The U.S. Federal Bureau of Investigation is looking into a possible China connection in the hack of a nonprofit group created to draw attention to the ongoing genocide in western Sudan's Darfur region.
The Save
Darfur Coalition called in the FBI earlier this week after discovering that
someone had gained unauthorized access to its e-mail and Web server, according
to Allyn Brooks-LaSure, a spokesman with the group.
Brooks-LaSure doesn't know who is behind the attacks, but he said the Internet
Protocol addresses of the computers that had hacked his organization were from
China. "Someone in Beijing is trying to send us a message," he said.
The hackers seemed to be primarily interested in gathering data on his group,
Brooks-LaSure said. Save Darfur has been trying to get China to pressure Sudan's
government into stopping the mass killings in Darfur's ongoing civil war. China
is one of Sudan's largest trading partners.
Computers in China have been the source of many attacks in recent years, although
security experts say that sometimes China-based machines are simply used as
jumping-off points for attackers who actually reside in other countries such
as the U.S. or Russia.
Groups that work with Save Darfur may have also been hit, Brooks-LaSure said.
Some partner organizations have been the subject of very targeted e-mail attacks
over the past few weeks that have tried to trick workers into opening malicious
documents or visiting malicious Web sites. These are both common ways of installing
unauthorized software on a victim's computer.
This type of targeted e-mail attack was recently employed by attackers looking
to infect people on a pro-Tibet mailing list. Victims who opened what appeared
to be a statement of solidarity for the people of Tibet were secretly hit with
attack code that exploited a flaw in Adobe's Acrobat software, said security
researchers at F-Secure in
a blog posting.
"It looked like it was coming from the Unrepresented Nations and Peoples
Organization (UNPO). However, the e-mail headers were forged and the mail was
coming from somewhere else altogether," wrote F-Secure.
Many pro-Tibet organizations have been targeted with these types of attacks
in recent months, the company added. "This is not an isolated incident.
Far from it," the company said. "These e-mails have been sent to mailing
lists, private forums and directly to persons working inside pro-Tibet groups.
Some individuals have received targeted attacks like this several times a month."
A similar type of attack was used last month to infect computers at a committee
working on security at the upcoming 2008 Olympic Games in Beijing, according
to security vendor MessageLabs.
Members of that committee were infected by a malicious Microsoft Word document
that they then forwarded to other organizations, according to MessageLabs researcher
Maksym Schipka. In that case, "the bad guys did not have to hack into the
good guy's mail server, all they had to do was persuade them that the document
was something interesting so that the good guys themselves would forward it
on," he said.
It is not clear that there is any connection between the attacks reported by
MessageLabs and F-Secure and that reported by Save Darfur.
When contacted Friday regarding the Save Darfur incident, FBI Spokeswoman Debbie
Weierman confirmed that the law enforcement agency was "looking into the
matter."
