Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Look At Advanced Targeted Attacks Through the Lens of a Human-Rights NGO

Posted by Unknown on from the shotgun-network-intrusion dept.

An anonymous reader writes New research was released on cyber-attacks via human-rights NGO World Uyghur Congress over a period of four years. Academic analysis was conducted through the lens of a human-rights NGO representing a minority living in China and in exile when most targeted attack reports are against large organizations with apparent or actual financial or IP theft unlike WUC, and reported by commercial entities rather than academics. The attacks were a combination of sophisticated social engineering via email written primarily in the Uyghur language, in some cases through compromised WUC email accounts, and with advanced malware embedded in attached documents. Suspicious emails were sent to more than 700 different email addresses, including WUC leaders as well as journalists, politicians, academics and employees of other NGOs (including Amnesty International and Save Tibet — International Campaign for Tibet). The study will be presented at USENIX on August 21, and the full paper is already available.

25 comments

  1. NGO? by Anonymous Coward · · Score: 0

    Why is it important to mention that "World Uyghur Congress" is an NGO (Non-Governmental Organization)? Why can't they just call it an "organization"?

    1. Re:NGO? by Calydor · · Score: 1

      I thought they were a New Global Order.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    2. Re:NGO? by Livius · · Score: 3, Insightful

      Because the "non-governmental" part matters.

    3. Re:NGO? by Seumas · · Score: 0

      When I see NGO after an organization's name, my assumption is that their source of funding is shady and that their actual purpose other than that which they position to the public, because that is often the case.

      It's important to say "NGO" the same way it is important to say that your PAC is not directly endorsed or paid for by the candidate or cause it is supporting. Obfuscation and deniability. They aren't a government organization, but they're not a private organization, either -- yet they are funded *by* governments, businesses, other organizations, and people. And... there are something like two million of them in the US alone.

    4. Re:NGO? by Dishevel · · Score: 1

      I see the same thing when I see government as well.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    5. Re:NGO? by hey! · · Score: 3, Insightful

      Because "NGOs" operate in spheres like humanitarian relief and social justice which require them to rub elbows with governments and government sponsored entities. In some cases the kinds of work they do may even overlap, as might happen when FEMA and the Red Cross deploy after a major disaster like a hurricane.

      In those cases it's useful to differentiate between government organizations like FEMA or the Coast Guard and non-Governmental organizations like Red Cross or Doctors Without Borders.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    6. Re:NGO? by wisnoskij · · Score: 1

      Because many human rights organizations are run by government so that they can release promising reports about said government.

      --
      Troll is not a replacement for I disagree.
  2. Climate scientist too by mdsolar · · Score: 2

    Quite a few computer systems used by climate scientists get targeted as well.

  3. no post by Anonymous Coward · · Score: 0

    no post tell a lot about slashdot readership

  4. to understand the attacks, understand NGO. by nimbius · · Score: 1, Informative

    to learn why The Chinese government has designated the WUC and its affiliate groups as a terrorist organisation, people must understand where NGO's came from and why they exist. "non-governmental organization" only came into popular use with the establishment of the United Nations Organization in 1945. it however intensified throughout the cold war as a means by which capitalist nations (namely the united states) could covertly do everything from back the nicacaguan contra to overthrow the government of Iran. At best, they are a destabilizing force as evidenced in Action Aid and Christian Aid which effectively condoned the 2004 US backed coup against an elected government in Haiti. NGO's cheerlead for projects like privatized water and healthcare in mozambique as they are not formally held to standard and adherence within the host country. 'showcase' projects and parallel programs that prove to be unsustainable can and do often show up alongside, but not in partnership with, government efforts.

    the World Uyghur Congress is headed presently by an exilee in the United States since 2005 after six years' imprisonment in China for leaking state secrets. it is an umbrella term for an organisation of once small, weak and fractious Uyghur nationalist groups, including the World Uyghur Youth Congress, formed in November 1996. it is at most a separatist group with a line-item budget in the federal government and a testament to americas schitzophrenic relationship with china. We hate communism and dictatorial rule, but the 213 billion in trade this year seems to revise our outlook considerably. We sure hate terrorism but when the 2009 Ãoerümqi riots struck, we couldnt be bothered to care about how our NGO orchestrated and planned the event.

