Canadian research uncovers cyber espionage network
Malware-spreading computers based mainly in China
Last Updated: Sunday, March 29, 2009 | 10:03 AM ET
CBC News
Related
Video
- Laurie Graham reports: Canadian research uncovers cyber espionage network (Runs: 2:41)
- Play: QuickTime »
- Play: Real Media »
- Jacquie Perrin interviews Rafal Rohozinski with the SecDev Group on newly uncovered internet spy network (Runs: 4:30)
- Play: QuickTime »
- Play: Real Media »
- Jacquie Perrin interviews Greg Walton, one of the field investigators on newly uncovered internet spy network (Runs: 3:28)
- Play: Real Media »
- Play: QuickTime »
Canadian researchers have uncovered an internet spy network, based mostly in China, that has hacked into computers owned by governments and private organizations in 103 countries.
The findings released Sunday follow a 10-month investigation by researchers from the Ottawa-based think tank SecDev Group and the Munk Centre for International Studies at the University of Toronto.
The group was initially asked to look into allegations that the Chinese were hacking into computers set up by the Tibetan exile community, but their work eventually led them to a much wider network of compromised computers.
Once the hackers infiltrated the systems, they installed malware — software that sends and receives data. By doing this, they were able to gain control of the electronic mail server computers of the Dalai Lama’s organization, the group said.
The researchers said the spy network, dubbed GhostNet, infiltrated at least 1,295 computers, many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centres in India, Brussels, London and New York.
Embassies, foreign affairs ministries targeted
"Significantly, close to 30 per cent of the infected computers can be considered high-value and include the ministries of foreign affairs in Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan," the researchers said.
Other compromised computers were discovered at embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.
The list continues with the network infiltrating economic organizations in Southeast Asia, news organizations, and an unclassified computer located at NATO headquarters.
Although almost all the hackers were based in China, the researchers could not say whether they are working for the government.
A spokesman for the Chinese consulate in New York dismissed the idea that China was involved.
The spokesman, Wenqi Gao, told The New York Times these are "old stories" and "nonsense."
A 'wakeup call' for international community
"This is a wakeup call for the international community," said Rafal Rohozinski of SecDev Group, who is one of the principal authors of the report. "At the moment there is no clear legal framework for how you deal with a spy network."
Rohozinski said three out of the four servers in the network are based in China and one is in the United States, complicating any efforts to launch a criminal investigation.
"It's all a question of jurisdiction. Obviously the Chinese government would have a capability — a legal jurisdiction — to investigate the servers located on their territory. But that is ultimately up to them," he told CBC News.
"Certainly in the States — because one of the control servers happens to be located there — we fully expect the DHS [Department of Homeland Security] or the FBI will be investigating," Rohozinski said.
One of several infections that have been installed gives the hacker full control over the compromised computer, giving the culprit the ability to look at all files, including emails.
"They can surreptitiously turn on the [computer's] microphone or the video camera and record you. And moreover, because what we found is a trojan which at this moment is undetectable by exisiting firewalls or virus technologies, it can essentially do a data infinitum.
"In fact, some of the computers on this network have been lit up — meaning they have been compromised — for over 400 days," Rohozinski said.
Share Tools
Top News Headlines
- Aylmer triple stabbing leads to first-degree murder charges
- The estranged partner of a young mother who was stabbed to death along with her parents at their home in Aylmer, Que., has been charged with first-degree murder Friday. more »
- Wildfires, high winds put northeastern Ontario on alert
- It's going to be a tense weekend in northeastern Ontario where strong, shifting winds have been fuelling a forest fire that has blanketed the Timmins area with smoke and ash. more »
- Labrador fire out of control
- A forest fire continues to burn out of control in Happy Valley-Goose Bay today, according to provincial firefighting officials. more »
- The risks and responsibilities of taking on Mt. Everest
- The deaths of five climbers last weekend on Mt. Everest, with more summits underway this weekend, fuels the debate about the risks and responsibilities of high altitude climbing. more »
Latest Technology & Science News Headlines
- Unloading of docked SpaceX capsule to start Saturday
- The privately bankrolled SpaceX Dragon capsule made a historic arrival at the International Space Station on Friday, and astronauts will begin unloading some of the 544 kilograms of food, water, clothing and other supplies its carrying starting Saturday. more »
- South Africa, Australia to share world's largest telescope
- South Africa and Australia will jointly host the Square Kilometre Array, which promises to be the world's largest telescope, the international consortium in charge of the project said Friday. more »
- Bonavista, N.L., 'coyote' was really wolf, tests confirm
- Wolves have not been seen in Newfoundland since around 1930 and were believed to have been hunted to extinction on the island, but genetic tests have confirmed that an 82-pound animal shot on the Bonavista Peninsula in March was, in fact, a wolf. more »
- Once-rare argus butterfly thriving thanks to climate change
- Global warming is threatening the existence of many species, such as the giant polar bear, but in the case of Britain's brown argus butterfly, it took a species in trouble and made it thrive. more »
- Yahoo scraps digital magazine designed for iPad
- Yahoo has killed Livestand, a tablet magazine, just six months after its debut on the iPad. more »
Bob McDonald's Blog
Government to shut down unique fresh water research area May. 25, 2012 12:31 PM The Experimental Lakes Area research facility in Northern Ontario is being closed down after 44 years of providing invaluable data to scientists in Canada and internationally, a decision that has stunned researchers and environmental groups.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 25, 2012 4:15 PM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Aylmer triple stabbing leads to first-degree murder charges
- Everest victim's husband says family not seeking government help
- B.C. premier unhappy with disgraced Mountie's transfer
- Canada ending 'Buffalo shuffle' for visas, closing consulate
- What a Greek euro exit could mean for Canada
- Third B.C. salmon farm quarantined
- RCMP officer charged in fatal crash
- Police probe Halifax homicide after shooting
- Ottawa man in hospital after lightning strike
