Lawyers Without Borders hit by persistent Chinese cyber-attack
Wed 29 Oct 2014
Although it is not pursuing any cases in China, the pro-bono international organisation Lawyers Without Borders is currently under systematic attack from an entity in China.
Talking exclusively to IT security magazine SC, founder and executive director of LWB Christina Storm revealed that since the start of October LWOB has suffered over a thousand attacks on its website, www.lwob.org, all emanating from a location in China.
“Someone in China has a disproportionate interest in our organisation” she said. “We know the commercial building used, we know the IP address and there are attacks every four minutes, so it’s not legitimate usage. I have even been unable to get into our own server, with the message that someone else is already logged in using that name.”
Many popular websites are subject to exploits for commercial or activist motives, but not many are quite as well-defended as the LWOB site, which uses the cloud-based Intralinks system and benefits from an extraordinary array of defensive technologies donated to it via the social responsibility programmes of large corporations. The Intralinks system is unusually painstaking regarding regular log-outs on idle and multi-factor authentication in the password-recovery process.
The LWB website places its security emphasis on the integrity of confidential documents, and has been attacked before by an undisclosed government using key-logging attacks via a public computer.
“Our work can save lives”, Storm said. “and lives can be lost if we are compromised. We are not trying to overthrow governments, or even engage in overt advocacy, but we are concerned with building capacity of individuals within countries seeking to compel authorities to abide by international commitments that they have made.”
Canada’s National Research Council claimed last year that a “highly sophisticated Chinese state-sponsored actor” was responsible for a cyber-incursion into its systems, and a Congressional advisory report warned of increasing cyber-attacks from China in 2009. In Australia in 2013 Chinese cyber-attackers were blamed for the theft of security plans, including the security and communications systems, for the ASIO Canberra headquarters.