Canadian research uncovers cyber espionage network

Malware-spreading computers based mainly in China

Last Updated: Sunday, March 29, 2009 | 10:03 AM ET

CBC News

Canadian researchers have uncovered an internet spy network, based mostly in China, that has hacked into computers owned by governments and private organizations in 103 countries.

The findings released Sunday follow a 10-month investigation by researchers from the Ottawa-based think tank SecDev Group and the Munk Centre for International Studies at the University of Toronto.

The group was initially asked to look into allegations that the Chinese were hacking into computers set up by the Tibetan exile community, but their work eventually led them to a much wider network of compromised computers.

Once the hackers infiltrated the systems, they installed malware — software that sends and receives data. By doing this, they were able to gain control of the electronic mail server computers of the Dalai Lama’s organization, the group said.

The researchers said the spy network, dubbed GhostNet, infiltrated at least 1,295 computers, many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centres in India, Brussels, London and New York.

Embassies, foreign affairs ministries targeted

"Significantly, close to 30 per cent of the infected computers can be considered high-value and include the ministries of foreign affairs in Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan," the researchers said.

Other compromised computers were discovered at embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.

The list continues with the network infiltrating economic organizations in Southeast Asia, news organizations, and an unclassified computer located at NATO headquarters.

Although almost all the hackers were based in China, the researchers could not say whether they are working for the government.

A spokesman for the Chinese consulate in New York dismissed the idea that China was involved.

The spokesman, Wenqi Gao, told The New York Times these are "old stories" and "nonsense."

A 'wakeup call' for international community

"This is a wakeup call for the international community," said Rafal Rohozinski of SecDev Group, who is one of the principal authors of the report. "At the moment there is no clear legal framework for how you deal with a spy network."

Rohozinski said three out of the four servers in the network are based in China and one is in the United States, complicating any efforts to launch a criminal investigation.

"It's all a question of jurisdiction. Obviously the Chinese government would have a capability — a legal jurisdiction — to investigate the servers located on their territory. But that is ultimately up to them," he told CBC News.

"Certainly in the States — because one of the control servers happens to be located there — we fully expect the DHS [Department of Homeland Security] or the FBI will be investigating," Rohozinski said.

One of several infections that have been installed gives the hacker full control over the compromised computer, giving the culprit the ability to look at all files, including emails.

"They can surreptitiously turn on the [computer's] microphone or the video camera and record you. And moreover, because what we found is a trojan which at this moment is undetectable by exisiting firewalls or virus technologies, it can essentially do a data infinitum.

"In fact, some of the computers on this network have been lit up — meaning they have been compromised — for over 400 days," Rohozinski said.

Stay Connected with CBC News

Big Box Advertisement

Must Watch

Latest Technology & Science News Headlines

Astronaut Chris Hadfield adjusts to 'earthling' life

Astronaut Chris Hadfield adjusts to 'earthling' life: Canada's space ambassador, Chris Hadfield, is still readapting to life on this planet after spending 146 days in zero gravity as commander of the International Space Station. For now, though, he's taking his homecoming one step at a time. more »

High Arctic research station saved by new funding: Canada's northernmost research lab won't have to shut down after all and will be able to resume year-round operations, with the help of a new grant from the federal government. more »
2 earthquakes felt in Ontario and Quebec: Two earthquakes near the Ontario-Quebec border could be felt across both provinces this morning. more »
Chris Hadfield's translator: Q&A with Canadian astronaut Jeremy Hansen: While Chris Hadfield was returning from the International Space Station on Monday night, another Canadian astronaut was offering his own unique play-by-play of the action as the Soyuz capsule plunged to Earth. more »
Why some Canadians want to die on Mars: More than 80,000 people have applied for a Dutch non-profit organization's proposed one-way trip to Mars. Anna Maria Tremonti, host of The Current, spoke to four Canadians — two Mars one applicants, a member of the Mars One team, and astronaut Julie Payette — about whether it's a good idea. more »

More Headlines »

Bob McDonald's Blog

Chris Hadfield: The gravity of gravity May. 17, 2013 9:58 AM After five months of being Superman and a media superstar, Canadian astronaut Chris Hadfield is now beginning the challenging task of adapting his mortal body and brain to life back on Earth.

Quirks & Quarks

May 18: Apps for Apes May. 17, 2013 4:26 PM Scientists at more than 2 dozen zoos around the world, including the Toronto Zoo, have been using computer tablets to stimulate our bright orange primate cousins, the orangutans. And the orangutans have been loving it.