Hard on the heels of AlienVault publishing its research into spear phishing attacks against a number of Tibetan organisations, activists have now started spoofing the IT security specialist's email addresses and attempting to infect pro-Tibetan recipients with malware.
According to Jamie Blasco, head of labs at AlienVault, the Security Information and Event Management (SIEM) solutions specialist, this is a case of imitation being the sincerest form of flattery.
"As we said previously, the original series of spear phishing attacks represents a serious escalation into cyberspace of the cold war that has existed between the two countries since the Chinese army marched into majority Tibetan territory back in 1950. The fact that the pro-Chinese sympathisers have taken our research seriously enough to start trying to blacken our name indicates that our message about the Chinese cyber attackers has hit home - and the cybercriminal activists are not happy," he said.
"Whilst the pro-Chinese sympathisers are clearly trying to tarnish AlienVault's reputation with their actions, I'm very happy the message is getting through to the media that the ongoing cold war between China and Tibet has spilled over into cyberspace. We have seen Tibetan sympathisers turn to self-immolation in their quest to bring their plight to the attention of Western governments, so any effect on our reputation pales into significance alongside their sacrifices," he added.
Blasco went on to say that, as fellow security researcher Brian Krebs noted earlier this week, the Chinese sympathisers are turning to automated bots to spam Twitter users sympathetic to the problems in Tibet, generating a flood of meaningless tweets in their quest to suppress political dissent.
Krebs, he explained, is reporting that Tibetan sympathisers have noticed that several Twitter hash tags related to the conflict - including #tibet and #freetibet - are now being inundated with junk tweets from automated Twitter accounts controlled by the Chinese government and/or its sympathisers.
This is, he says, an illustration of the fact that the Chinese/Tibetan cold war has truly entered cyberspace, but the good news is that their campaign appears to have backfired as it has reinforced the attentions of the world's media on the light of the Tibetans and their supporters.
A report from the Associated Press about 30 Tibetans setting themselves on fire to protest the suppression of their Buddhist culture and to call for the return of the Dalai Lama - has now gained worldwide attention, meaning that the pro-Tibetan activists are achieving their aim, he adds.
Blasco says that he is immensely proud of the fact that AlienVault's decision to report on the cyber conflict between China and Tibet - and which has resulted in the company's good name being hijacked by anti-Tibetan cybercriminals - is raising the profile of the Tibetan's plight.
"As I said last week, our research suggests that the attacks we have been tracking over the last month are linked to the Kalachakra Initiation, a Tibetan religious festival that took place in early January. The spear phishing emails are quite sophisticated and feature an attachment that exploits a stack overflow vulnerability dating back to last September," he said.
"Yes, AlienVault has effectively been drawn into the cyber conflict itself, but we plan on continuing to report on this humanitarian cause for as long as it takes. Our email spoofing problems are nothing compare to the problems that Tibetans are facing," he added.
"And in a year when the Olympics are taking place in London, it is to be hoped that the Chinese government's actions against the people of Tibet gain the media attention that were clearly suppressed at the Beijing Olympics four years ago," he added.