Join our Mailing List

"For a happier, more stable and civilized future, each of us must develop a sincere, warm-hearted feeling of brotherhood and sisterhood."

Chinese cyber spy network hacks into 103 nations

March 31, 2009

China accused of running 'GhostNet' after Dalai Lama's office raise alarm
By Andrew Buncombe in Delhi
The Independent (UK)
March 30, 2009

Sensitive data belonging to the Dalai Lama and
the exiled Tibetan government has been downloaded, say experts

The Chinese government is under pressure to
answer allegations that it is operating a huge
cyber spy network that has hacked into classified
files in computers in 103 countries and monitored
secret correspondence sent by the office of the Dalai Lama.

Researchers in Britain and Canada revealed over
the weekend the existence of the so-called
GhostNet network that has been gathering
information from governments and private
organisations. Some researchers said it could not
be proved conclusively that the Chinese
government was behind the network but others
directly accused the authorities in Beijing.

Experts said the vast scale of the network was
unsettling. The researchers found that the
network had spied on computers belonging to
governments in Europe and South Asia, using
software so advanced it could turn on the camera
and audio-recording functions of an infected
computer, allowing those watching to see and hear what was happening in a room.

About 1,300 computers were found to have been
compromised. They belonged to the foreign
ministries of Iran, Bangladesh, Latvia,
Indonesia, Philippines, Brunei, Barbados and
Bhutan. Hacked systems were also found in the
embassies of India, South Korea, Indonesia,
Romania, Thailand, Taiwan and Pakistan.

Some of the most extensive evidence uncovered
related to the computers used by the office of
the Dalai Lama and the exiled Tibetan government,
which is based in the Indian Himalayan town of Dharamsala.

The office of the Dalai Lama initially contacted
the researchers for help amid fears about its
computers. After investigating the office's
computers, the researchers discovered evidence of a much broader spy network.

"We uncovered real-time evidence of malware that
had penetrated Tibetan computer systems,
extracting sensitive documents from the private
office of the Dalai Lama," said Greg Walton, a
researcher based at the University of Toronto.

No one from the Dalai Lama's office was available
for comment but researchers said the spying had
already affected the operation of the exiled
government; after the Dalai Lama's office emailed
an invitation to a foreign diplomat to visit, the
Chinese government contacted the diplomat and
tried to persuade them not to go. Tibetan groups
said the revelations did not surprise them.
Tsewang Rigzin, the president of the Tibetan
Youth Congress in Dharamsala, said: "I am sure
they are spying on us as well. They are spamming
our email and sending us loads of junk mail."

Matt Whitticase, from the London-based Free Tibet
campaign, said the number of emails sent to his
organisation containing sophisticated Trojans and
other malware increased during times of
controversy for China. Before last summer's
Olympics and during the crackdown on demonstrators in Tibet, the number spiked.

"I am not surprised by this. The Chinese
government monitors any group it considers a
threat. The Tibetan government in exile would
definitely be one such target," he said.

The Toronto team said they could not prove the
Chinese government was behind the hacking but in
a separate report, those who researched spying on
the Tibetan exile movement did not hesitate to point the finger.

Ross Anderson, from Cambridge University, and
Shishir Nagaraja, from the University of
Illinois, said the web-hosting and email services
used by the Dalai Lama's office were provided by
a California-based company. Examining the email
server logs, they discovered a number of
successful logins from IP addresses that belonged
to Chinese and Hong Kong providers. None were
associated with anyone from the Tibetan government's office.

They wrote: "Agents of the Chinese government
compromised the computing infrastructure of the
office of His Holiness the Dalai Lama ... and
then downloaded sensitive data. People in Tibet
may have died as a result. The compromise was
detected and dealt with, but its implications are
sobering. It shows how difficult it is to defend
sensitive information against an opponent who
uses social engineering techniques to install malware."

In 2007, Britain accused China of carrying out
cyber espionage against major companies and banks.
CTC National Office 1425 René-Lévesque Blvd West, 3rd Floor, Montréal, Québec, Canada, H3G 1T7
T: (514) 487-0665
Developed by plank