The high-tech war on Tibetan communication

The Chinese digital security state versus a small exile community.

Each year, March 10th in Tibet brings more police onto the streets, closer online censorship of terms like "Free Tibet" and "Dalai Lama" and a spate of cyberattacks.

"Every March 10th, almost all major Tibetan organizations in Dharamsala are targeted with Distributed Denial of Service and other cyber attacks," said Tenzin Dalha, a researcher at the Tibet Policy Institute, part of the Central Tibetan Administration. Four years ago, that happened to the Voice of Tibet (VOT), a nonprofit media outlet run out of the Indian hill town of Dharamsala, bringing its website down for several days.

The reason for the crackdown is that the date commemorates March 10th, 1959. On that day, rumors spread in the Tibetan capital Lhasa about the impending arrest of Tibet's spiritual leader, the Dalai Lama, by the Chinese, who had invaded the territory in 1950. Tibetans rallied to support their spiritual leader and the mass protests led to a violent crackdown. The Dalai Lama and his entourage escaped to India, where he and the Tibetan government-in-exile remain.

When VOT started in 1996, it was one of the few channels of communication between Tibetans and their government-in-exile across the border, as all newspapers, television and other print materials were heavily censored. Using shortwave radio, it transmitted its news service across the border into Chinese-occupied Tibet, both in Tibetan and Mandarin Chinese.

"Of course the Chinese Government tries to jam our program consistently, and we try to fight with them by broadcasting our programs on different frequencies, at different times."

"We are a news organization, and we spend [our time] making stories," said Tenzin Peldon, editor at VOT. "Of course, the Chinese government tries to jam our program consistently, and we try to fight with them by broadcasting our programs on different frequencies, at different times, so if one program is jammed, other ones get through."

China's control of information is key to its control over Tibet. Propaganda has been key in pushing its own version of history -- that the 1959 invasion was a "liberation" and that Chinese rule has been a boon to Tibet -- both at home to the global community. In the following decades, most of the country's Buddhist monasteries and temples were destroyed, while many Tibetans were put into forced labor camps or, in many cases, killed.

Vast mining operations and dams run by Chinese companies are strewn across the plateau but have not benefited Tibetans. Lhasa, once a forbidden, holy city where foreigners could enter only in very limited instances, is now a Chinese-majority city that Tibetans from outlying regions have to get special permissions to enter. Yet as development spread across the plateau and China opened during the economic boom of the 1990s, Tibet appeared seemingly docile and increasingly integrated with the mainland.

This image fell apart in early 2008. It was, again, March 10th. This time, just a few months before China was to welcome the world to the Summer Olympic Games in Beijing, decades of discontent erupted into protests in Lhasa, which quickly spread across the occupied country. Tibetan exiles helped to spread images of monks protesting spread online, which, together with a powerful human-rights documentary, triggered protests across the world, and calls for countries to boycott the Olympics.

It was a huge embarrassment for the Chinese government. Martial law was quickly declared, and the years since have seen an even greater clampdown on free expression through the pervasive monitoring of Tibetans, both those inside Tibet and out.

What was once a low-tech information battle over radio waves has now being reshaped by the internet and smartphone access that have spread into Tibet. Yet while China operates the world's most powerful digital-security apparatus, there are only around 6 million-7 million Tibetans in Tibet, and about 150,000 exiles scattered around the world. For the small Tibetan community with limited resources, to face off with Beijing is a David and Goliath situation.

The attack on Voice of Tibet four years ago was a common distributed denial of service (DDoS) attack, but others have been far more sophisticated.

The scale of China's operation was not clear until a report released by the University of Toronto's Citizen Lab in 2009, titled "Tracking Ghostnet." This clearly showed, for the first time, the extent of cyber espionage and how deeply it had infiltrated the Tibetan movement, including the office of the Dalai Lama. For Lobsang Gyatso, this was a major wakeup call.

"The report was a huge eye-opener ... until then, we didn't have proof or an understanding," said Lobsang, the digital-security-programs manager with the Tibet Action Institute. "This made it very concrete and showed it was state-sponsored ... it was pretty clear to us who was behind it."

