Foreign media in China have been targeted by emails laden with
malicious computer software in attacks that appear to be tied to
the run-up to the National Day military parade on October 1.
While spam and viral attacks are not uncommon, the latest wave is
part of a pattern of increasingly sophisticated emails tailored to
tempt foreign reporters, rights activists and other targets to open
infected attachments.
On October 1, the Communist Party is celebrating 60 years of rule
over mainland China with a military parade.
Beijing has tightened security ahead of the anniversary, with
armed paramilitary troops at subway exits during rehearsals and
neighbourhood residents recruited to watch over the streets.
"There is definitely a pattern of virus attacks in the run-up to
important dates on the Chinese political calendar," said Nicholas
Bequelin of Human Rights Watch in Hong Kong. He noted that
non-government organisations are also favourite targets.
"Whether the government is behind it, closes its eyes to it,
supports it or has nothing to with it is unclear. There are also
patriotic hackers, so there is no way to know for sure who is
behind it."
While poor English used to be a giveaway, new techniques include
mimicking a known and trusted sender, or resending legitimate
emails from activist organisations with a fake, malware-laden
attachment.
The impersonating emails require more effort by the mystery senders
but they are also more likely to be opened than easily
identifiable, anonymous spam.
Chinese employees working for foreign news organizations in Beijing
and Shanghai got identical emails on Monday, each with an
attachment carrying malware meant to exploit Adobe Acrobat
software, a common application used to read PDF files.
The email, which appeared to be from an economics editor named Pam
Bouron, was a polite request for help lining up interviews during
an upcoming visit to Beijing.
It was tailored so that Pam appeared to work for each news
organisation.
The clue was that Reuters does not have an economics editor named
Pam Bouron.
Others who received the Pam Bouron email include the Straits
Times, Dow Jones, Agence France Presse, and Italian news agency
Ansa.
Similar emails carrying viruses, also attacking foreign news
agencies and non-government organizations, were common ahead of the
Beijing Olympic Games last year.
In March this year, researchers at Infowar Monitor in Canada
found widespread cyber-infiltration of the Tibetan government in
exile.
The Pam Bouron emails on Monday targeted Chinese news assistants,
whose names often do not appear on news reports and who must be
hired through an agency that reports to the Foreign Ministry.
They were followed by two suspicious emails received by many foreign reporters in Beijing.
