CYBER-ESPIONAGE by Peter WestmoreNews Weekly
Massive cyber-attacks on human rights website
, November 8, 2014
One of the world’s leading human rights groups, Human Rights Without Frontiers (HRWF), has reported that it has been subject to “repeated and sophisticated” cyber-attacks on its web site. The group has traced the attacks back to Russia and China, which have been the subject of repeated criticism over human rights violations.
HRWF chairman Willy Fautré
HRWF has also criticised Russia’s annexation of Crimea and its involvement in the insurgency in eastern Ukraine.
In mid-October, the Brussels-based non-government organisation received a message from Intermedia, its web-hosting provider, notifying it of “another attempt to compromise our web server”.
Its internet and security consultant said at the time: “Another series of repeated hacking events over the last 48 hours, seeking to hijack or disable our server, were detected on hrwf.org and hrwf.net.
“Our server logs also indicate numerous brute force style attempts to gain access to our CMS [Content Management System], primarily from allocated unspecified IP [Internet-provider] addresses and from allocated IP addresses.
“Whoever they are, they are obviously persistent and well equipped, and we have to assume that they are the ones who for some time now have been trying to compromise our servers.”
The consultant continued: “As our System Administrator was monitoring the server, he noticed that the hacker(s) successfully placed a script in a file on our website. That file was requested on 10/10 at 22:23 GMT from this allocated unspecified IP address 18.104.22.168 (supposed to be an EU country, but can be from any other country in the world), and the same IP address sent several other POST requests to our server on 10/10 and 10/11 and started sending SPAM from our servers on 10/11 at about 2pm.
“It should be noted that not long after that script was modified, a number of other files on our server were accessed and modified from 22.214.171.124 IP address.… That IP address is allocated to a person in St Petersburg, Russia.
“So we had to briefly stop our website and remove the offending script and check all server data and clean our files. Since this procedure can be time-consuming, we decided to perform a restore from a known clean backup.”
HRWF’s Internet consultant was later able to identify the person in Russia who performed these attacks.
Human Rights Without Frontiers have found that these recent incidents have followed a series of “damaging server attacks that were carried out between June and August”.
It said: “These seriously disrupted the normal functioning of our website for three months. Each time, thousands of files on our web server had to be checked one by one.
“Unfortunately, and regrettably, the first successful attack (believed to have originated from China) on our old CMS caused several emails with inappropriate contents to be sent in our name.
“Due to constraints in our previous server environment and in the vendor’s release of needed upgrades scheduled only for December 2014 (these constraints beyond our control, and the often limited resources situation we usually face, left our old server vulnerable), HRWF had not only to invest in a different new server system environment, but also to hire web developers who could perform the difficult unofficial migration of all existing data to a vendor-independent upgrade and migration solution.”
In a public statement, Human Rights Without Frontiers said: “Despite constant upgrades of our protection against hackers, the website has for years been targeted by sophisticated IT attacks, but this time has decided to make it public and to call upon all human rights organisations to denounce such practices.
“Human Rights Without Frontiers will publicise any similar case that will be brought to its attention.”
HRWF chairman Willy Fautré commented: “No doubt our almost daily coverage of the events at Maidan [the central square of Kyiv, Ukraine’s capital city], in Crimea and eastern Ukraine explains the latest attacks.
“For years we have as well reported worldwide and at the European Parliament about violations of human rights in China. We are aware that we disturb the state disinformation policies of Russia and China, but such threats will not deter us from pursuing our mission.”
In March last year, News Weekly published as one of its cover-stories details of a report by an American computer security company, Mandiant, documenting the role of an arm of China’s Peoples Liberation Army, in successful cyber attacks on U.S. government departments and many international corporations (see “Red China’s global cyber-espionage exposed”, News Weekly, March 16, 2013).
Mandiant has been monitoring Chinese cyber-espionage for 10 years. After its own computers were hacked from China, Mandiant counter-attacked, downloading onto Chinese attack-computers programs which not only read what they had downloaded, but actually captured screen images as hackers were targeting Western web sites.
There is an extraordinary Youtube video on the Mandiant site, showing Chinese hackers logging into a Western corporation, then downloading sensitive corporate information directly.
The Mandiant report lists the enormous scale of China’s computer espionage operation, and the huge amount of data stolen from many corporations over a number of years.