Chinese-based digital spy network uncovered

[Valdez]

A cyber spy network based mainly in China has tapped into classified documents from government and private organizations in 103 countries, including the computers of Tibetan exiles, Canadian researchers said Saturday.

The work of the Information Warfare Monitor initially focused on allegations of Chinese cyber espionage against the Tibetan community in exile, especially the Dalai Lama, who is frequently denounced by Chinese officials.

The research eventually led to a much wider network of compromised machines, the Internet-based research group said.

Information Warfare Monitor is a joint effort of the SecDev Group in Ottawa and the Citizen Lab at the University of Toronto.

The group said in a news release Sunday that investigators conducted field research in India, Europe and North America, including in the private office of the Dalai Lama, the Tibetan government-in-exile and several Tibetan NGOs.

Investigator Greg Walton said: "We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama."

During the second phase of the investigation, the data led to the discovery of insecure, web-based interfaces to four control servers. The interfaces allow attackers to send instructions to and receive data from compromised computers.

"What we found is not so much unprecedented in scope and sophistication," said Nart Villeneuve, a senior IWM analyst.

"But the relatively small size of the network and concentration of high-value targets is significant. It does not fit the profile for a typical cyber crime network."

Principal investigators Ron Deibert and Rafal Rohozinski said: "This report serves as a wake-up call."

"At the very least, the large percentage of high-value targets compromised by this network demonstrates the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet."

The compromised computers included, among many others, the ministry of foreign affairs of Iran; the embassies of India, South Korea, Indonesia, Thailand, Taiwan, Portugal, Germany and Pakistan; the ASEAN Secretariat; the Asian Development Bank; news organizations and an unclassified computer located at NATO headquarters.

The research group said while its analysis points to China as the main source of the network, it has not conclusively been able to detect the exact identity or motivation of the hackers.

A spokesman for the Chinese Consulate in New York dismissed the idea that China was involved.

The researchers said they have notified international law-enforcement agencies of the spying operation.

The F.B.I. declined comment on the operation.

The full report of the investigation entitled, "Tracking GhostNet: Investigating a Cyber Espionage Network," was released online Sunday.

http://ca.news.yahoo.com/s/capress/090329/world/computer_spying

An electronic spying operation based primarily in China has infiltrated government and private computers in 103 countries around the world, including those of the Dalai Lama, according to a report released Sunday.

The report, compiled by specialists based at the Munk Center for International Studies at the University of Toronto, said the spying was being done from computers based almost exclusively in China.

"Up to 30 percent of the infected hosts are considered high-value targets and include computers located at ministries of foreign affairs, embassies, international organizations, news media and NGOs (non-governmental organizations)," the report said.

However, the researchers said they could not argue conclusively that the Chinese government was involved.

They insisted that attributing all these operations to intelligence gathering by the Chinese state "is wrong and misleading."

"Numbers can tell a different story," the report said. "China is presently the world's largest Internet population. The sheer number of young digital natives online can more than account for the increase in Chinese malware."

The investigation started when the office of the Dalai Lama, the exiled Tibetan leader, asked them to examine its computers for signs of malicious software.

Their work led them to a broader operation that had infiltrated at least 1,295 computers in in less than two years.

Some of these computers belonged to the Dalai Lama?s Tibetan exile centers in India, Brussels, London and New York.

"This report serves as a wake up call," the authors pointed out. "At the very least a large percentage of high-value targets compromised by this network demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to to create a very effective spynet."

The researchers said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.

The newly reported spying operation is by far the largest to come to light in terms of countries affected.

The operation continues to invade and monitor more than a dozen new computers a week, according to the report.

However, the researchers found no evidence that US government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated.

http://ca.news.yahoo.com/s/afp/090329/canada/canada_china_computer_spy

 

[Netto Azure]

LOL. I posted the link to this on the "Worm" Thread.

BTW, this should be in the Sci&Tech forum =O

Should be obvious but:
China denies spying allegations

China has denied involvement in the electronic spy network which researchers say infiltrated computers in government offices around the world.

The spokesman of the Chinese embassy in London said that there was no evidence to show Beijing was involved.

He suggested the findings were part of a "propaganda campaign" by the Tibetan government in exile.

The research was commissioned by the Dalai Lama's office alarmed by possible breaches of security.

Anyways, no offense but it's still a wonder to me how the Chinese Government can't know this if the average Chinese Internet connection is always censored by the Great Firewall of China.

But then again there's a lot of Techies out there.

 

[C7CACorncas12]

A cyberespionage network out of China I see right now... which, admittedly, has me keeping an extra eye on my laptop. As for the Chinese leadership, either they're hiding something about these hackers, or said hackers have outsmarted them. We may not necessarily know much about this specific incident for now, but I would support a Cybersecurity Division within the Defense Department -- right alongside a (possible) private intelligence network to counter incidents like this in the future.