Chinese hack Tibetan monks, systematically targeting human rights groups

Chinese hackers have been systematically targeting human rights, and more generally, civil society, organizations with cyberattacks via booby-trapped email attachments.

Among those targeted recently: Tibetan monks.

And while a lot of attention has been shined recently on Chinese hackers attacking American companies like Google and Boeing, and the US government (a lot), much less attention has focused on the very real threat to human rights advocates and organizations.

A new study by a well-respected Internet watchdog group, Citizen Lab, finally looks in detail at the attacks on, and vulnerabilities of, human rights groups and other advocates. And while the report can’t conclusively claim that the Chinese government is behind the attacks, they’re at the very least tacitly colluding in them.

From Reuters:

“There’s no doubt about it. This is something that is, if not carefully orchestrated by the government of China, is certainly tolerated by them and they benefit from it,” said Citizen Lab director Ron Deibert.

PHYANG, LADAKH, INDIA - JULY 2014: Ladakhi Tibetan Buddhist monks at a festival in Phyang monastery, Ladakh. (geoffrey wiggins /

PHYANG, LADAKH, INDIA – JULY 2014: Ladakhi Tibetan Buddhist monks at a festival in Phyang monastery, Ladakh. (geoffrey wiggins /

What’s particularly troubling about the report’s findings is that while big companies, or the US government, have the money and manpower to help prevent future breaches, human rights groups do not.

Earlier this year I even asked a leading tech privacy group for help in better understanding how to protect my online communications. Not just for my own benefit, but for the benefit of human rights advocates worldwide who from time to time contact me with tips, or asking for help. And sadly, it ain’t easy protecting yourself.

I was amazed to find that, for starters, encrypted email hasn’t got any easier than it was a decade ago. Meaning, for the average person it’s pretty much impossible (I know when I tried using PGP a decade ago, my head pretty nearly exploded, and I finally gave up.)

I was, however, as a Mac user, able to download Adium as my chat program on my computer, and funnel Facebook and Google Chat through it in a manner in which both are encrypted. But that only helps if the other guy encrypts his chat as well (and if the other guy is smart enough to figure out how to set up the encryption in the first place).

There are Tor browsers, that nobody I know uses.

And then there are VPNs, or Virtual Private Networks, which I use, that basically encrypt every thing coming from your computer. It’s far more complicated than that, but VPNs are a step in the right direction (and they can let you watch TV shows and movies on some of your subscription services when traveling abroad).

And it’s not just me — I worry about how to protect Russian, and Chinese, and every other advocate in a country where you literally risk your life by challenging your own government. There needs to be an easier way to protect ourselves, and there needs to be more focus on training advocates, worldwide, in how to practice safe(r) surfing.

Lorenzo Franceschi-Bicchierai did a good write-up of the Citizen Lab study over at Mashable. And you can find the study here.

CyberDisobedience on Substack | @aravosis | Facebook | Instagram | LinkedIn. John Aravosis is the Executive Editor of AMERICAblog, which he founded in 2004. He has a joint law degree (JD) and masters in Foreign Service from Georgetown; and has worked in the US Senate, World Bank, Children's Defense Fund, the United Nations Development Programme, and as a stringer for the Economist. He is a frequent TV pundit, having appeared on the O'Reilly Factor, Hardball, World News Tonight, Nightline, AM Joy & Reliable Sources, among others. John lives in Washington, DC. .

Share This Post

© 2021 AMERICAblog Media, LLC. All rights reserved. · Entries RSS