×

Warning

JUser: :_load: Unable to load user with ID: 78

Published in News

Remote spy system loots government computers

by on30 March 2009

Image

103 countries affected

A complex remote electronic spying operation known as “Ghost Net” that appears to be controlled from computers based almost exclusively in China has infiltrated computers from hundreds of government and private offices around the world, and particularly those in South Asian and Southeast Asian countries, as well as the offices of the Dalai Lama. 

It has also reportedly stolen documents that were on these sites, according to Canadian researchers at the Munk Center for International Studies at the University of Toronto. The researchers had been requested by the office of the Dalai Lama to look at its computers for signs of malicious software, or malware. The Dalai Lama is the former leader of Tibet who is currently in exile and has been declared an enemy of the government of the Peoples Republic of China.

The researchers, who are experts in detecting computer espionage, uncovered a vast network of spy operations and stopped just short of saying that the Chinese government was directly involved in the spying operations, due to obvious political implications. The researchers discovered that the Ghost Net operation infiltrated almost 1,300 computers in 103 countries; the computers affected belong to foreign ministers, various government embassies and government offices worldwide. They also reported that the servers in the Dalai Lama’s Tibetan centers for exile in Brussels, London, New York and India were infiltrated.

According to the New York Times, this is believed to be the first time researchers have been able to accurately pinpoint and expose the workings of a computer system used in an intrusion of this magnitude. The spying operation is still functioning and is reported to be invading and monitoring more than a dozen new computers each week. No U.S. government offices appeared to have been infiltrated, but a NATO computer was found to have been monitored for a short time and computers in Washington, D.C. at the Indian Embassy were infiltrated.

The Ghost Net malware not only can “phish” for random information but can also perform “whaling” operations at particular targets, which are very broad in scope. This type of operation can reportedly turn on camera and audio-recording functions in a computer that the malware has infected and allow remote monitors to see and hear what is occurring in the area where the infected computer is located. The researchers were unable to confirm whether the whaling functions had been used on the infiltrated computers.

The researchers said they have notified international law enforcement agencies about the spying operation. The FBI did not offer any comment.
Last modified on 30 March 2009
Rate this item
(0 votes)