GhostNet busters

April 15, 2009 at 2:00 am 1 comment

In my last post, I blogged about the crazed European Union directive that forces ISPs to snoop, monitor and surveil. Today’s post brings us more disturbing news – this time from China. (Thx to Murali for bringing this to my attention).

Seems a 10 month investigation into whether the Dalai Lama’s computers had malware has exposed a vast spy network. The University of Toronto, Canada, was asked to check out the Dalia Lama’s computers and in the course of their investigation found…. at least 1,295 computers in 103 countries are the victims of computer espionage (including the Dalai Lama’s). The researchers have dubbed it GhostNet and believe the spying on computers and documents is focused on the governments of South Asian and Southeast Asian countries. Some of the computer systems the researchers are pretty confident have been infected are:

  • ASEAN (Association of Southeast Asian Nations)
  • Asian Development Bank
  • Associated Press, UK
  • Consulate General of Malaysia, Hong Kong
  • Department of Foreign Affairs, Indonesia
  • Department of Foreign Affairs, Philippines
  • Russian Federal University Network, Russian Federation
  • Indian Embassy in Kuwait

This covert operation may originate in China say the researchers – because GhostNet appears to be controlled by computers based in China, although China is busy denying this.

I found the researchers’ paper on Scribd and it’s quite disturbing reading. GhostNet attackers seem to have gained access to computers installed in foreign ministries, stolen documents and gained control of microphones and webcams of infected computers. GhostNet directs infected computers to download a Trojan (horse) known as ghOst RAT (remote access tool) that allows attackers to gain complete, real-time control.

And it looks as though very specific, high-value documents were targeted and downloaded. Some Cambridge Uni researchers, who were part of the investigation, have released their own report (called Snooping Dragon) and they point the finger of blame at China. Of course, the Russians, the Americans and the Israelis all have computer espionage capabilities, so who knows. Or a private organisation could be trying to lay hands on information to sell. Or possibly it’s a bunch of patriotic Chinese hackers targetting pro-Tibet activities.

Now, the wider implications of GhostNet are clearly the real world implications. Following an email invitation from the Dalai Lama’s office to a foreign diplomat, the Chinese Government picked up the phone to discourage the diplomat. And a China-bound traveler who had used the Internet to help put Tibetan exiles in contact with Chinese dissidents was stopped at the Chinese border, shown transcripts of the online exchanges, and warned to stop. Coincidence? Is this a new Cold War?


Entry filed under: China, Computers. Tags: , , , , , .

Overstepping the boundary? The shape of things to come

1 Comment Add your own

  • 1. Paris  |  April 16, 2009 at 12:49 pm

    No New Cold War, unlike USSR, China is holding lots of US treasury bonds, has the power to economically colonise the former european colonies AND the scientific abilities to control us all…
    Chinese governement has the potetial to be the first Big Brother, the first global dictature.

    Knowing is half way to freedom…taking steps to prevent the above from hapening is the other long half way:
    – saying no to the brands (individually)
    – relocalisation (corporate decision that are heavily influenced by OUR purchase)
    – trying to be ‘offgrid’ as much as possible : meeting face to face instead of on facebook 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Search ThinkingShift

   Made in New Zealand
     Thinkingshift is?

ThinkingShift Tweets

Flickr Photos

This work is licensed under a Creative Commons Attribution 2.5 Australia License.

ThinkingShift Book Club

Kimmar - Find me on

%d bloggers like this: