What's new

Vast Spy System Loots Computers in 103 Countries

BanglaBhoot

RETIRED TTA
Joined
Apr 8, 2007
Messages
8,839
Reaction score
5
Country
France
Location
France
TORONTO — A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.

In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware.

Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York.

The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.

Intelligence analysts say many governments, including those of China, Russia and the United States, and other parties use sophisticated computer programs to covertly gather information.

The newly reported spying operation is by far the largest to come to light in terms of countries affected.

This is also believed to be the first time researchers have been able to expose the workings of a computer system used in an intrusion of this magnitude.

Still going strong, the operation continues to invade and monitor more than a dozen new computers a week, the researchers said in their report, “Tracking ‘GhostNet’: Investigating a Cyber Espionage Network.” They said they had found no evidence that United States government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated.

The malware is remarkable both for its sweep — in computer jargon, it has not been merely “phishing” for random consumers’ information, but “whaling” for particular important targets — and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed.

The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined. Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lama’s organization.

The electronic spy game has had at least some real-world impact, they said. For example, they said, after an e-mail invitation was sent by the Dalai Lama’s office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities.

The Toronto researchers said they had notified international law enforcement agencies of the spying operation, which in their view exposed basic shortcomings in the legal structure of cyberspace. The F.B.I. declined to comment on the operation.

Although the Canadian researchers said that most of the computers behind the spying were in China, they cautioned against concluding that China’s government was involved. The spying could be a nonstate, for-profit operation, for example, or one run by private citizens in China known as “patriotic hackers.”

“We’re a bit more careful about it, knowing the nuance of what happens in the subterranean realms,” said Ronald J. Deibert, a member of the research group and an associate professor of political science at Munk. “This could well be the C.I.A. or the Russians. It’s a murky realm that we’re lifting the lid on.”

A spokesman for the Chinese Consulate in New York dismissed the idea that China was involved. “These are old stories and they are nonsense,” the spokesman, Wenqi Gao, said. “The Chinese government is opposed to and strictly forbids any cybercrime.”

The Toronto researchers, who allowed a reporter for The New York Times to review the spies’ digital tracks, are publishing their findings in Information Warfare Monitor, an online publication associated with the Munk Center.

At the same time, two computer researchers at Cambridge University in Britain who worked on the part of the investigation related to the Tibetans, are releasing an independent report. They do fault China, and they warned that other hackers could adopt the tactics used in the malware operation.

“What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course,” the Cambridge researchers, Shishir Nagaraja and Ross Anderson, wrote in their report, “The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement.”

In any case, it was suspicions of Chinese interference that led to the discovery of the spy operation. Last summer, the office of the Dalai Lama invited two specialists to India to audit computers used by the Dalai Lama’s organization. The specialists, Greg Walton, the editor of Information Warfare Monitor, and Mr. Nagaraja, a network security expert, found that the computers had indeed been infected and that intruders had stolen files from personal computers serving several Tibetan exile groups.

Back in Toronto, Mr. Walton shared data with colleagues at the Munk Center’s computer lab.

One of them was Nart Villeneuve, 34, a graduate student and self-taught “white hat” hacker with dazzling technical skills. Last year, Mr. Villeneuve linked the Chinese version of the Skype communications service to a Chinese government operation that was systematically eavesdropping on users’ instant-messaging sessions.

Early this month, Mr. Villeneuve noticed an odd string of 22 characters embedded in files created by the malicious software and searched for it with Google. It led him to a group of computers on Hainan Island, off China, and to a Web site that would prove to be critically important.

In a puzzling security lapse, the Web page that Mr. Villeneuve found was not protected by a password, while much of the rest of the system uses encryption.

Mr. Villeneuve and his colleagues figured out how the operation worked by commanding it to infect a system in their computer lab in Toronto. On March 12, the spies took their own bait. Mr. Villeneuve watched a brief series of commands flicker on his computer screen as someone — presumably in China — rummaged through the files. Finding nothing of interest, the intruder soon disappeared.

