Cyber spy network 'smoking gun' for China: expert
Published Sunday, March 29, 2009 11:06PM EDT
A security expert says that a vast cyber spy network unearthed by Canadian researchers is a "smoking gun" which affirms suspicions in the west about Chinese computer espionage.
A Toronto-based research group announced this week that a shadowy, malicious computer bug called GhostNet has so far infected 1295 computers in 103 countries with the aim of spying and relaying private information back to its owners.
While the Citizen Lab research group, based at the Munk Centre for International Studies in Toronto, didn't directly blame China's communist government for the virus, a former CSIS agent said Beijing is clearly responsible.
"They stopped short, unfortunately, at sort of pointing a finger directly at the Chinese government," said security expert Michel Juneau-Katsuya.
"But an associated group ... working with them is quite clear: it is the Chinese government."
Juneau-Katsuya told CTV Newsnet Sunday evening that GhostNet is tantamount to an "act of aggression from the Chinese," who have been pursuing a covert information war since 1999.
"Now we have a smoking gun," he said.
The cyber detectives discovered that many of the targets were computers in the embassies and foreign affairs offices of governments in South Asia and South East Asia.
A computer at NATO was also infected by the malware, which has the ability to scan files, monitor emails and even snoop in a private room by switching on a computer's webcam.
The virus was discovered after researchers launched a sting based on suspicions that the Dalai Lama's office was under attack from computer hackers.
Dermod Travis, who works with the Canada Tibet Committee, said computers at the group's Montreal offices have been targeted by hackers in the past.
"This is a daily occurrence that we see coming at our computers," he said, echoing that China's government is likely to blame.
"We know how to treat them and delete them, but we do have to be vigilant on a daily basis," he said.
"Like you and other Canadians today, I'm shocked at how vast this particular operation is."
Travis added that the Canadian government should be concerned of GhostNet's ramifications on civil liberty and privacy.
"Clearly, this particular operation has gone on far beyond the Tibet movement to ... other countries."
Rafal Rohozinski, one of the report's authors, said the research team first allowed one of their own computers to be infected as a "honey pot."
Then, they tracked the virus and discovered that it had spread a wide net across Asian countries, said Rohozinski, who works with the SecDev Group of researchers.
"Its purpose was not criminal but rather for extracting information," he said, adding the hackers could intercept emails and read files stored on the computer.
"The access to information they had was limitless."