    --
    Good people go to bed earlier.
    1. Re:to understand the attacks, understand NGO. by poity · · Score: 2

      Your claim is the WUC orchestrated the 2009 Urumqi riots. You also imply that those riots were comparable to terrorism.

      --
      your thin skin doesn't make me a troll
    2. Re:to understand the attacks, understand NGO. by Anonymous Coward · · Score: 0

      Most NGO's are little more than subversive organizations either backed by corporations, billionaires, or foreign governments. They either funnel large sums of money to corrupt government officials, support opposition groups in countries friendly to them, or use the group as cover for intelligence operations.

      So true.

    3. Re:to understand the attacks, understand NGO. by Anonymous Coward · · Score: 0

      Originally most NGO's are little more than subversive organizations either backed by corporations, billionaires, or foreign governments. They either funnel large sums of money to corrupt government officials, support opposition groups in countries friendly to them, or use the group as cover for intelligence operations.

  5. Why isn't sandboxing standard practice? by timrod · · Score: 4, Interesting

    In the article, they mention that the group attacking WUC was using vulnerabilities in Acrobat Reader, but stopped after Adobe added sandboxing to Acrobat - and then promptly switched to using vulnerabilities in MS Office. Why is it that sandboxing isn't a standard for all popular office software? It seems like had MS sandboxed Office, these attacks likely would've ceased altogether for lack of a vector.

    1. Re:Why isn't sandboxing standard practice? by Thanshin · · Score: 4, Funny

      had MS sandboxed Office, these attacks likely would've ceased altogether for lack of a vector.

      Had MS sandboxed Office, the attack vector would be MS sandbox.

    2. Re:Why isn't sandboxing standard practice? by 1u3hr · · Score: 4, Insightful

      People have been asking that FOR 20 FUCKING YEARS
      ===========
      http://www.f-secure.com/v-desc...
      Virus:W32/Concept
      Virus:W97M/Concept also known as Word Prank Macro or WW6Macro - is a macro virus which has been written with the Microsoft Word v6.x macro language. It has been reported in several countries, and seems to have no trouble propagating in the wild.

      WM/Concept used to be extremely widespread during 1995-1997.
      ===========
      I remember back in 2000, my boss asking "How do I run this "I Love You" macro someone sent me?"

      Word macros were cool and useful, until Microsoft decided it was clever to embed them in the document.

      And they did the same fucking thing with "Windows Media"
      And USB autoexec

      Always prioritising some gimmicky shit that allowed advertisers to push crap over security, and allowed any asshole to take over your PC by getting you to open a document or media file.
      .

  6. Plus by Anonymous Coward · · Score: 0

    The U.S. (both government and wealthy organizations and persons) on one hand finance terror, which they "have to counter" with the other hand a day later. The best U.S./ U.K. buddy Saudi-Arabia does this on a even larger scale.

    Cui Bono ?

    The arms industry and Israel.

  7. Advanced Sophisticated cyber-email attachment atta by lippydude · · Score: 2

    Slashdot is getting as bad as the conventional tech press in your inability to mention the Operating System that the vast majority of these cyber-attacks run on or require to vector the malware onto peoples 'computers'.

  8. China who would have thought.. by Virtucon · · Score: 1

    We fuck your shit up - China

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
    1. Re:China who would have thought.. by Anonymous Coward · · Score: 0

      We fuck your shit up - China

      Wait a minute, so you are admitting United States of America (as in "we") is aiding and supporting the NGO WUC?

  9. Re:Advanced Sophisticated cyber-email attachment a by Anonymous Coward · · Score: 0

    Slashdot is getting as bad as the conventional tech press in your inability to mention the Operating System that the vast majority of these cyber-attacks run on or require to vector the malware onto peoples 'computers'.

    The OS doesn't matter. According to TFA, the exploit used Adobe Reader and then MS Office documents. Office exploits have been successfully used against activists on both Windows and OS X hosts.

    When you're dealing with vulnerable software like Office, it doesn't matter what OS you use. (And Office is just the easiest target. It could just as easily be Flash or Java or whatever.)