A website associated with the Dalai Lama’s YouTube account has been hacked using malware, a member of the security firm F-Secure’s Threat Research team discovered on Monday.
The Dalai Lama, a position filled since 1939 by Tenzin Gyatso, is the highest religious figure in Tibetan Buddhism, who serves as the leader of the Tibetan government in exile. The existence of an independent Tibetan polity, based in India since 1959, has been a continuing thorn in the side of Chinese government. Recently, Tibetan nationalists and Buddhists have again taken to self-immolation, setting themselves on fire to gain attention for their cause and point to Chinese malfeasance in Tibet.
The website, Gyalwarinpoche.com, “is compromised and is pushing new Mac malware, called Dockster, using a Java-based exploit,” according to F-Secure.
The affected website is believed to be closely tied to the Dalai Lama because it shares a name with the religious leader’s YouTube channel and has similar Whois information, including listing the registrant as “Office of HH the Dalai Lama” and sharing the same address as the registrant of his official site.
As to the technical details of the hack, F-Secure writes:
The Java-based exploit uses the same vulnerability as “Flashback”, CVE-2012-0507. Current versions of Mac OS X and those with their browser’s Java plugin disabled should be safe from the exploit. The malware dropped, Backdoor:OSX/Dockster.A, is a basic backdoor with file download and keylogger capabilities… There is also an exploit, CVE-2012-4681, with a Windows-based payload: Trojan.Agent.AXMO.
If the hackers are Chinese, either official or unofficial, it will not be the first time Tibet-related organizations have been targeted. NGOs focusing on Tibet have had their computers targeted with malware.
China is widely believed to use both official government computer experts and amateur hackers to target groups whose information it wishes to possess or whose activities it wishes to compromise.
Photo from DalaiLama.com
