March 29, 2009
Cyberspies Hack Computers In 103 Countries
A network of cyberspies based mostly in China hacked into private and government computers in 103 countries, gaining access to a number of classified documents, Canadian researchers reported Saturday.
The Dalai Lama and many Tibetan exiles were among the victims, said the Internet-based research group Information Warfare Monitor (IWM).
The IWM is made up of researchers from Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies. Its initial analysis had focused on allegations of Chinese cyber espionage against Tibetan exiles, but the work ultimately led to a 10-month investigation that revealed a much wider network of compromised machines, the IWM said.
"We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama," investigator Greg Walton told the Associated Press.
A report about the expanded investigation is due to be released online Sunday.
The research group said that while it's examination points to China as the major source of the cyberspy network, it has not been able to definitively identity the hackers, or their motive.
Bhutila Karpoche, an activist with Students For a Free Tibet, told the AP that her organization's computers have been hacked into many times over the past few years, particularly during the past year. She routinely receives e-mails with viruses that crash the organization's computers, she added.
The IWM's research revealed a cyber espionage network involving more than 1,295 compromised computers from the ministries of foreign affairs of Iran, Indonesia, Bangladesh, Latvia, Philippines, Brunei, Bhutan and Barbados. They also discovered hacked systems in the embassies of South Korea, India, Indonesia, Germany, Pakistan, Romania, Thailand, Cyprus, Malta, Taiwan and Portugal.
Once the cyber criminals infiltrated the systems, they gained control using malware, software they installed on the hacked computers to enable the cyberspies to send and receive data from the infected systems.
A pair of researchers at Britain's Cambridge University worked on the portion of the investigation related to the Tibetans, and are releasing a separate report on Sunday, entitled, "The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement."
In an online abstract, Ross Anderson and Shishir Nagaraja wrote that while malware attacks are not uncommon, these particular attacks are notable for their ability to gather "actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed."
The researchers said preventing such attacks would be challenging since conventional defense against social malware in government agencies involves costly and intrusive steps, ranging from tiresome operational security procedures to mandatory access controls.
The Dalai Lama fled over the Himalayas into exile half a century ago after China crushed an uprising in Tibet, placing it under direct Chinese rule for the first time. The spiritual leader and the exiled Tibetan government are now based in Dharmsala, India.
On the Net:
- Information Warfare Monitor
- The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement (pdf)