Join our Mailing List

"On my part, I remain committed to the process of dialogue. It is my firm belief that dialogue and a willingness to look with honesty and clarity at the reality of Tibet can lead us to a viable solution."

Hackers target pro-Tibet G20 protesters

November 17, 2014

Sydney Morning Herald, November 16, 2014 - Cyber criminals have targeted G20 protesters through a malicious email that hacks into a recipient's computer camera and uses it to spy on the owner.

Experts say the cyber-attack would be just one of many unleashed during the Brisbane summit as cyber criminals increasingly look for more targeted ways to lure computer users. 

The email, titled Join us at a rally for Tibet during the G20 Summit, purports to be from the Australian Tibet Council and includes a word document titled A_Solution_For_Tibet.

Cyber security company ESET disseminated a warning about the email and the word document after finding that it contained a virus, labelled a Gh0st Remote Access Trojan (RAT) detected as Win32/Farfli.

It was a "pretty classic case of spear phishing email" in which the receiver is lured into opening the infected attachment, the warning said. 

Cyber security expert Ty Miller said this particular type of ghost Trojan was designed for spying by getting into user's camera and audio functions. 

Once infected, the computer can be totally controlled by the hacker. 

"It could be coming from anyone," he said of the email. "It could be be a malicious virus or foreign governments who want to see what protesters are doing. It could just be attackers trying to expand the number of computers that they have control of."

It was not clear how many people the email was sent to but ESET said one receipient was the European Central Tibetan Administration.

Kyinzom Dhongdue from the Australian Tibet Council said she was not aware of any community members who had received the email but it was common for Tibetans to be the targets of cyber-attacks by Chinese companies and government bodies. 

The Australian Tibet Council and several other community groups organised a large protest for Tibetans in Brisbane on Saturday with about 300 people staging a "die-in" to highlight human rights abuses. 

Mr Miller, founder of Threat Intelligence, said such attacks were becoming incredibly common during large global events like the G20.

"You almost expect it to occur multiple times during these sorts of events," he said. 

"Five or 10 years ago there were a lot of generic phishing attacks, like emails from big banks, but these days people are catching on and becoming a lot more aware so attacks are becoming more targeted."

He said events like the G20 were "great opportunities for attackers to use the specific events and audience to make a targeted attack more convincing".

Mr Miller said the effectiveness of the Tibet attack would be limited because it uses a vulnerability in Microsoft Word that was eliminated in a software update in April. 

Queensland Assistant Commissioner Katarina Carroll said they had not received any reports of the attack.

"We have got people who work in that area with us and are constantly monitoring that so if it's something that has just eventuated we would know about it," she said. 

CTC National Office 1425 René-Lévesque Blvd West, 3rd Floor, Montréal, Québec, Canada, H3G 1T7
T: (514) 487-0665   ctcoffice@tibet.ca
Developed by plank