The Gmail account of Tenzin Seldon ‘12, a regional coordinator of New York-based Students for a Free Tibet, was spied on by a third party in China. The repeated infiltrations reported by other businesses have led Google to move toward ending its business operations there. (Courtesy of Tenzin Seldon)
When Tenzin Seldon ‘12 logged into her Gmail account from New York over winter break, she had no idea that someone else was also logged into her account — from China. Nor did she know that she had become part of Google’s investigation into a suspected widespread cyber-attack program potentially centralized across the Pacific.
Seldon, a regional coordinator of New York-based Students for a Free Tibet, is one of dozens of human rights activists whose Gmail account had been spied on by a third party in China, according to a Jan. 12 statement from Google. But only two Gmail accounts were accessed by hackers.
“If they’re willing to put so much of their resources into monitoring a 20-year-old like me from Stanford, who’s an activist, that means I’m really doing my job,” Seldon said. “I’m being an activist for those people who need their voices to be amplified.”
On Jan. 7, University officials contacted Seldon to inform her that her private Gmail account had been hacked, Seldon said. The official, whose confidentiality Seldon chose to protect, directed her to contact David Drummond, senior vice president and chief legal officer at Google.
“He immediately told me that my e-mail had been compromised,” Seldon said. “They knew for a fact that it was someone in China because they could trace the I.P. address.”
Martin Lev, Google’s director of security and safety, came to her dorm to pick up her laptop and test it for malware later that evening, she said. Two days later, Seldon was informed that her computer contained no malware or viruses, a surprising fact given that private information, like Seldon’s password, is usually accessed through spyware placed on the user computer.
“This meant that someone from China actually had access to my password,” Seldon said.
Online accounts are commonly compromised when users have an easily guessed password, use the same password on multiple computer accounts, or use a kiosk-style computer, according to Matthew Ricks, executive director of the division of IT services that includes Stanford’s e-mail services.
Seldon, however, has the caution of someone with years of experience as a Tibetan activist. She was born and raised in Dharamsala, India, where the Tibetan government in exile is located. Her parents took asylum there after fleeing Tibet on foot, she said.
Seldon has been active in Students for a Free Tibet since high school. Over the years, she has seen the organization’s Web sites and blogs defaced with “F*** Tibet” by hackers. Seldon said she has even received death threats in the past.
During the March 2008 demonstrations in Tibet, pro-Tibet human rights organizations saw a “dramatic increase in cyber attacks,” according to Kate Woznow, deputy director of Students for a Free Tibet. False e-mails were sent in the name of group members, and cell and office phones were jammed.
During the Olympics Games in Beijing later that year, cyber attacks continued. Tenzing Tethong, a visiting Tibetan scholar at Stanford, said that during that time his e-mail contacts were somehow accessed and his acquaintances received e-mails from an account in his name. Tethong also uses Gmail and to his knowledge, his e-mail has not been hacked.
Woznow recalls that an online security contractor told her they had never seen that number or type of attack before, adding that it clearly was an organized, concerted attempt to gather information and decrease the group’s efficiency.
The attack on Seldon’s Gmail account is different than previous cyber attacks, Woznow said.
“What’s really unique about Seldon’s case is that . . . they couldn’t find any malware, so this is a new level, a new wave of these kinds of cyber attacks,” she said. “And the fact that Google users were targeted makes this pretty unique because Google prides itself on security.”
A source from Google familiar with the investigation, who spoke on the condition of anonymity, confirmed Seldon’s account. The Google source believed Seldon was a victim of a sophisticated malware that erases itself from the computer’s hard drive after accessing passwords and information. Google was not able to comment further on other victims of hacking due to the ongoing investigation.
Google announced on Jan. 12 that it was considering ending its business operations and filtering in China. According to Google, at least 20 other companies covering a wide range of businesses have also been targets of cyber attacks and surveillance. These other companies, including Yahoo! and Adobe, have not said they will end business relations with China.
“The environment in which we’re operating in terms of China is not getting better,” the Google source said. “So, we’re no longer comfortable filtering search results.”
President John Hennessy, who sits on Google’s board of directors, said in an e-mail to The Daily that “the Google decision was a difficult one for the company, but in the end, the company felt that staying in China could endanger its users and potentially its employees.”
Hennessy believes that e-mail infiltration is an obvious concern that students need to both understand and take steps to better protect themselves against.
Seldon, who in high school protested the launch of Google China, now applauds the corporation for taking a stand for what she called “freedom, equality and justice.”
“I feel like the fact that I am all the way here in America and I’m a U.S. citizen, and China can impede on my rights to personal freedom and my rights to know that I won’t be spied on, tells me something about the government,” she said.