Canadian research uncovers cyber espionage network

Canadian researchers have uncovered an internet spy network,based mostlyin China, that has hacked into computers owned by governments and private organizations in 103 countries.

The findings released Sunday follow a 10-month investigation by researchers from the Ottawa-based think tank SecDev Group and theMunk Centre for International Studies at the University of Toronto.

Thegroup was initially asked to look into allegations that the Chinese were hacking into computers set up by the Tibetan exile community, but their workeventually led them to a much wider network of compromised computers.

Once the hackers infiltrated the systems, they installedmalware softwarethat sends and receives data. By doingthis,they were able to gaincontrol of the electronic mail server computers of the Dalai Lamas organization, the group said.

The researchers said the spy network,dubbed GhostNet, infiltratedat least 1,295 computers,many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lamas Tibetan exile centres in India, Brussels, London and New York.

Embassies, foreign affairs ministries targeted

"Significantly, close to 30 per cent of the infected computers can be considered high-value and include the ministries of foreign affairs in Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan," the researchers said.

Other compromised computers were discovered at embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.

The list continues with the network infiltrating economic organizations in Southeast Asia,news organizations, and an unclassified computer located at NATO headquarters.

Although almost all the hackers were based in China,the researchers could not say whether they are working for the government.

A spokesman for the Chinese consulate in New York dismissed the idea that China was involved.

The spokesman, Wenqi Gao, told The New York Times these are "old stories" and "nonsense."

A 'wakeup call' for international community

"This is a wakeup call for the international community," said Rafal Rohozinski of SecDev Group, whois one of the principal authors of the report. "At the moment there is no clear legal framework for how you deal with a spy network."

Rohozinski saidthree out of the four servers in the network are based in China and one is in the United States, complicating any efforts tolaunch acriminal investigation.

"It's all a question of jurisdiction. Obviously the Chinese government would have a capability a legal jurisdiction to investigate the servers located ontheir territory. But that is ultimately up to them," he told CBC News.

"Certainly in the States because one of the control servers happens to be located there we fully expect the DHS [Department of Homeland Security]or the FBI will be investigating," Rohozinski said.

One of several infections that have been installed gives the hacker full control over the compromised computer, giving the culprit the ability to look at allfiles, including emails.

"They can surreptitiously turn on the [computer's] microphone or the video camera and record you. And moreover, because what we found is a trojan which at this moment is undetectable by exisiting firewalls or virus technologies, it can essentially do a data infinitum.

"In fact, some of the computers on this network have been lit up meaning they have been compromised for over 400 days," Rohozinski said.