GhostNet
 | This article documents a current event. Information may change rapidly as the event progresses, and initial news reports may be unreliable. The latest updates to this article may not reflect the most current information. (March 2009) |
GhostNet is the name given to an electronic spying operation allegedly based mainly in the People's Republic of China, and which has allegedly infiltrated at least 1,295 computers in 103 countries, including many belonging to banks, foreign embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India, Brussels, London, and New York City.[1][2]
'GhostNet' was discovered by researchers at the University of Toronto's Munk Centre for International Studies in collaboration with the University of Cambridge's Computer Laboratory after a 10-month investigation, and its workings were reported by The New York Times on March 29, 2009.[1][3] Investigators focused initially on allegations of Chinese cyber-espionage against the Tibetan exile community where email correspondence and other data were stolen,[4] but this led to a much wider network of compromised machines.
The system disseminates malware to selected recipients via computer code attached to stolen emails and addresses, thereby expanding the network by allowing more computers to be infected. Once infected, a computer can be controlled or inspected by its hackers.[1]
Compromised systems were discovered in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan. The foreign ministries of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan were also targeted.[5][6] No evidence was found that U.S. or U.K. government offices were infiltrated, although a NATO computer was monitored for half a day and the computers of the Indian embassy in Washington, D.C. were infiltrated.[6][7][8]
While a report from researchers at Cambridge University says they believe that the Chinese government is behind the attacks, [9] the researchers could not conclude that the Chinese government was responsible for the spy network, and noted alternative possibilities such as an operation run by private citizens in China for profit or for patriotic reasons, or intelligence agencies from another country.[1] The Chinese government has denied any involvement, stating that China "strictly forbids any cyber crime".[5][4]
References
- ^ a b c d "Vast Spy System Loots Computers in 103 Countries". New York Times. March 28, 2009. Retrieved March 29, 2009.
- ^ CTV.ca: News Video
- ^ "Researchers: Cyber spies break into govt computers". Associated Press. March 29, 2009. Retrieved March 29, 2009.
- ^ a b China-based spies target Thailand. Bangkok Post, March 30, 2009. Retrieved on March 30, 2009
- ^ a b "Major cyber spy network uncovered". BBC News. March 29, 2009. Retrieved March 29, 2009.
- ^ a b "Canadians find vast computer spy network: report". Reuters. March 28, 2009. Retrieved March 29, 2009.
- ^ "Spying operation by China infiltrated computers: Report". The Hindu. March 29, 2009. Retrieved March 29, 2009.
- ^ "'World's biggest cyber spy network' snoops on classified documents in 103 countries". The Times. March 29, 2009. Retrieved March 29, 2009.
- ^ Nagaraja, Shishir (March 2009). "The snooping dragon: social-malware surveillance of the Tibetan movement" (PDF). Computer Laboratory, University of Cambridge.
{{cite web}}: Unknown parameter|coauthors=ignored (|author=suggested) (help)