“When this kind of attack happens to us, it not only tarnishes the credibility of Tibet Times among our viewers but more importantly it jeopardizes their safety as well through potential device infections. Naturally it also creates a worrisome and annoying situation in our working process.”

Targeted malware is not only delivered through emails or messages. It can also spread through the community by infecting trusted websites. Like a village well, websites for Tibetan media and organizations serve as vital resources for the community. If you poison the well, you poison the village. A “watering hole attack” describes this type of action online. Attackers get unauthorized access to websites and infect them with malware. When visitors visit the website they are at risk of their computer being infected by the malware and giving access to the attackers. The modus operandi of these attacks is particularly insidious, as compromised websites automatically download malware onto visitors’ devices without their knowledge. This method bypasses the need for attackers to target individuals individually, streamlining the process, and maximizing the impact.

Tibetan media and organizational websites, including those of the CTA and the Office of His Holiness the Dalai Lama (OHHDL), have been frequent targets.¹⁸ Community resource websites have also fallen victim including Tibetan Homes Foundation, and a Tibetan school in the diaspora.

Tibet Times started as a Tibetan-language newspaper before evolving into a comprehensive media outlet, offering a Tibetan-language website and a mobile app to disseminate accurate information and breaking news about Tibet. In 2013, a scan for malicious ;omls on the TibetTimes website revealed a disturbing discovery: visitors to the site unwittingly opened a malicious domain, potentially exposing their devices to malware.

Websites like TibetTimes that publish news on the human rights violations occurring inside Tibet, covering in Tibetan, English and Chinese, attracting visitors from Tibet and worldwide. However, these attacks not only harm the credibility and integrity of TibetTimes but also endanger website visitors. For individuals from Tibet, such attacks could have serious consequences, if found accessing or sharing content deemed sensitive by the PRC, individuals could face harassment, surveillance, or even legal repercussions.