World Uyghur Congress an “Easy Target” for Hackers

At Ars Technica, Robert Lemos reports that outdated software helps make a prominent exile Uyghur group a soft target for state-sponsored hacking:

In a paper to be delivered at the USENIX Security Conference next week, six academic researchers analyzed nearly 1,500 suspicious e-mail messages targeting the World Uyghur Congress (WUC). The team found that, while the malware managed to reliably evade detection by many antivirus programs, the attacks were relatively unsophisticated, using known vulnerabilities that had already been patched. The social engineering tactics, however, were very targeted and convincing, with the majority written in the native language, referring to events of interest to the NGO and appearing to come from known contacts, said Engin Kirda, a professor of computer science at Northeastern University and a co-author of the paper.

[…] Organizations that believe they could be targeted by such attacks should take more concrete steps to protect themselves. Upgrading systems to more modern operating systems and regularly patching those systems can help immensely, Kirda said. [Source]

The Tibetan exile community has also been a major target of both electronic and traditional surveillance.