Major cyber spy network uncovered
An electronic spy network, based mainly in China, has infiltrated computers from government offices around the world, Canadian researchers say. They said the network had infiltrated 1,295 computers in 103 countries. They included computers belonging to foreign ministries and embassies and those linked with the Dalai Lama - Tibet's spiritual leader. There is no conclusive evidence China's government was behind it, researchers say. Beijing also denied involvement.
The report comes after a 10-month investigation by the Information Warfare Monitor (IWM), which comprises researchers from Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies. They were acting on a request from the Tibetan spiritual leader's office to check whether the computers of his Tibetan exile network had been infiltrated. Researchers found that ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan appear to had been targeted. Hacked systems were also discovered in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.
Analysts say the attacks are in effect industrial espionage, with hackers showing an interest in the activities of lawmakers and major companies. The researchers said hackers were apparently able to take control of computers belonging to several foreign ministries and embassies across the world using malicious software, or malware. "We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama," investigator Greg Walton was quoted by the Associated Press news agency as saying.
They say they believe the system, which they called GhostNet, was focused on governments in Asia. By installing malware on compromised computers, hackers were able to take control of them to send and receive classified data. In this case, the software also gave hackers the ability to use audio and video recording devices to monitor the rooms the computers were in. But investigators said they did not know whether or not this element had been used. According to the New York Times, the spying operation is the largest to have been uncovered in terms of the number of countries affected. In an abstract for the report entitled The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement - posted on the IWM website - investigators said while such attacks were not new, these particularly stood out for their ability to collect "actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed".