Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Chinese cyber spy network hacks into 103 nations

China accused of running ‘GhostNet’ after Dalai Lama’s office raise alarm

Andrew Buncombe
Sunday 29 March 2009 19:00 EDT
Comments
(REUTERS)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The Chinese government is under pressure to answer allegations that it is operating a huge cyber spy network that has hacked into classified files in computers in 103 countries and monitored secret correspondence sent by the office of the Dalai Lama.

Researchers in Britain and Canada revealed over the weekend the existence of the so-called GhostNet network that has been gathering information from governments and private organisations. Some researchers said it could not be proved conclusively that the Chinese government was behind the network but others directly accused the authorities in Beijing.

Experts said the vast scale of the network was unsettling. The researchers found that the network had spied on computers belonging to governments in Europe and South Asia, using software so advanced it could turn on the camera and audio-recording functions of an infected computer, allowing those watching to see and hear what was happening in a room.

About 1,300 computers were found to have been compromised. They belonged to the foreign ministries of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan. Hacked systems were also found in the embassies of India, South Korea, Indonesia, Romania, Thailand, Taiwan and Pakistan.

Some of the most extensive evidence uncovered related to the computers used by the office of the Dalai Lama and the exiled Tibetan government, which is based in the Indian Himalayan town of Dharamsala.

The office of the Dalai Lama initially contacted the researchers for help amid fears about its computers. After investigating the office's computers, the researchers discovered evidence of a much broader spy network.

"We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama," said Greg Walton, a researcher based at the University of Toronto.

No one from the Dalai Lama's office was available for comment but researchers said the spying had already affected the operation of the exiled government; after the Dalai Lama's office emailed an invitation to a foreign diplomat to visit, the Chinese government contacted the diplomat and tried to persuade them not to go. Tibetan groups said the revelations did not surprise them. Tsewang Rigzin, the president of the Tibetan Youth Congress in Dharamsala, said: "I am sure they are spying on us as well. They are spamming our email and sending us loads of junk mail."

Matt Whitticase, from the London-based Free Tibet campaign, said the number of emails sent to his organisation containing sophisticated Trojans and other malware increased during times of controversy for China. Before last summer's Olympics and during the crackdown on demonstrators in Tibet, the number spiked.

"I am not surprised by this. The Chinese government monitors any group it considers a threat. The Tibetan government in exile would definitely be one such target," he said.

The Toronto team said they could not prove the Chinese government was behind the hacking but in a separate report, those who researched spying on the Tibetan exile movement did not hesitate to point the finger.

Ross Anderson, from Cambridge University, and Shishir Nagaraja, from the University of Illinois, said the web-hosting and email services used by the Dalai Lama's office were provided by a California-based company. Examining the email server logs, they discovered a number of successful logins from IP addresses that belonged to Chinese and Hong Kong providers. None were associated with anyone from the Tibetan government's office.

They wrote: "Agents of the Chinese government compromised the computing infrastructure of the office of His Holiness the Dalai Lama ... and then downloaded sensitive data. People in Tibet may have died as a result. The compromise was detected and dealt with, but its implications are sobering. It shows how difficult it is to defend sensitive information against an opponent who uses social engineering techniques to install malware."

In 2007, Britain accused China of carrying out cyber espionage against major companies and banks.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in