terms such as cyberwar and netwar were being used to explain a new way of thinking about war. The intervening years have seen the development of new defence policies, such as the US military Vision for 2020 and the Revolution in Military Affairs, whilst the threat of terrorism has become a painful and sad reality. The period has also seen the development and deployment of a range of new technologies for military operations ranging from new smart mechanisms to deliver weapons to surveillance and communications technologies that can change the very nature of warfare and security. This book attempts to consider this balance between the technologies and policies deployed to respond to terror and the need for human and civil rights.

The editors are Dr Eddie Halpin, Dr Philippa Trevorrow, Professor David Webb & Dr Steve Wright

Wired::

Organizers of a community wireless mesh-network project in Dharamshala, India, say their website was attacked on Thursday, following publication of a Wired News article about their work for Tibetan refugee settlements.

Returned from Dharamsala, India .. ran into Oxblood and others. Xeni Jardin has a series of interesting articles for NPR and Wired:

Across the border from Chinese-occupied Tibet, the tech infrastructure in this high mountain village is a mess. But a former Silicon Valley dot-commer and members of the underground security group Cult of the Dead Cow are working with local Tibetan exiles to change that using recycled hardware, solar power, open-source software and nerd ingenuity. The volunteers are building a low-cost wireless mesh network to provide cheap, reliable data and telephony to community organizations.

[Check out the Air Jaldi summit later this year].

IFEX: Reporters Without Borders has condemned the sudden disappearance on 28 July 2006 of two blogs by leading Tibetan poet Woeser (also known as Oser and, in Chinese, Wei Se). They were shut down by the websites that hosted them - http://www.Tibetcult.net, a Tibetan cultural portal, and http://www.Daqi.com, a local blog platform - presumably on government orders amid a continuing wave of online censorship in China.

Amnesty International released a report about the role of Yahoo!, Microsoft and Google in internet repression in China. (available in PDF here)

I'm in India, a country that has just joined the North Korea-Myanmar-Saudi Arabia-China-Zimbabwe net censorship club:

So, India has finally made it to a select club of nations. So far, we were only part of a wider group where the state could bar internet access. Now we’ve taken entry to the North Korea-Myanmar-Saudi Arabia-China-Zimbabwe club where even blog access is state-determined. There are two things to note here, and the first would have already struck even those who aren’t sure what a blog is: most newspapers have already carried, alongside the censorship reports, detailed pieces on how to use the internet to access the forbidden sites anyway. This isn’t due to a dissident mindset: newspapers solidly part of the establishment have done so. They had to, simply to remain relevant: an elementary query on Google will take you to website after website which tells you exactly how to evade such decrees and the information was on blog after blog within hours of last week’s order.

Y.P. Rajesh in GANGTOK, India (Reuters) - China plans to extend its railway linking Beijing to Tibet to a newly opened border point in India’s northeast [Nathu La] and possibly link it to its east coast, the Chinese envoy to New Delhi said on Friday.

P Stobdan, Posted online: Saturday, July 01, 2006 at 0000 hrs

China’s move to ensure greater connectivity with Tibet and Sikkim raises many questions

P Stobdan, India Express

In July, China would accomplish three major strategic objectives, which will have profound implications in the trans-Himalayan zone. The opening of the

Gulmud—Lhasa railroad,

the new Nyingchi Airport near the tri-junction of Tibet, India and Myanmar and

a land route access to Bay of Bengal through Nathu La, will mark the success of China’s long-drawn political, military and economic strategies to deal with domestic and external challenges.

The Chinese have never hidden the political purpose underlyig the Tibet railway project.

   more »

Interdependence Day seeks

.. to provoke new dialogues about the complexity of our interconnected world through collaboration between researchers, publics, artists, NGO’s and the media. . . How can our affluent society respond to the fact that by 2050 we will need 3 planets to support our lifestyle? OR: How do we avoid going to hell in a shopping basket?

Bhutan's Dept of Info Tech

While the promise of integrating the Dzongkha Unicode system, developed since 1998 at a cost of US$ 523,000, in Microsoft Vista may be out of the window locals have come up with a much cheaper but more advanced software for Dzongkha computing...Developed by the department of information and technology, with initial technical support from Sherubtse College and language support from dzongkha development authority, Dzongkhalinux, with the logo of a penguin draped in a monks robe, is a locally developed version of the free Linux operating system which supports Dzongkha computing for word processing, spreadsheets, presentations, emailing , web browsing and chatting with all the interface commands and menus for the applications in Dzongkha.

The software was developed with assistance from PAN Localisation grant from International Development Research Centre, Ottawa in Canada administered through Centre for Research in Urdu Language Processing, National University of Computer and Emerging Sciences in Pakistan. Developed at a cost of US$ 50,000, it is the most advanced Dzongkha computing software till date according to DIT. And it had the potential to grow further.