Through trial and error, the researchers learned to use the system’s Chinese-language “dashboard” — a control panel reachable with a standard Web browser — by which one could manipulate the more than 1,200 computers worldwide that had by then been infected.

Infection happens two ways. In one method, a user’s clicking on a document attached to an e-mail message lets the system covertly install software deep in the target operating system. Alternatively, a user clicks on a Web link in an e-mail message and is taken directly to a “poisoned” Web site.

The researchers said they avoided breaking any laws during three weeks of monitoring and extensively experimenting with the system’s unprotected software control panel. They provided, among other information, a log of compromised computers dating to May 22, 2007.

They found that three of the four control servers were in different provinces in China — Hainan, Guangdong and Sichuan — while the fourth was discovered to be at a Web-hosting company based in Southern California.

Beyond that, said Rafal A. Rohozinski, one of the investigators, “attribution is difficult because there is no agreed upon international legal framework for being able to pursue investigations down to their logical conclusion, which is highly local.”

http://www.nytimes.com/2009/03/29/technology/29spy.html?_r=1&hp
 
Spy chiefs fear Chinese cyber attack

INTELLIGENCE chiefs have warned that China may have gained the capability to shut down Britain by crippling its telecoms and utilities.

They have told ministers of their fears that equipment installed by Huawei, the Chinese telecoms giant, in BT’s new communications network could be used to halt critical services such as power, food and water supplies.

The warnings coincide with growing cyberwarfare attacks on Britain by foreign governments, particularly Russia and China.

A confidential document circulating in Whitehall says that while BT has taken steps to reduce the risk of attacks by hackers or organised crime, “we believe that the mitigating measures are not effective against deliberate attack by China”.

It is understood that Alex Allan, chairman of the Joint Intelligence Committee (JIC), briefed members of the ministerial committee on national security about the threat from China at a top-secret Whitehall meeting in January.

According to Whitehall sources, the meeting, led by Jacqui Smith, the home secretary, heard that ministers had “not paid sufficient attention to the threat in the past”, despite repeated warnings from the intelligence services. These included warnings from the security arm of GCHQ, which expressed concern because government departments, the intelligence services and the military will all use the new BT network.

A Whitehall report is understood to warn that, although there is at present a “low” risk of China exploiting its capability, “the impact would be very high”.

Huawei was allegedly founded with significant funding from the Chinese state. Its head is Ren Zhengfei, a former director of the telecoms research arm of the 3m-strong People’s Liberation Army.

The company is providing key components for BT’s new £10 billion network, which will update the UK’s telecoms with the use of internet technology. The report says the potential threat from Huawei “has been demonstrated elsewhere in the world”.

The multi-million-pound deal, signed in 2005, has led to a string of risk warnings from the intelligence and security services, with officials complaining of the failure of ministers to take them seriously.

It is unclear whether Patricia Hewitt, then trade and industry secretary, was warned of the problems when the deal was agreed in April 2005. However, the British company Marconi, which failed to win the contract in the face of a far cheaper offer from Huawei, did ask her to intervene to protect British jobs.

Hewitt, now a nonexecutive director of BT, declined to intervene, saying it was “a competitive tender between two commercial companies”. The most recent warnings about the cyberthreat to Britain’s security came in the JIC report on UK cybersecurity circulated in January and a Cabinet Office briefing paper that is understood to have emphasised Huawei’s links to the Chinese military.

Despite Allan’s warnings, and repeated warnings in the past, ministers remain reluctant to fund any move to remove the threat, officials say.

Yvette Cooper, chief secretary to the Treasury, is understood to have cautioned that it would be difficult to find the necessary funds in the current downturn. Ministers expressed concern that replacing the Chinese components with British parts would clash with government policy on competition.

According to the sources, the ministerial committee on national security was told at theJanuary meeting that Huawei components that form key parts of BT’s new network might already contain malicious elements waiting to be activated by China.

