Researchers discover gigantic cyberespionage operation

Ronald Deibert

By IAN ALLEN | intelNews.org |
A team of Canadian researchers claims to have discovered a large cyberespionage ring located mainly in China. The researchers say the ring has managed to infiltrate nearly 1,300 mainly government and corporate computers in at least 103 countries around the world. The report, entitled Tracking GhostNet: Investigating a Cyber Espionage Network, was compiled after a ten-month collaboration between Ottawa’s SecDev group and the University of Toronto’s Munk Centre for International Studies. Although the report concludes that the cyberespionage ring is located mainly in China, it specifically rejects claims that GhostNet is inevitably a Chinese government operation, saying that there is no evidence that Beijing is behind the operation. University of Toronto associate professor Ronald Deibert suggested that the operation could potentially be the work of non-state pro-Chinese actors, or could be conducted by a profit-oriented group that sells the acquired information to whoever offers it the highest monetary compensation. “It’s a murky realm that we’re lifting the lid on”, said Dr. Deibert: “This could well be the CIA or the Russians”. What is clear, however, is that the cyberespionage ring’s online activities have concentrated on what the report terms “high-value targets”, such as foreign affairs ministries, embassies, as well as media groups and several international agencies, including non-governmental organizations. Targeted countries were mostly Asian, and included India, Pakistan, Bangladesh, Iran, Indonesia, the Philippines and Bhutan. But several European nations were targeted, including Germany, Cyprus, Romania and Latvia. Interestingly, the authors said they had uncovered no information that US government computers had been infiltrated. The study was initiated in response to a request by the Tibetan government in exile, whose officials suspected that the group’s computers had been compromised by Chinese cyberspies. Indeed, the study uncovered “real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama”, as well as from the exiled Tibetan government’s offices in India, Brussels, New York and London. It was also discovered that “the intruders had gained control of the electronic mail server computers of the Dalai Lama’s organization”. Some of the cyber-attacks were particularly vicious and included software designed to use audiovisual devices installed on several computers to monitor rooms where these computers where located. Researchers suggest that the cyberespionage ring appears to be the largest ever uncovered, in terms of its scope and operational success.