海角大神

A prominent computer security firm warned that the聽Dalai聽Lama's Chinese-language website has been hacked and is infecting visitors' computers with viruses in what may to be an effort to spy on human rights activists who frequently visit the site.

Kaspersky Lab researcher聽Kurt Baumgartner聽told Reuters on Monday that he is advising web surfers to stay away from the Chinese-language site of the聽Central Tibetan Administration, or CTA, until the organization fixes the bug. He described the attack on his company's blog.

Technical evidence suggests the group behind the campaign was also responsible for previous breaches on that site as well as attacks on groups that focus on human rights in聽Asia, Baumgartner said.

Those breaches involved a two-stage attack technique known as "water holing," where hackers first infect a site that is frequently visited by people whose computers they want to control. That compromised site automatically seeks to infect the PCs of all visitors, downloading malicious software that the hackers can use to take control of their computers.

Officials with the聽Office of Tibet in New York聽could not be reached for comment. That office is the official representative to the聽United States聽for the聽Dalai聽Lama,聽Tibet's 78-year-old exiled spiritual leader, who fled聽China听迟辞听India聽in 1959 after an abortive uprising against Chinese rule.

Beijing聽considers the globe-trotting monk and author a violent separatist and Chinese state media routinely vilify him. The聽Dalai聽Lama, who is based in聽India, says he is merely seeking greater autonomy for his Himalayan homeland.

Baumgartner said that the Chinese-language site of the聽Central Tibetan Administration, which is the official organ of the聽Dali聽Lama's government聽in exile, has been under constant attack from the same group of hackers since 2011, though breaches have been quietly identified and repaired before garnering significant attention.

SAME GROUP OF ATTACKERS

"They have been trying repeatedly to find vulnerabilities in the site," he said.

He said that it is safe to visit the group's English and Tibetan sites.

He said he believes the same group of attackers has repeatedly infected the site with malicious software that automatically drops viruses on computers running Microsoft Corp's Windows and Apple Inc's Mac operating systems.

They infect machines by exploiting security bugs in Oracle Corp's聽Java聽software, he said. An Oracle spokeswoman had no immediate comment.

That gives them "back doors" into those computers. "This is the initial foothold. From there they can download arbitrary files and execute them on the system," Baumgartner said.

Will Gragido, a researcher with the聽RSA security聽division of聽EMC聽Corp who is an expert on water holing, said the attack on the Tibetan site had the look of a type of campaign known as an "advanced persistent threat," or APT.

In some cases APTs are launched through tainted emails. In others this is done through "water holes," which are named after specific locations that lions stake out to attack their prey, rather than traveling the wild to hunt them out.

"The CTA is a site most people are not going to traverse," Gragido said. "They are less likely to see my grandmother traversing that site than they are somebody with a vested interest in seeing what's going on in聽Tibet."

In March of last year, the cybersecurity firm AlienVault Labs reported that it identified cyber attacks on Tibetan organizations including CTA and the International Campaign for聽Tibet.

AlienVault said those attacks were engineered by a Chinese APT group also responsible for the "Nitro" attacks on dozens of companies identified by Symantec Corp in 2011.

The report of the cyber attack is the latest to involve human rights groups in greater聽China.

Human rights groups and other NGOs focused on聽China聽were hit by denial of service attacks that disrupted their websites and several said their emails were infiltrated during a spate of cyber attacks attributed to聽China聽in 2010 and 2011.