'GhostNet' Spies on Dali Lama, GovernmentsBy Lawrence Walsh | Posted 2009-03-29 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Canadian researchers discover massive, global computer spy network that gave its operators the ability to monitor the Dali Lama and other governments. The source of the network is believed to be in China.
The Dali Lama, the exiled Tibetan leader, is among the many victims of a vast, global computer spy network uncovered by Canadian researchers at the Munk Center for International Studies in Toronto.
The New York Times broke the story over the weekend, detailing the findings of the report by the Canadian researchers who found that a vast spy network—dubbed the GhostNet—compromised more than 1,295 computers in 103 countries for at least two years.
The GhostNet—which researchers believe originates in and is managed by someone in China—gave the operators the ability to monitor data at embassies and government agencies around the world. The researchers found extensive penetration into the offices of the Tibetan government in exile, which operates in India, Brussels, London and New York. The group reports that governments of Southeast Asia—Vietnam, Taiwan, Laos, Cambodia, among others—were also high targets.
While the source of the spy network is pinpointed to be in China, the researcher declined to peg the Chinese government or government-sanctioned groups in China with responsibility.
"We're a bit more careful about it, knowing the nuance of what happens in the subterranean realms," said Ronald Deibert, a member of the Munk research group, based at the University of Toronto. "This could well be the CIA or the Russians. It's a murky realm that we're lifting the lid on."
The Chinese government had dismissed the report’s findings, as well as any connection to the spy network. "These are old stories and they are nonsense. The Chinese government is opposed to and strictly forbids any cybercrime," a spokesperson for the Chinese consulate in New York told the New York Times.
The Canadian researchers launched their investigation at the request of the Dali Lama’s offices, which wanted a review of its computer systems for possible infection of malware, Trojans and other surveillance software. What the researchers uncovered was sophisticated malware that gave the spy network controllers the ability to turn on Web cameras and record conversations with video and audio.
While the Munk researchers found no evidence that any U.S. government computer system were compromised by the network, a large concentration of computers in the United States were found to be part of the network.
Since the Times report went live Saturday, reports have surfaced that the Munk Center’s Web site has been so inundated that it’s caused periodic outages and delayed responses.
The Munk Center report on the GhostNet comes just days after a Pentagon report on China’s growing military posture and plans to deploy sophisticated weapons systems, including offensive cyber attack systems.
China is one of the hottest spots for hacking and cyberwarfare capabilities. Chinese and U.S. hackers have dueled several times over the last decade as part of probing actions and full-fledge conflicts over real-world political tensions.
While the targets of foreign hacking and spying are often government systems and agencies, commercial networks are often targeted as a resource. Through botnets, such as the GhostNet, foreign hackers are able to leverage the computing power and distributed systems to both amplify their attacks and conceal their source.
Experts advise solution providers to monitor their clients’ network activity for anomalous traffic, suspicious applications and packet flow spikes.