Prominent Tibetan Dissident Blogger Hacked, Impersonated on Skype

Danny O'Brien of the EFF says,

Tsering Woeser, the prominent Tibetan poet and blogger, has been under attack from the Chinese nationalist hacker team Honker Union. Her Skype account has been broken into, and now other dissidents are being contacted by people pretending to be Woeser.
Please stop any communication with “Degewa” on Skype, delete or lock out this user’s name from your Skype account, warn anyone you know who might try to contact me through Skype, tell them to cease contact with “Degewa.” From now on, if you receive any Skype message from “me” in any other users’ name, please speak first (Tibetan friends, please speak in Tibetan) to verify “my identity.” If the other side of the contact refuses to talk, it means you are not in touch with me.
Many dissidents across the world use Skype for communications because of its (closed and unaudited) encryption; it's worth remembering that even if the channel is protected, the person on the other end may not be who you think it is.
Link (thanks, also, Han Shan).


  1. They could also believe they’re doing something “good for their country”. As we’ve watched events unfold around the Olympics, I’ve been amazed (though perhaps I shouldn’t be) to see many reports of Chinese citizens claiming that the Tibetans are anything from malcontents to terrorists.

    It would seem that the government’s propaganda has been a bit too effective — remember some weeks ago when they had to ask people to *not* attack Carrefour stores after some incidents surrounding the torch in Paris?

  2. JGW, now replace in your first paragraph, “Tibetans” with “Muslims” and “Chinese” with “Western”, and “Olympics” with “Middle-East”. :)

  3. Occurs to me that a good way to disrupt communication with a dissident would be to have impersonators convince the dissident’s contacts to block and remove their username!

  4. It’s always frustrating to see these cases and know that there are good technological solutions to these problems (in the case of stolen identity, a PGP key with a revocation key). Not to mention technologies which would have prevented the attack in the first place (in this case an encrypted storage medium and secured computer)

    And yet, even though these solutions exist, they’re totally out of reach for the people who need them, not because of government repression, but just because they’re too complicated and technical to use.

    Some people say that it has to be that way – you have to educate yourself about the principles and practices of encryption, because it’s the only way you can be sure it’s working correctly. After all, if you’re just clicking a magic “encrypt” button and assuming it’s working, you’re setting yourself up for problems.

    But I think I disagree, because it’s obvious that real dissidents in seriously hostile surveillance environments are doing just that. They communicate with Skype, for fucks sake! Getting dumbed down security tools into these people’s hands isn’t a perfect solution, but it may offer a lot more protection than they have now.

    Anti-government organizers aren’t going to stay quiet until they have perfect security, and they’re not going to stay quiet until they have a masters in cryptography. They’re going to speak out no matter what, and the best we can do is make some tools available that they can actually use.

  5. All together now:

    “Why don’t you want to be monitored by the government, unless you have something to hide?”

    Because sometimes the government is after you because they don’t like you, not because you are a “criminal”. If they don’t like you, they can always make what you do or say criminal. Eating a cookie could be criminal if someone passes a law.

    This, children, is why you should opposed GPS trackers in your phones, mandatory car tracking (coming soon), fMRI thought scanning (also coming soon), voice comm monitoring, internet monitoring, drug testing, drug sweeps, no-warrant searches, “suspension” of rights during “wartime”, and all the other garbage America, Australia, Canada and the UK have swallowed these past years.

    The question isn’t what we are trying to hide, as much as what they are trying to find out.

  6. Just to let people know, we got word from Skype: “Skype can confirm that, in accordance with our normal procedures when we have reasonable suspicion that a Skype account has been taken over, we have permanently suspended user name “degewa”‘s Skype account.”

  7. While I’d still like to see more openness on the part of Skype regarding their encryption, the implication that someone had to go as far as hijacking Woeser’s computer makes it fairly clear Skype at least doesn’t do what American internet giants do when China asks for a spot of political complicity.

Comments are closed.