"Every single organization affiliated with the CTA or with the Tibetan freedom movement in India has been targeted with severe cyber attacks."

Citizen Lab uncovered 1,295 infected hosts in 103 countries across the entire Tibetan spectrum. Signs all pointed to China as the culprit.

"Every single organization affiliated with the CTA or with the Tibetan freedom movement in India has been targeted with severe cyber attacks," said Dalha. "The website of CTA, [in particular] the Chinese website, has been hacked several times."

The most common method of spreading malware was simple –- email attachments. Citizen Lab documented the use of suspicious emails with links to complex malware in a 2013 follow up report on what they called APT1's Glasses, which it sourced directly to the People's Liberation Army in China. Tibetans switched strategies, from sending attachments to using more-secure services such as Google Drive and Dropbox to share files.

"Most NGOs by then had developed this practice of sharing everything with Google Drive," said Tenzin Jidgal with the International Tibet Network. Not too long thereafter, some organizations noticed some of the emails they were getting with Google Drive attachments were being sent from malicious servers including links that led to malware.

This time, however, they were prepared. They shared data with outsiders, such as Citizen Lab, to better understand the problem. It was no accident, but a meaningful, organized response to a genuine threat.

Leading the fight to protect NGOs from digital threats is the Tibet Action Institute (TAI) founded in 2009.

"We fill a supporting role for others doing advocacy," said Lobsang. "How to make their work more effective, so that there are not attacked, and they are protected."

TAI does not focus on getting users to select the best or safest tools. Instead, it wants people to understand the Chinese threat and make small changes. It models its campaigns after those in the public-health sector, and works both with the exile community and Tibetans in Tibet, making sure they understand how to send information outside the country safely.

"Tibetans in Tibet tend to have this idea: 'If the information gets out, I don't care what happens to me.' It's very courageous," said Lobsang. "But we want to help them get over that mentality, making them understand that [their well-being] is very important to the movement." That often means teaching simple tasks -- helping them understand how mobile networks and SIM cards work -- so that they can use low-risk communication methods.

This behavior change is key to TAI's mission, as a system is only as secure as its weakest link. If regular Tibetans are not secure, then potentially no one is.

"It's more about behavior and understanding security, and making sure you understand once you install an app, what those permissions mean, so you're better informed before doing anything."

"Our focus has been on what tools people are using already, and then what practices that can actually support that to be more secure," said Lobsang. "It's more about behavior and understanding security, and making sure you understand once you install an app, what those permissions mean, so you're better informed before doing anything."

Also key to the effort are partnerships with institutes such as Citizen Lab or other NGOs facing similar threats from Chinese state actors. Since that 2009 report, Citizen Lab has been releasing regular updates on the latest tactics being used by hackers to try to access Tibetans' and Tibet organizations' data, which directly inform TAI's training tactics.

It is a nonstop game of cat-and-mouse. As the Tibet movement's digital-security abilities and training improve, the Chinese government implements more-sophisticated hacking techniques. Members of the Tibet movement credit the integration of digital-security thinking for allowing it to keep pace with threats. According to Bhuchung K. Tsering, Vice President at the International Tibet Network, the everyday use of digital tools requires people and organizations to make security second nature.

"The best thing that we can do is be mindful of what we do all the time," said Tsering. "If we are mindful, then we will be more prepared to take those steps that might prevent the ... Chinese, or anyone else, from getting into our system."

No one really knows what Chinese hackers will attempt next -- it was only a few years ago that China even admitted to having a cyber army. But one thing that worries many is that the most ubiquitous app used in China is also commonly used among the exile community -- WeChat.

At core an instant messenger, WeChat was initially popular with many Tibetans as it allowed, for the first time, regular communication between those still in Tibet and those in exile.

"In Dharamsala, a lot of Tibetans use WeChat to just talk to their friends in groups," said an expert at Free Tibet, a UK-based NGO who preferred to remain anonymous. "By using WeChat outside of China, Tibetans are willingly giving up their security and privacy."