Working through Huawei, China was already equipped to make “covert modifications” or to “compromise equipment in ways that are very hard to detect” and that might later “remotely disrupt or even permanently disable the network”, the meeting was told.

This would be likely to have a “significant impact on critical services” such as power and water supplies, food distribution, the financial system and transport, which were dependent on computers to operate.

While technical modifications suggested to BT reduced the threat from hackers, organised criminals and most “hostile adversaries”, they were “not effective against deliberate attack from China”. The current friendly relations between Britain and China meant there was no immediate threat of this happening but there was still a very real threat that “covert functionality” within the components was already being used to gather intelligence.

Intelligence chiefs are believed to have warned that it was impossible to say if such information-gathering had already been introduced, since they had “only limited understanding of our adversaries’ attack capability”.

Whitehall departments were reportedly targeted by the Chinese in 2007, and a few months later Jonathan Evans, the MI5 director-general, wrote to 300 chief executives warning them that the Chinese were hacking into their systems and stealing confidential information.

An attempt by Huawei to merge with the US company 3Com, which provides computer security systems for thePentagon, was blocked last year after US intelligence warned that it would not be in US national security interests. In a new-year e-mail, Sun Yafang, Huawei’s chairwoman, told the company’s 85,000 employees that the global economic situation offered “both challenges and opportunities”. Four weeks later she was inside Downing Street as Gordon Brown welcomed Wen Jiabao, the Chinese premier.

Both Wen and Sun were keen to promote Huawei, which in little more than 20 years has grown into one of the world’s most powerful companies, with projected sales this year of £21 billion. Last year its sales jumped 46%. Its tentacles have reached most of the world’s telecoms companies.

Four days before Brown met Sun, intelligence chiefs had warned ministers of fears that Huawei’s role in the new system might have given China the ability to shut down Britain. Nor was it the first warning. Members of the ministerial committee on national security were told that “ministers had not paid sufficient attention to the threat from Huawei”.

John Tindle, professor in telecommunications engineering at Sunderland University, said software or hardware could sit hidden in a network, waiting to be activated. “If an unauthorised person were able to gain control of the equipment, its mode of operation could be changed,” he said. “The ability to move traffic across the network could be switched off. Traffic could be re-routed to another node controlled by the attacker.”

Huawei was selected to provide key components for the BT network in April 2005 despite allegations that it was bank-rolled by the Chinese government. The firm has previously shown itself to be opportunistic. The US company Cisco, one of Huawei’s main rivals, sued the Chinese company for alleged theft of its intellectual property rights in 2003. The case was settled out of court.

It is Huawei’s links to the Chinese military that cause most concern. Ren set up the company in 1988 after an edict from Deng Xiaoping, then China’s leader, that the country’s defence industry turn itself into profitable companies able to acquire modern technology.

A Pentagon report last week cited Huawei as a key part of the cyberthreat from China, noting that it retained “close ties” with the People’s Liberation Army (PLA). Huawei denies any continuing links to the PLA. A spokeswoman at the company’s UK headquarters dismissed the alleged links as “rumour and speculation”.

Cyberspace targets

Chinese hackers have repeatedly targeted western networks

-Computers at the Foreign Office and other Whitehall departments were attacked from China in 2007. In the same year, Jonathan Evans, the MI5 director-general, warned 300 British businesses that they were under Chinese cyber-attack

-The People’s Liberation Army is reputed to hold an annual competition to recruit the country’s best hackers

-Two years ago, Chinese Trojan horse spyware was found in the offices of Angela Merkel, the German chancellor

Spy chiefs fear Chinese cyber attack - Times Online
 
I think pakistan should be vary of these chinese infiltration. I read that pakistan computer networks were comprimised aswell.

I dont think pakistan should rely to heavly on china for equipment and support.

This reliance will cause them great troubles in the future.
 
Sorry guys, there is already another thread bout this.

Mods pelase mearge these threadss.
 

Country Latest Posts

Back
Top Bottom