Canadian research uncovers cyber espionage network
Malware-spreading computers based mainly in China
Last Updated: Sunday, March 29, 2009 | 10:03 AM ET
CBC News
Related
Video
- Laurie Graham reports: Canadian research uncovers cyber espionage network (Runs: 2:41)
- Play: QuickTime »
- Play: Real Media »
- Jacquie Perrin interviews Rafal Rohozinski with the SecDev Group on newly uncovered internet spy network (Runs: 4:30)
- Play: QuickTime »
- Play: Real Media »
- Jacquie Perrin interviews Greg Walton, one of the field investigators on newly uncovered internet spy network (Runs: 3:28)
- Play: Real Media »
- Play: QuickTime »
Canadian researchers have uncovered an internet spy network, based mostly in China, that has hacked into computers owned by governments and private organizations in 103 countries.
The findings released Sunday follow a 10-month investigation by researchers from the Ottawa-based think tank SecDev Group and the Munk Centre for International Studies at the University of Toronto.
The group was initially asked to look into allegations that the Chinese were hacking into computers set up by the Tibetan exile community, but their work eventually led them to a much wider network of compromised computers.
Once the hackers infiltrated the systems, they installed malware — software that sends and receives data. By doing this, they were able to gain control of the electronic mail server computers of the Dalai Lama’s organization, the group said.
The researchers said the spy network, dubbed GhostNet, infiltrated at least 1,295 computers, many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centres in India, Brussels, London and New York.
Embassies, foreign affairs ministries targeted
"Significantly, close to 30 per cent of the infected computers can be considered high-value and include the ministries of foreign affairs in Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan," the researchers said.
Other compromised computers were discovered at embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.
The list continues with the network infiltrating economic organizations in Southeast Asia, news organizations, and an unclassified computer located at NATO headquarters.
Although almost all the hackers were based in China, the researchers could not say whether they are working for the government.
A spokesman for the Chinese consulate in New York dismissed the idea that China was involved.
The spokesman, Wenqi Gao, told The New York Times these are "old stories" and "nonsense."
A 'wakeup call' for international community
"This is a wakeup call for the international community," said Rafal Rohozinski of SecDev Group, who is one of the principal authors of the report. "At the moment there is no clear legal framework for how you deal with a spy network."
Rohozinski said three out of the four servers in the network are based in China and one is in the United States, complicating any efforts to launch a criminal investigation.
"It's all a question of jurisdiction. Obviously the Chinese government would have a capability — a legal jurisdiction — to investigate the servers located on their territory. But that is ultimately up to them," he told CBC News.
"Certainly in the States — because one of the control servers happens to be located there — we fully expect the DHS [Department of Homeland Security] or the FBI will be investigating," Rohozinski said.
One of several infections that have been installed gives the hacker full control over the compromised computer, giving the culprit the ability to look at all files, including emails.
"They can surreptitiously turn on the [computer's] microphone or the video camera and record you. And moreover, because what we found is a trojan which at this moment is undetectable by exisiting firewalls or virus technologies, it can essentially do a data infinitum.
"In fact, some of the computers on this network have been lit up — meaning they have been compromised — for over 400 days," Rohozinski said.
Share Tools
Top News Headlines
- Online surveillance bill tabled in House
- A bill that would give police and intelligence agencies new powers to access Canadians' electronic communications, sometimes without a warrant, has been tabled in the House of Commons. more »
- Fantino says Canada's F-35 jet purchase 'evolving'
- Canada's minister responsible for military procurement now appears open to adjusting the Defence Department's order for F-35 fighter jets, citing an economic environment "we may not have any control over." more »
- What to get your special someone on Valentine's Day
- For those looking for a last-minute Valentine's Day gift, here are some ideas — from the traditional to the outlandish. more »
- Sperm donor anonymity case moves to B.C. Appeal Court
- The B.C. government hopes to retain the anonymity of sperm donors as it launches a high-court appeal of a ruling last year won by a woman who wanted to know the identity of her father. more »
Latest Canada News Headlines
- Enbridge offered First Nations cash to study pipeline
- An aboriginal organization leading the fight to prevent oil tankers on the British Columbia coast once took money from Enbridge Inc., the company hoping to build the pipeline from Alberta to a West Coast port. more »
- Man kidnapped at Greyhound station escapes captors
- Two Thunder Bay, Ont., men face charges following a kidnapping in which a man was dragged from a Greyhound bus terminal and forced into a vehicle, police say. more »
- Crews tackle Magdalen Islands power outage
- Improving weather is assisting hydro crews in the Magdalen Islands, where thousands remain without power after an ice storm. more »
- More Attawapiskat homes en route over ice road
- A convoy carrying two more modular homes for the people of Attawapiskat is scheduled to leave Moosonee, Ont., for the 12-hour trip along the ice road to the native community facing a housing crisis. more »
On Tonight's National
Top stories
Shafia Jury Deliberations
- Dan Halton
- The jury in the Shafia murder trial begun deliberations today. Mohammad Shafia, his wife and his son are accused of killing four of their family members. They are charged with four counts of first-degree murder and have all pleaded not guilty to the charge.
Watch the Best of the Show
- Get Connected
- Syria cracks down on protesters, one day before an Arab League delegation arrives.
Stay Connected
- Carolyn Dunn
- An English soccer captain is facing racial abuse charges after an on-field exchange with another player.
The Current
- Panda Diplomacy Feb. 14, 2012 11:18 AM Zoos in Canada are getting ready to welcome two giant pandas despite concerns about whether this will actually generate revenue and awareness about conservation.
- Online surveillance critics accused of supporting child porn
- HMCS Corner Brook collision damage extensive
- Whitney Houston's funeral to be held Saturday
- Mandatory gun sentence struck down by Ontario judge
- Mooning Queen proves costly for Australian man
- Stanley Cup rioter seen in brick attack on cop
- Whitney Houston estate value set to soar
- Man pleads guilty to murder of stepdaughter, 17
- Teen's Facebook post prompts dad to shoot computer