WeChat has serious security issues, and many believe it is readily sharing data with the Chinese government. Citizen Lab found line by line censorship of content when analyzing information flows between India and Tibet earlier this year around the Kalachakra teaching, which China deemed "illegal," held by the Dalai Lama in Bodh Gaya, India.

In China, several Tibetans have been arrested for sharing content deemed politically sensitive on WeChat. While more and more members of the community understand that discussing political topics or sharing images of, for example, the Dalai Lama, can put people at risk of being arrested, Lobsang is worried about something else entirely.

"Information is key. They want to know how the exile community thinks, and from a political perspective, that's a huge plus for them."

"Instead of them coming to hack us, we are going to a platform that is run by [China] in some ways, and sharing all of that information there," said Lobsang. "Information is key. They want to know how the exile community thinks, and from a political perspective, that's a huge plus for them."

Moving Tibetans to a more-secure chat app, such as Signal or Telegram, is a nonstarter due to the challenge of getting enough people to switch simultaneously. So TAI focuses instead on ensuring users understand what types of information WeChat can access, and, if possible, use the app on a separate dedicated phone when communicating with those inside Tibet. But getting users to understand how China could use even the simple, daily, nonpolitical communication to their benefit is a major challenge.

"There's a line that needs to be drawn, but it's hard to get people to understand how the concept of big data actually works," said Lobsang.

Tibetans are, of course, not the only targets of Chinese government hackers. While their unique situation puts them in line for scrutiny, more recent targets have included the Umbrella Movement in Hong Kong and US corporations. China's digital state could even, soon, include Facebook, which has been making overtures to enter the country and is creating censorship software that could make it more amenable to Chinese authorities.

While, at first, for small exile community to face off against a massive digital-security apparatus may seem insurmountable, size actually plays to Tibetans' advantage. The exile community is closely knit, and the near-constant threat of hacking since the 2008 uprising has helped create a culture of security throughout the movement.

"We have become more aware, more informed, and more literate ... about digital security and online security," said Jigdal. "We may be smaller, but if we were able to develop this practice on a day-to-day basis, it spreads faster, and therefore it's more doable."

For VOT, this meant hiring an IT consultant after the initial DDoS attack, conducting in-house training, and working with TAI to improve its own security culture. While its shortwave broadcasts still face jamming, its website has remained online, and information is, against all odds, getting through.

"No matter how much the Chinese repress Tibetans, they can't stop the flow of information."

"No matter how much the Chinese repress Tibetans, they can't stop [the flow] of information," said Peldon. "So even though the Chinese government constantly jam our programs and send attacks to our website, I'm surprised how Tibetans inside Tibet find different ways to bypass the censorship wall and hear us."

Tibetans in exile are more prepared digitally than ever before.

"Tibet Action Institute's awareness-raising work with Tibetans played a big role in making sure that it wasn't worth China's while to continue to spread malware the 'old way,'" said an expert at Free Tibet, who preferred to remain anonymous.

But the big picture still looks dire. Today, the situation in Tibet is deteriorating even more, with Freedom House ranking it the least-free country in the world. Tibetans are facing increased travel restrictions, fewer cultural rights and more arrests for even simple online transgressions.

"A risk from a ... different angle is Chinese online propaganda campaigns that attempt to normalize the current situation in Tibet or drown out social media posts about Tibet that criticize the occupation or attempt to publicize human-rights abuses," said John Jones, campaigns and communications manager at Free Tibet.

The 60th anniversary of the 1959 Tibetan Uprising is approaching. China is expected to ramp up measures, online and offline, and do all it can to ensure that no protests, either like the ones in 1959 or 2008, or the recent spate of self-immolations, take place in Tibet -- and if they do happen, that the rest of the world won't hear about it. After years of digital fortification, this may be the greatest test of the exile community's ability to go toe-to-toe with a Goliath in cybersecurity.

Image credits: Balint Porneczi/AFP/Getty Images (Chinese and Tibetan flags); Reuters/Press Association (Pro-tibet demonstrations); Wikimedia ('Free Tibet' banner); Tibet Action Institute (TAI workshop); Bernardo De Niz/MCT/Getty Images (Potala Palace).