It’s Hacking Season in Tibet

As of this writing, the website for the Tibetan government in exile, the Central Tibetan Administration (CTA), appears to be under attack.

tibet net

This is nothing unusual. About this time every year the CTA, and other organizations connected to it, endure a variety of cyber attacks. According to Tenzin Dalha, a researcher at the Tibet Policy Institute, “Every March 10th, almost all major Tibetan organizations in Dharamsala are targeted with Distributed Denial of Service and other cyber attacks,”

Why March 10th? You might ask. Well, March 10th is Tibetan Uprising Day; a day that commemorates the 1959 Tibetan people’s uprising against China. It was this uprising that led China to crack down on all anti-Chinese protests and made the Dalai Lama flee to India. Hmm, I wonder who could be behind these annual cyber attacks.

I eventually did get into the CTA site but found it almost impossible to navigate. I would not recommend visiting the site, however. This is because, without proper cyber security measures, you could be exposing yourself to a cyber attack. If you feel you must visit the site, use proper obfuscation tools, such as the Tor browser with a VPN or two. I say this for a reason.

Apparently, nefarious attackers got their hands on the CTA mailing list and are sending emails with a malicious PowerPoint attachment to everyone on it. The email, according to researchers at Cisco Talos, looks like this.


The attachment is a slideshow named, “Tibet-was-never-a-part-of-China.ppsx”. This title should encourage anti-China recipients to view it. It is a real slide show from the CTA site. But, unlike the real slideshow, it installs spyware on viewers’ devices. Once installed, the Chinese government can keep an eye on anyone who watched the slideshow. The spyware will listen in on all calls, decrypt chats, gather all contact information, and read all emails, among other things.

But, you might say, “I’m not on the site’s mailing list. I have nothing to worry about”. Maybe, but maybe not. In 2013, the CTA website was hit with a watering hole attack. This is an attack that compromises a website and redirects select visitors to a malicious website which interacts with the browser to infect the visitor with malware. It could also make use of malicious advertisements (malvertising) to infect the visitor. In this particular attack, Chinese speaking visitors to the CTA site were targeted in an apparent attempt to unmask any Chinese citizens who may feel sympathetic towards Tibet.

Last year, the Chinese hacking group, LuckyMouse, used a watering hole attack to gain access to a data center in an unnamed Central Asian country. Gaining such access would allow the attackers to gain access to other important government networks. In December, the Chinese government used similar attacks to gather information from Australian and U.S. government agencies. It would, therefore, not be surprising if such attacks were  planned on the main CTA site or on any sites related to it.

In fact, this year could see a sharp increase in Chinese cyber attacks as well as an increase in the degree of their sophistication. The reason for this is that 2019 marks a major anniversary of the 1959 uprising, the 60th anniversary. China expects demonstrations and is probably gathering information in order to suppress them before they begin. The scheduled day for Uprising Day this year is March, 28th. On the exact same day, China will celebrate Serfs Emancipation Day. This was the day in 1959 that the Tibetan government was officially declared illegal. The Chinese claim it was the day that the people of Tibet were liberated, whether they liked it or not.

The Chinese consider the Dalai Lama a terrorist and a recent article in the Tibet Daily warns people about listening to him. “In the face of the lies of the 14th Dalai Lama, the various peoples of Tibet should be even more aware that socialist new Tibet replacing the theistic and feudal system of old Tibet was a historical necessity, and a victory for the truth and the people,”

Visiting the China Culture website will give you some indication of the concern the Chinese government has for what may occur on or before March 28th. In an article entitled, “Come and see the real Tibet”, the Chinese government launches a full out attack on the Dalai Lama. In fact, there is nothing about visiting Tibet in the article, only invectives such as,

“The Dalai Lama and his supporters disregard history, distort facts and spare no efforts to glorify old Tibetan society, claiming that old Tibet was “more civilized” and a better place than today’s Tibet. These are not only vain attempts to distort facts and international agreements, but also conceited denials of the remarkable progress that Tibet has made since 1959.”

 Tibetans in exile have also ramped up their criticisms of China. They report that,

“Tibetans in Serta County, incorporated into China’s Sichuan province, are forced to remove portraits of His Holiness the Dalai Lama from their altars. They are compelled to display pictures of Chinese leaders, including Xi Jinping, and to prostrate and make offerings instead. Prostration in Tibetan Buddhism is a traditional practice, a religious gesture of reverence reserved to the Buddha, the Dharma and the Sangha.”

In other words, the fight is on.

.tibet pray

China is making preemptive strikes against any possible protests. They restricted the movements of Tibetans during the recent New Year’s holiday. Protests against China are planned in London and, very likely, other countries on March, 28th. Will they take place in Tibet? A few brave souls may try to stage a protest, but it will not be easy. The Chinese government will make sure that no social media web sites can be used to organize a group to participate in such protests. Here are some of the messaging sites currently blocked in China.
china block

However, using good VPNs will unblock most of these sites. I know from my own experience that this is true. In other words, if Tibetans want to secretly communicate to organize protests, they will probably find a way to do it. That said, in the past, China has sealed off all internet connections within Tibet and this could happen again. We’ll just have to wait and see which side wins in this yearly cyber war.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s