Operation Luckycat Targets Pro-Tibet Activists and Govornment Sites

In the developing world, the importance of cyber-security is becoming increasingly clear. Government sites, as well as activists groups are especially at risk of attack. While computers and the internet are crucial tools for activists and governments, these very tools make them vulnerable. In China, a group of hackers attacked various targets through operation Luckycat.  “Luckycat… has been active since June 2011, (and) has been linked by Trend to 90 attacks in India and Japan against aerospace, energy, shipping, military research and activists.” (The Register) They used a spear phishing campaign that sends an infected Microsoft Office file to targets to exploit vulnerabilities in the  Microsoft platform. The infected file gives backdoor access to the sender. The MacControl Trojan used was unusual, becasue Macs have typically not been targeted by hackers with the frequency of PCs.

Tibetan activist organizations were especially targeted by this campaign and many believe that the Chinese government is behind these attacks. While the individual Chinese hackers have been identified (mainly Gu Kaiyuan) it has been difficult to prove a direct connection to the government. This is certainly not the first time that the Chinese government has been accused of cyber-espionage and sabotage.  China has previouly been accused of spying on pro-Tibet organizations via internet-hacking on several occasions and was blamed for the GhostNet operation cyber-espionage attack on the Tibetan government-in-exile as well as private office of the Dali Lama. A trend is becoming increasingly evident; The Chinese government is likely recruiting and supporting young talented hackers to achieve their ends and later, letting them take the blame for the attacks.

All this is proof that safety should not be taken for granted and that hackers and cyber-criminals are innovative and should not be underestimated.  Mac is advertised as being more resistant to attack, but they are certainly not impervious. It is likely that in the future, they will became more frequently targeted. It is clear that activists, governments of the developed and developing world, as well as individuals, need to take measures to protect themselves. In class, we saw examples of all of the ways the Ushahidi platform could be compromised. These same tactics can be used against nearly any stakeholder in development. This is a solid barrier to ICT4D. In the future, cyber-security needs to be made a priority.

http://www.theregister.co.uk/2012/04/02/mac_malware_apt_luckycat/

http://www.infosecisland.com/blogview/20875-Operation-Luckycat-Targets-Tibet-Japan-and-India.html

Advertisements

About etherspace

I am a junior joint Spanish-Portuguese & international development major at Tulane University. View all posts by etherspace

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: