Skip to main content

The Globe and Mail

Foreign journalists in China target of computer attack

Researchers in Canada have shed new light on what appears to be a systematic attempt to infect and compromise computers belonging to journalists working in China - an attack that coincides with a security clampdown in the country as Beijing's Communist government celebrates its 60th anniversary.

Reporters working with foreign media outlets including Reuters, Dow Jones and Agence France-Presse began receiving e-mails last week from someone purporting to be each respective outlet's economics editor.

The e-mails, written in good English, detail a proposed trip to China for a story, and include an attached Adobe PDF file that contains a mostly accurate list of local contacts.

Story continues below advertisement

However, when opened, the file installs malware - software that infects the machine and often leaves it completely under the control of a remote user - on the user's computer.

The attacks coincide with reports of tighter security measures ahead of the 60th anniversary of the founding of the People's Republic of China, say Nart Villeneuve and Greg Walton, senior research fellows of the Citizen Lab at the University of Toronto's Munk Centre for International Studies. The researchers have written a report outlining the attack.

"It seems to me that the people involved in that - targeted malware attacks - generally prey on organizations that are related to some ongoing event," Mr. Villeneuve said, adding that the style of attack indicated a smart adversary, but not necessarily government involvement.

"In this kind of environment, with the 60th anniversary of the founding of the PRC coming up, it just seems to me that attacking media targets makes sense."

The malware has in some cases connected to a command and control server, Mr. Villeneuve said. However, researchers have not been able to decrypt the communication passing between the two ends.

While the researchers stress there is no conclusive evidence that Beijing is behind the attack, they added that there are several factors to support such a conclusion.

For example, the malware was e-mailed to Chinese assistants working for foreign news organizations Such assistants rarely have their names published, but must be hired through an arm of the Chinese foreign ministry.

Story continues below advertisement

"That looks very suspicious to me," said Ronald Deibert, director of the Citizen Lab.

Along with Mr. Villeneuve and Mr. Walton, Mr. Deibert was at the centre of an operation that uncovered "GhostNet," a network of more than 1,200 infected computers worldwide that included machines in embassies and ministries. In that case, the vast majority of attacks appeared to originate from China.

In the case of the attacks against journalists, the researchers have traced back the malware's IP address to two compromised servers, both located in Taiwan.

Ironically, one of those servers belongs to the National Central University of Taiwan - it is where students and faculty are directed to go to download anti-virus software.

Because there exist very few recognized international mechanisms for reporting and logging such attacks, Mr. Deibert said he had to contact Taiwanese authorities directly to notify them that key servers had been infiltrated.

"I think it's not appropriate for a researcher at the university to contact an ambassador here in Canada to let them know," Mr. Deibert said.

Story continues below advertisement

"But nonetheless it has to be done, and the reason is there is really no other obvious avenue for us to turn."

Report an error
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

If your comment doesn't appear immediately it has been sent to a member of our moderation team for review

Read our community guidelines here

Discussion loading…

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.