Geoffrey York in Friday's Globe and Mail

After nine years of futile discussions with Beijing over human rights, Canadian officials are increasingly dissatisfied and cynical about an annual dialogue that was intended to promote human rights in China, a new report says...In his report, Mr. Burton found that much of the dialogue consists of a prepared script, read by Chinese Foreign Ministry officials and repeated at meetings with other countries. The content of the script is well known in advance and of little interest to either side, he said....

Canadian rights activists agree with many of the concerns in Mr. Burton's report. They are particularly troubled that the dialogue does not include any of the Chinese officials who have responsibility for policies on minority rights. "The discussion is therefore useless and its only purpose appears to be to satisfy domestic concerns in Canada," said Carole Samdup, a program officer at Rights & Democracy, a Canadian-based human-rights organization.She said the event "has simply continued from year to year as a rote exercise, unaccountable and aimless." Chinese authorities seem to use it as a form of bargaining with Canada, using human rights as currency, she said.

see also: China isn't listening

ISN SECURITY WATCH (Monday, 12 June 2006: 11.10 CET) –

Hackers believed to be operating from China have attacked the computer systems at Taiwan's Defense Ministry, DefenseNews.com reported, citing a source from inside the de facto US embassy there.

According to DefenseNews.com, the source - from the American Institute in Taiwan (AIT) - said a hacker had managed to issue an email attachment on 5 June that contained a fake press release purportedly from the Taiwanese military spokesman's office distorting details of a recent bribery scandal.

The source told DefenseNews.com that the attack appeared to be part of a misinformation campaign.

The Taiwanese Defense Ministry said it believed the attack was an attempt by China to manipulate the media in Taiwan into discrediting the ministry, and media outlets were reportedly cautioned against opening any attachments sent from the ministry.

“Our computer was intruded by a virus. That virus sent a news release to the media. Some of the information was incorrect,” DefenseNews.com quoted a ministry source as saying.

(Lloyds List via NewsEdge): Funding for the Galileo satellite navigation system is still on track, according to the European Commission. Responding to press reports that negotiations between the European Union and national governments had stalled over who should pay for the multi-billion-euro project, a senior commission official responded that paying for Galileo “is never going to be as simple as buying a car.” . . .

Amnesty International's Helen Hughes releases a report on China's arms trade.

As long as China continues to allow arms supplies to the perpetrators of gross human rights violations, the international community must redouble its regulation of joint ventures involving military and dual-use technology in China and must strengthen the application of arms embargoes on China such as those imposed by the European Union and the USA.

The Observer :: Blog:

Google's soul-searching reflects a growing dilemma for all companies operating in countries and contexts where human rights are abused.

Some companies are now beginning to realise that to avoid the risk to their reputation of being seen to aid and abet repressive governments, they need to have in place comprehensive human rights policies.

The mistake that companies such as Yahoo!, Google and Microsoft have made is to move into the lucrative Chinese market without understanding or addressing their impacts on human rights.

AP

-- Google co-founder Sergey Brin acknowledged Tuesday that the company compromised its principles by accommodating Chinese censorship demands. He said Google is wrestling to make the deal work before deciding whether to reverse course.

see also P2P newsround

"In order to become a genuine superpower, economy and military is not enough. China needs democracy, the rule of law, freedom of speech and the media," Tibet's exiled religious leader told members of the European Parliament's Foreign Affairs Committee.

Civic Minded's Rolf Kleef:

Amnesty International started their "Irrepresible.Info" campaign, including a call to help circumvent censorship and filtering by adding controversial content to your own website or blog. You might then want to add your blog to the CiviBlog aggregator, an initiative of the CitizenLab in Toronto, Canada. It includes a concise handbook for bloggers and cyber-dissidents from Reporters Sans Frontiers, with tips and resources on for instance anonymous blogging.

Kleef goes on to compare Irrepresible.Info with the work of contrast.org in The Netherlands a decade ago. He reflects on the Internet's DNA:

The genes of the internet are encoded with a will to get the data from the sender to the receiver, regardless of barriers. Nature or nurture, will it be possible to "tame" the Net, or have we devised a technology to allign with our own desire to freely communicate with each other?

Aaron Glantz, OneWorld US:

- Executives at Yahoo's annual shareholders meeting Thursday turned down a request from the human rights group Amnesty International, which is demanding the world's most visited Web site stop censoring the Internet and referring dissidents to the Chinese government.

Amnesty is celebrating 45 years of activism by highlighting governments using the net to suppress dissent./.

An anonymous reader writes "Amnesty International has a new online campaign against governments which censor websites, monitor online communications, and persecute citizens who express dissent in blogs, emails, or chat-rooms. The website, Irrepressible.info contains a web-based petition (to be presented at a UN conference in November 2006) and also a downloadable web gadget which displays random excerpts of censored material on your own website."

Professor Deibert on the role of ONI in the campaign. The Observer is another partner in the campaign - just as the newspaper was 45 years ago . . .   more »