A cyber spy network based mainly in China hacked into classified documents from government and private organizations in 103 countries, including the computers of the Dalai Lama and Tibetan exiles, Canadian researchers said on Saturday.
The work of the Information Warfare Monitor (IMW) initially focused on allegations of Chinese cyber espionage against the Tibetan 苞ommunity-in-exile, and eventually led to a much wider network of compromised machines, the Internet-based research group said.
?e uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama,?investigator Greg Walton said.
The research group said that while its analysis points to China as the main source of the network, it has not conclusively been able to detect the identity or motivation of the hackers.
Calls to China? Foreign Ministry and Industry and Information Ministry rang unanswered yesterday. The Chinese consulate in Toronto did not immediately return calls for comment on Saturday.
Students For a Free Tibet activist Bhutila Karpoche said her organization? computers have been hacked into numerous times over the past four or five years and particularly in the past year. She said she often gets e-mails that contain viruses that crash the group? computers.
The IWM is composed of researchers from Ottawa-based think tank SecDev Group and the University of Toronto? Munk Centre for International Studies. The group? initial findings led to a 10-month investigation summarized in the report Tracking ?hostNet? Investigating a Cyber Espionage Network, released online yesterday.
The researchers detected a cyber espionage network involving more than 1,295 compromised computers from the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, the Philippines, Brunei, Barbados and Bhutan. They also discovered hacked systems in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.
Once the hackers infiltrated the systems, they gained control using malware ?software they install on the compromised computers ?and sent and received data from them, the researchers said.
The researchers said they believed that in addition to spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.
Intelligence analysts say that many governments, including those of China, Russia and the US use sophisticated computer programs to covertly gather information.
The newly reported spying operation is by far the largest to come to light in terms of countries affected. The malware is remarkable both for its sweep ?in computer jargon, it has not been merely ?hishing?for random consumers?information, but ?haling?for particular important targets ?and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-訃ecording functions of an infected computer, enabling monitors to see and hear what goes on in a room.
The electronic spy game has had at least some real-world impact, they said. For example, they said after an e-mail invitation was sent by the Dalai Lama? office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities.
Two researchers at Cambridge University in the UK who worked on the part of the investigation related to the Tibetans also released their own report yesterday.
In an online abstract for The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement Shishir Nagaraja and Ross Anderson wrote that while malware attacks were not new, these attacks should be noted for their ability to collect ?ctionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed.?br />
They said prevention against such attacks would be difficult since traditional defense against social malware in government agencies involves expensive and intrusive measures that range from mandatory access controls to tedious operational security procedures.
The Tracking ?hostNet?report is available at www.tracking-ghost.net.
The Snooping Dragon report is available at www.www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf.
SECURITY: As China is ‘reshaping’ Hong Kong’s population, Taiwan must raise the eligibility threshold for applications from Hong Kongers, Chiu Chui-cheng said When Hong Kong and Macau citizens apply for residency in Taiwan, it would be under a new category that includes a “national security observation period,” Mainland Affairs Council (MAC) Minister Chiu Chui-cheng (邱垂正) said yesterday. President William Lai (賴清德) on March 13 announced 17 strategies to counter China’s aggression toward Taiwan, including incorporating national security considerations into the review process for residency applications from Hong Kong and Macau citizens. The situation in Hong Kong is constantly changing, Chiu said to media yesterday on the sidelines of the Taipei Technology Run hosted by the Taipei Neihu Technology Park Development Association. With
CARROT AND STICK: While unrelenting in its military threats, China attracted nearly 40,000 Taiwanese to over 400 business events last year Nearly 40,000 Taiwanese last year joined industry events in China, such as conferences and trade fairs, supported by the Chinese government, a study showed yesterday, as Beijing ramps up a charm offensive toward Taipei alongside military pressure. China has long taken a carrot-and-stick approach to Taiwan, threatening it with the prospect of military action while reaching out to those it believes are amenable to Beijing’s point of view. Taiwanese security officials are wary of what they see as Beijing’s influence campaigns to sway public opinion after Taipei and Beijing gradually resumed travel links halted by the COVID-19 pandemic, but the scale of
A US Marine Corps regiment equipped with Naval Strike Missiles (NSM) is set to participate in the upcoming Balikatan 25 exercise in the Luzon Strait, marking the system’s first-ever deployment in the Philippines. US and Philippine officials have separately confirmed that the Navy Marine Expeditionary Ship Interdiction System (NMESIS) — the mobile launch platform for the Naval Strike Missile — would take part in the joint exercise. The missiles are being deployed to “a strategic first island chain chokepoint” in the waters between Taiwan proper and the Philippines, US-based Naval News reported. “The Luzon Strait and Bashi Channel represent a critical access
Pope Francis is be laid to rest on Saturday after lying in state for three days in St Peter’s Basilica, where the faithful are expected to flock to pay their respects to history’s first Latin American pontiff. The cardinals met yesterday in the Vatican’s synod hall to chart the next steps before a conclave begins to choose Francis’ successor, as condolences poured in from around the world. According to current norms, the conclave must begin between May 5 and 10. The cardinals set the funeral for Saturday at 10am in St Peter’s Square, to be celebrated by the dean of the College