NYT: Chinese Cyberattacks Target Media Ahead Of Anniversary

rlsrls08

Chinese Cyberattacks Target Media Ahead Of Anniversary

By REUTERS
Published: September 22, 2009

Filed at 5:08 a.m. ET

BEIJING (Reuters) - Foreign media in China have been targeted by emails laden with malicious computer software in attacks that appear to be tied to the run-up to the National Day military parade on October 1.

While spam and viral attacks are not uncommon, the latest wave is part of a pattern of increasingly sophisticated emails tailored to tempt foreign reporters, rights activists and other targets to open infected attachments.

On Oct 1, the Communist Party is celebrating 60 years of rule over mainland China with a military parade. Beijing has tightened security ahead of the anniversary, with armed paramilitary troops at subway exits during rehearsals and neighborhood residents recruited to watch over the streets.

"There is definitely a pattern of virus attacks in the run-up to important dates on the Chinese political calendar," said Nicholas Bequelin of Human Rights Watch
in Hong Kong. He noted that non-government organizations are also favorite targets.

"Whether the government is behind it, closes its eyes to it, supports it or has nothing to with it is unclear. There are also patriotic hackers, so there is no way to know for sure who is behind it."

While poor English used to be a giveaway, new techniques include mimicking a known and trusted sender, or resending legitimate emails from activist organizations with a fake, malware-laden attachment.

The impersonating emails require more effort by the mystery senders but they are also more likely to be opened than easily identifiable, anonymous spam.

Chinese employees working for foreign news organizations in Beijing and Shanghai got identical emails on Monday, each with an attachment carrying malware meant to exploit Adobe Acrobat software, a common application used to read PDF files.

The email, which appeared to be from an economics editor named Pam Bouron, was a polite request for help lining up interviews during an upcoming visit to Beijing. It was tailored so that "Pam" appeared to work for each news organization.

The clue was that Reuters does not have an economics editor named Pam Bouron. Others who received the "Pam Bouron" email include the Straits Times, Dow Jones, Agence France Presse, and Italian news agency Ansa.

Similar emails carrying viruses, also attacking foreign news agencies and non-government organizations, were common ahead of the Beijing Olympic Games last year. In March this year, researchers at Infowar Monitor in Canada found widespread cyber-infiltration of the Tibetan government in exile.

The "Pam Bouron" emails on Monday targeted Chinese news assistants, whose names often do not appear on news reports and who must be hired through an agency that reports to the Foreign Ministry.

They were followed by two suspicious emails on Tuesday morning received by many foreign reporters in Beijing. (Editing by Jan Dahinten)

http://www.nytimes.com/reuters/2009/09/22/world/international-us-china-cyberattack.html?_r=1

rlsrls08

纽约时报采用了美联社的稿子，讲国庆前中国黑客准备对驻中国的外国媒体发动攻击

rlsrls08

Chinese hackers target media in anniversary run-up

News organisations, NGOs hit by trojan attacks

By John Leyden • Get more from this author

Posted in Spyware, 22nd September 2009 11:40 GMT

Chinese workers in foreign media outlets within China are in the firing line of a new wave of malware-laden emails.

The timing of the emails, in the run-up to the 60th anniversary of the Communist Party's rise to power in mainland China on 1 October, has sparked dark accusations (supported by circumstantial evidence) that the Chinese government might be behind the attacks.


Human rights groups are also getting targeted in the latest wave of cyber-attacks, which are far from unprecedented.

"There is definitely a pattern of virus attacks in the run-up to important dates on the Chinese political calendar," Nicholas Bequelin of Human Rights Watch in Hong Kong told Reuters.

"Whether the government is behind it, closes its eyes to it, supports it or has nothing to with it is unclear. There are also patriotic hackers, so there is no way to know for sure who is behind it."

The latest wave of attacks involves the forwarding of kosher emails from activist organisations together with a fake malware-ridden attachment. The tactic gets around earlier tell-tale signs of malicious emails, such as poor spelling. In addition, email addresses are spoofed to disguise their true origin.

Reuters reports that Chinese workers at foreign news organisations across China received identical emails on Monday, each containing an attachment designed to exploit a recently-patched flaw in Adobe Acrobat. Flaws in Adobe's software applications are becoming a favourite in targeted attacks, second only to Microsoft Office-themed assaults.

The tainted emails posed as a request by a fictitious economics editor called Pam Bouron to line-up interviews in advance of a supposed visit to Beijing. The messages were tailored so that Bouron appeared to work for each of the targeted news outlets: Reuters, the Straits Times, Dow Jones, AFP, and Italian news agency Ansa.

The "Pam Bouron" emails targeted Chinese workers whose names were not typically included in news reports. These workers are hired through an agency which reports to the Chinese Foreign Ministry, a fact seized on by some as circumstantial evidence of possible Chinese government involvement in the ruse.

Many foreign reporters in Beijing and Shanghai received malware-laden emails shortly after the initial attack.

Trojan tainted emails were also sent to foreign news agencies and non-government organisations in the run-up to last year's Beijing Olympics, Reuters adds.

In related developments, Beijing authorities have reportedly tightened physical security in the run-up to a military parade and other celebrations to celebrate National Day. The government has also reportedly mandated the use of stricter ISP-level censorware filters in an attempt to further control internet access in the run-up to 1 October. ®

http://www.theregister.co.uk/2009/09/22/chinese_anniversary_malware/

Aircraft

西媒一贯的偷梁换柱伎俩和口吻。什么“Foreign media" (外国媒体)，还不就是那么几个主流西媒？ 怎么它们就代表了所有外国媒体了？ 建议AC 在评论主流西媒时不要笼统地提”外媒“，应当说”主流西方媒体“，否则还是落入人家的话语语境之中。主流西媒的观点并不等于全世界所有国家和地区媒体和民众的观点和声音。