Massive Cyber Espionage Operation Uncovered

Canadian investigators reported this weekend that the computers of government and private offices in over 100 countries around the world have been infiltrated by a huge cyber espionage operation. 

Private documents were stolen by the spy system, which is allegedly controlled by computers based primarily in China. The Canadian researchers who put the report together caution against jumping to the conclusion that the Chinese government is involved in the cyber attacks.

The researchers stumbled upon the operation while looking into the computers of the Dalai Lama, who asked them to scan his machines for malicious software – also known as malware. The far-reaching op they ended up discovering has, in less than 2 years, hacked into at least 1,295 computers in 103 countries.

The victimized computers include machines in embassies and foreign ministries, as well as other government offices. Computers in the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York have also been inflitrated. Although it does not appear that any U.S. federal computers are among those infected, a NATO computer was spied upon for half a day and the computers of the Indian Embassy in Washington, D.C. have also been under surveillance.

The cyber spy system has been called GhostNet, and its focus seems to be the Dalai Lama and the governments of South Asia and Southeast Asia, which could explain why no U.S. government computers have been compromised. That said, it is the largest operation discovered of its kind in terms of the number of countries that have been affected.

Although the researchers have figured out how the system operates, it is still spying full steam ahead…invading and monitoring more than 12 new computers every week. The malware, once installed remotely on a computer, can even turn on the infected computer’s audio and video capabilities to monitor what’s going on in the room where the computer is located!

The researchers have been able to watch the spying in action, and they know that the spies have stolen files and correspondence, the latter specifically by cracking into the Dalai Lama’s email servers. It seems the stolen information may have been used by the Chinese to uncover and discourage various forms of interaction with Tibet, including a visit from a foreign diplomat and the work of a woman helping Chinese citizens and Tibetan exiles to communicate with each other.

International law enforcement agencies have been notified, but so far no reported steps have been taken to put a stop to the cyber espionage system. It is known that intelligence agencies around the world use forms of cyber espionage to gather intelligence for their respective governments.

Computers have been infected by the supposedly Chinese malware in two methods, both email based. The first: A user clicks on an email attachment, allowing the spy system to stealthily install malicious software onto the computer’s operating system. The second: A user clicks on a Web link in an email message that allows for much the same to happen.

The system’s control panel – accessible via a standard browser – is surprisingly unprotected. The researchers used trial and error to figure out the Chinese-language commands that give them access to 1,200+ computers. They have included in their report a list of the computers that have been infected since May 22, 2007.

images courtesy of www.afcea.org and www.cnn.com