China-based network caught in global cyber-espionage
The network, known as GhostNet, infected 1,295 computers in 103 countries and penetrated systems containing sensitive information in top political, economic and media offices, according to a new report.
Ottowa -- A shadowy cyber-espionage network based mostly in China has infiltrated secret government and private computers around the world, including those of the Dalai Lama, Canadian researchers said Sunday.
The network, known as GhostNet, infected 1,295 computers in 103 countries and penetrated systems containing sensitive information in top political, economic and media offices, the researchers found in a report.
Many of the compromised computers were found in the embassies of Asian countries, such as India, Indonesia, Malaysia, Pakistan, Thailand and Taiwan.
The embassies of Cyprus, Germany, Malta, Portugal and Romania as well as the foreign ministries of Bangladesh, Bhutan, Iran and Latvia were also targeted.
"Up to 30 percent of the infected hosts are considered high-value targets and include computers located at ministries of foreign affairs, embassies, international organizations, news media and NGOs," the report said.
The report, by the group Information Warfare Monitor, was commissioned by the Dalai Lama's office alarmed by possible breaches of security.
The 10-month investigation by specialists based at the University of Toronto found the spying was being done from computers based almost exclusively in China.
But researchers said while its findings were disturbing there was no conclusive evidence the Chinese government was involved, highlighting that China now had the world's highest number of Internet users.
"We do not know the motivation or the identity of the attackers or how to accurately characterize this network of infections as a whole," the report said.
"Attributing all Chinese malware to deliberate or intelligence gathering operations by the Chinese state is wrong and misleading," the report said.
"The sheer number of young digital natives online can more than account for the increase in Chinese malware."
The investigation between June 2008 and March 2009 focused on the Tibetan community, thanks to the unparalleled access the team was given to Tibetan missions in Dharamsala as well as in London, Brussels and New York.
"The Tibetan computer systems we manually investigated ... were conclusively compromised by multiple infections that gave attackers unprecedented access to potentially sensitive information," the report said.
Their work led them to a broader operation that had infiltrated at least 1,295 computers in less than two years.
By installing malware on the computers, the hackers were able to get the infected systems to send them top-secret information.
"From the evidence at hand, it is not clear whether the attacker(s) really knew what they had penetrated, or if the information was ever exploited for commercial or intelligence value," the report said.
"This report serves as a wake up call," the authors pointed out. "At the very least a large percentage of high-value targets compromised by this network demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet."
The newly reported spying operation is by far the largest to come to light in terms of countries affected, the New York Times said.
GhostNet continues to invade and monitor more than a dozen new computers a week, the researchers warned.
However, they found no evidence that US government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated.