A VAST cyber-spy network run mostly from servers in China has been able to hack into 1,295 computers in 103 countries around the world, including Cyprus government offices in Germany and Belgium and the Indian High Commission in Nicosia, according to researchers.
Researchers from the universities of Toronto and Cambridge uncovered a massive electronic espionage system called GhostNet, which they claim has been used mainly to infiltrate government offices in south and south-east Asia, as well as the Tibetan government-in-exile in India.
The hackers access computers using malicious software, or malware, sent to computers via email. The unsuspecting recipient opens the electronic door to the hackers by either opening an attachment in the email or clicking on a link to a website.
From that point, the computer is infected and the intruder can access any files on the computer, or even give commands to switch on the webcam or microphone functions, giving the cyber spooks intrusive access.
The spy network was uncovered after the Dalai Lama asked researchers to search their computers in the Indian hill station of Dharamsala for malware. The researchers soon discovered that the security breach extended much wider than the offices of the Tibetan spiritual leader, spanning 1,295 computers in 103 countries, which affect private companies as well as foreign ministries and embassies.
No US government computers were found to be affected, though countries around Asia had all been targeted, while Cyprus was also included in the list. According to the report, the Cyprus Embassy in Germany and the Permanent Representation in Brussels were infiltrated, as was the Indian High Commission in Nicosia.
Researchers found that a NATO computer was monitored briefly by the spies as were computers of the Indian Embassy in Washington.
After ten months of study, they concluded that around a third of all infected computers were considered “high-value political and economic targets”.
Though tracing three out of four servers at the centre of the cyber network to China, the Canadian researchers were reluctant to point the finger directly at the Chinese government.
A member of the research group told the New York Times that the spying could be part of a non-state, for-profit operation, or even run by private Chinese citizens known as “patriotic hackers”.
“We’re a bit more careful about it, knowing the nuance of what happens in the subterranean realms,” said Ronald J. Deibert, an associate professor of political science at Munk. “This could well be the CIA or the Russians. It’s a murky realm that we’re lifting the lid on.”
However, their colleagues at Cambridge University were clearer on the source of the intrusion. In their report, titled “The Snooping Dragon: social-malware surveillance of the Tibetan movement”, the two researchers name the Chinese government as the ringleader of the spy network.
They further warn in their report that other hackers could use the same malware tactics for other criminal operations.
“What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less-developed countries will follow in due course,” said the Cambridge researchers in their report.
According to NYT, a spokesman for the Chinese Consulate in New York dismissed the allegations. “These are old stories and they are nonsense. The Chinese government is opposed to and strictly forbids any cybercrime,” said spokesman Wenqi Gao.
A spokesman for the Chinese Embassy in London suggested to the BBC that the findings were part of a “propaganda campaign” by the Tibetan government-in-exile.
