Chinese hack Tibetan monks, systematically targeting human rights groups

Chinese hackers have been systematically targeting human rights, and more generally, civil society, organizations with cyberattacks via booby-trapped email attachments.

Among those targeted recently: Tibetan monks.

And while a lot of attention has been shined recently on Chinese hackers attacking American companies like Google and Boeing, and the US government (a lot), much less attention has focused on the very real threat to human rights advocates and organizations.

A new study by a well-respected Internet watchdog group, Citizen Lab, finally looks in detail at the attacks on, and vulnerabilities of, human rights groups and other advocates. And while the report can’t conclusively claim that the Chinese government is behind the attacks, they’re at the very least tacitly colluding in them.

From Reuters:

“There’s no doubt about it. This is something that is, if not carefully orchestrated by the government of China, is certainly tolerated by them and they benefit from it,” said Citizen Lab director Ron Deibert.

PHYANG, LADAKH, INDIA - JULY 2014: Ladakhi Tibetan Buddhist monks at a festival in Phyang monastery, Ladakh. (geoffrey wiggins /

PHYANG, LADAKH, INDIA – JULY 2014: Ladakhi Tibetan Buddhist monks at a festival in Phyang monastery, Ladakh. (geoffrey wiggins /

What’s particularly troubling about the report’s findings is that while big companies, or the US government, have the money and manpower to help prevent future breaches, human rights groups do not.

Earlier this year I even asked a leading tech privacy group for help in better understanding how to protect my online communications. Not just for my own benefit, but for the benefit of human rights advocates worldwide who from time to time contact me with tips, or asking for help. And sadly, it ain’t easy protecting yourself.

I was amazed to find that, for starters, encrypted email hasn’t got any easier than it was a decade ago. Meaning, for the average person it’s pretty much impossible (I know when I tried using PGP a decade ago, my head pretty nearly exploded, and I finally gave up.)

I was, however, as a Mac user, able to download Adium as my chat program on my computer, and funnel Facebook and Google Chat through it in a manner in which both are encrypted. But that only helps if the other guy encrypts his chat as well (and if the other guy is smart enough to figure out how to set up the encryption in the first place).

There are Tor browsers, that nobody I know uses.

And then there are VPNs, or Virtual Private Networks, which I use, that basically encrypt every thing coming from your computer. It’s far more complicated than that, but VPNs are a step in the right direction (and they can let you watch TV shows and movies on some of your subscription services when traveling abroad).

And it’s not just me — I worry about how to protect Russian, and Chinese, and every other advocate in a country where you literally risk your life by challenging your own government. There needs to be an easier way to protect ourselves, and there needs to be more focus on training advocates, worldwide, in how to practice safe(r) surfing.

Lorenzo Franceschi-Bicchierai did a good write-up of the Citizen Lab study over at Mashable. And you can find the study here.

CyberDisobedience on Substack | @aravosis | Facebook | Instagram | LinkedIn. John Aravosis is the Executive Editor of AMERICAblog, which he founded in 2004. He has a joint law degree (JD) and masters in Foreign Service from Georgetown; and has worked in the US Senate, World Bank, Children's Defense Fund, the United Nations Development Programme, and as a stringer for the Economist. He is a frequent TV pundit, having appeared on the O'Reilly Factor, Hardball, World News Tonight, Nightline, AM Joy & Reliable Sources, among others. John lives in Washington, DC. .

Share This Post

4 Responses to “Chinese hack Tibetan monks, systematically targeting human rights groups”

  1. Susan952 says:

    Start making some handsome money by working an internet job from comfort of your home! What all you need is a computer and a reliable internet connection. You will be paid regular on a regular basis… Visit this link for more details…..>> -> READ REVIEW!!!! <-

  2. Using Internet Explorer. You’re adorable :)

    If it’s still doing it, send me an email explaining it, and I can forward it to Disqus’ help folks.

  3. emjayay says:

    Speaking of internet stuff, using IE Disquis will not load the comments for the post about the guy who likes womens instead of mens now. The thingy just spins and will not reload. Already read comments at about it at TowleRoad though.

  4. Naja pallida says:

    The Washington Post just reported that the National Weather Service has been downplaying several significant data breaches by Chinese hackers over the last year or more, that prevented the timely reporting of weather and emergency response information. We have such a disparate number of agencies, each independently responsible for their own information technology infrastructure, that it’s inevitable that we will have serious breaches. With no security standards, and some agencies being grossly underfunded and sadly undermanned, most of our government data security is more like playing a game of whack-a-mole, reacting to threat after threat after threat, instead of assuming we’re going to see threats and working to prevent them before they occur.

© 2021 AMERICAblog Media, LLC. All rights reserved. · Entries RSS