Blog

Global ‘cyber spy’ network revealed

Global ‘cyber spy’ network revealed

The Canadian team said the “GhostNet” system was armed with sophisticated spy tools [GALLO/GETTY]

A cyber spy network based almost entirely in China has hacked into computer networks around the world, stealing classified information from governments and private organisations in more than 100 countries, a team of Canadian researchers has reported.

The system, dubbed “GhostNet” by the researchers, infiltrated networks in dozens of embassies, foreign ministries, government departments and offices in several cities belonging to the Dalai Lama’s Tibetan government-in-exile, the Canadian team said.

The network was uncovered after the Munk Centre for International Studies was initially approached by the Dalai Lama’s office to investigate allegations of Chinese espionage.

In over 10 months of study, they then found a far larger spy network, targeting more than 1,295 infected computers in 103 countries.

‘High-value targets’

According to one of the researchers, close to 30 per cent of the infected computers “are considered high-value political and economic targets”.

‘GhostNet’

Spy network based almost entirely in China, although it is not clear who is running it or for what purpose

 Network uses malicious software, or “malware” installed in remote computers, allowing hackers to retrieve files and information at will

 Software allows hackers to remotely switch on infected computers’ webcams and microphones, enabling them to listen in on conversations

 Researchers say at least 1,295 computers in 103 countries were found to be infected

They include computers located at ministries of foreign affairs, embassies, international organisations, news media, and NGOs, Ronald Deibert, director of Munk’s Citizen Lab, wrote in an email.

The study did not name specifically which governments had been targeted by the spy network, although the researchers said the system was focused on the governments of South and Southeast Asian nations.

They said they had seen no evidence that US government offices had been breached.

The researchers said the GhostNet system – which they described as still active – had been armed with a wide-ranging set of tools, including the ability to retrieve documents, and turn on web cameras and audio systems to act as remote listening posts.

The study found that the network was based almost exclusively in China, although the researchers stopped short of saying the Chinese government was involved in the system.

Easy to hide

“One of the characteristics of cyber-attacks of the sort we document here is the ease by which attribution can be obscured,” Deibert said.

Chinese officials have denied the government is involved in cyber spying [GALLO/GETTY]

“Regardless of who or what is ultimately in control of GhostNet, it is the capabilities of exploitation, and the strategic intelligence that can be harvested from it, which matters most.”

He said the study highlighted the growing capabilities of cyber attacks and the ease with which the internet can be used to gather high value and sensitive information.

Speaking to The New York Times, a spokesman for the Chinese Consulate in the city dismissed the idea China was involved.

“These are old stories and they are nonsense,” Wenqi Gao, told the paper.

“The Chinese government is opposed to and strictly forbids any cybercrime.”

Leave a Reply