In my last post, I blogged about the crazed European Union directive that forces ISPs to snoop, monitor and surveil. Today’s post brings us more disturbing news – this time from China. (Thx to Murali for bringing this to my attention).
Seems a 10 month investigation into whether the Dalai Lama’s computers had malware has exposed a vast spy network. The University of Toronto, Canada, was asked to check out the Dalia Lama’s computers and in the course of their investigation found…. at least 1,295 computers in 103 countries are the victims of computer espionage (including the Dalai Lama’s). The researchers have dubbed it GhostNet and believe the spying on computers and documents is focused on the governments of South Asian and Southeast Asian countries. Some of the computer systems the researchers are pretty confident have been infected are:
- ASEAN (Association of Southeast Asian Nations)
- Asian Development Bank
- Associated Press, UK
- Consulate General of Malaysia, Hong Kong
- Department of Foreign Affairs, Indonesia
- Department of Foreign Affairs, Philippines
- Russian Federal University Network, Russian Federation
- Indian Embassy in Kuwait
This covert operation may originate in China say the researchers – because GhostNet appears to be controlled by computers based in China, although China is busy denying this.
I found the researchers’ paper on Scribd and it’s quite disturbing reading. GhostNet attackers seem to have gained access to computers installed in foreign ministries, stolen documents and gained control of microphones and webcams of infected computers. GhostNet directs infected computers to download a Trojan (horse) known as ghOst RAT (remote access tool) that allows attackers to gain complete, real-time control.
And it looks as though very specific, high-value documents were targeted and downloaded. Some Cambridge Uni researchers, who were part of the investigation, have released their own report (called Snooping Dragon) and they point the finger of blame at China. Of course, the Russians, the Americans and the Israelis all have computer espionage capabilities, so who knows. Or a private organisation could be trying to lay hands on information to sell. Or possibly it’s a bunch of patriotic Chinese hackers targetting pro-Tibet activities.
Now, the wider implications of GhostNet are clearly the real world implications. Following an email invitation from the Dalai Lama’s office to a foreign diplomat, the Chinese Government picked up the phone to discourage the diplomat. And a China-bound traveler who had used the Internet to help put Tibetan exiles in contact with Chinese dissidents was stopped at the Chinese border, shown transcripts of the online exchanges, and warned to stop. Coincidence? Is this a new Cold War?