Chinese hack into Indian embassies, steal Dalai Lama's documents

[Gabbar]

Chinese hack into Indian embassies, steal Dalai Lama's documents

A China-based cyber spy network has hacked into government and private systems in 103 countries, including those of many Indian embassies and the Dalai Lama, an Internet research group said in Toronto on Saturday.

The Information Warfare Monitor (IWM), which carried out an extensive 10-month research on cyber spy activities emanating from China, said the hacked systems include the computers of Indian embassies and offices of the Dalai Lama.

Without identifying Indian embassies, the group said all evidence points to China as the source of this spy espionage.

The group said it has evidence that the hackers managed to install a software called malware on the compromised computers to steal sensitive documents, including those from the Dalai Lama's offices.

The group began its research after Tibetan exiles made allegations of cyber spying by the Chinese.

After initial investigations when the group widened it research it found that the China-based cyber espionage had hacked computer systems of embassies of India, Pakistan, Germany, Indonesia, Thailand, South Korea and many other countries.

In all, the hackers had gained access to 1,295 computer systems of foreign ministries of many countries, including Bhutan, Bangladesh, Latvia, Indonesia, Iran, and the Philippines, the researchers said.

After gaining access to foreign government and private computer systems, the hackers installed malware to exercise control over these computer systems to access any documents.

"We have been told by the researchers that the Chinese hackers have gained access to our computers systems all over the world, and taken sensitive documents from the office of His Holiness (the Dalai Lama)," Toronto-based Tibetan student leader Bhutila Karpoche told IANS.

She said, "Our website (studentsforafreetibet.org) has been repeated hacked, and we keep getting all kinds of viruses in our emails. This trend has increased in recent months, and we have become very wary about opening our emails."

The findings of the 10-month investigation titled 'Tracking GhostNet:

Investigating a Cyber Espionage Network,' will be released on Monday
Chinese hack into Indian embassies, steal Dalai Lama's documents- Hindustan Times

 

[Gabbar]

Major cyber spy network uncovered
BBC NEWS | Americas | Major cyber spy network uncovered

An electronic spy network, based mainly in China, has infiltrated computers from government offices around the world, Canadian researchers say.

They said the network had infiltrated 1,295 computers in 103 countries.

They included computers belonging to foreign ministries and embassies and those linked with the Dalai Lama - Tibet's spiritual leader.

There is no conclusive evidence China's government was behind it, researchers say. Beijing also denied involvement.

The report comes after a 10-month investigation by the Information Warfare Monitor (IWM), which comprises researchers from Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies.

They were acting on a request from the Tibetan spiritual leader's office to check whether the computers of his Tibetan exile network had been infiltrated.

Researchers found that ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan appear to had been targeted.

Hacked systems were also discovered in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.

Analysts say the attacks are in effect industrial espionage, with hackers showing an interest in the activities of lawmakers and major companies.

Compromised

The researchers said hackers were apparently able to take control of computers belonging to several foreign ministries and embassies across the world using malicious software, or malware.

"We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama," investigator Greg Walton was quoted by the Associated Press news agency as saying.


The Dalai Lama fled China into exile 50 years ago

They say they believe the system, which they called GhostNet, was focused on governments in Asia.

By installing malware on compromised computers, hackers were able to take control of them to send and receive classified data.

In this case, the software also gave hackers the ability to use audio and video recording devices to monitor the rooms the computers were in. But investigators said they did not know whether or not this element had been used.

According to the New York Times, the spying operation is the largest to have been uncovered in terms of the number of countries affected.

In an abstract for the report entitled The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement - posted on the IWM website - investigators said while such attacks were not new, these particularly stood out for their ability to collect "actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed".

 

[Communist]

Major cyber spy network uncovered

There is no conclusive evidence China's government was behind it, researchers say. Beijing also denied involvement.

Self contradictory report. BBC is gradually degrading day by day.

 

[Communist]

Thus it is a mere propaganda.

 

[Gabbar]

Canadian research uncovers cyber espionage network
Canadian research uncovers cyber espionage network

Canadian researchers have uncovered an internet spy network, based almost exclusively in China, that has hacked into computers owned by governments and private organizations in 103 countries.

The findings follow a 10-month investigation by researchers from the Ottawa-based think tank SecDev Group and the Munk Centre for International Studies at the University of Toronto.

The group was initially asked to look into allegations that the Chinese were hacking into computers set up by the Tibetan exile community, but their work eventually led them to a much wider network of compromised computers.

Once the hackers infiltrated the systems, they installed malware — software that sends and receives data. By doing this, they were able to gain control of the electronic mail server computers of the Dalai Lama’s organization, the group said.

The researchers said the spy network, dubbed GhostNet, infiltrated at least 1,295 computers, many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centres in India, Brussels, London and New York.

"Significantly, close to 30 per cent of the infected computers can be considered high-value and include the ministries of foreign affairs in Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan," the researchers said.

Other compromised computers were discovered at embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.

The list continues with the network infiltrating economic organizations in Southeast Asia, news organizations, and an unclassified computer located at NATO headquarters. Although almost all the hackers were based in China, the researchers could not say if they are working for the government.

A spokesman for the Chinese consulate in New York dismissed the idea that China was involved.

The spokesman, Wenqi Gao, told the New York Times these are "old stories" and "nonsense."

 

[Gabbar]

Self contradictory report. BBC is gradually degrading day by day.

And your monkey is getting old by the minute.

 

[Gabbar]

COMMUNIST IF YOU NEED MORE "CREDIBLE" SOURCES LET ME KNOW!!!!

Vast Spy System Loots Computers in 103 Countries

TORONTO — A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.
In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware.

Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York.

The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.

Intelligence analysts say many governments, including those of China, Russia and the United States, and other parties use sophisticated computer programs to covertly gather information.

The newly reported spying operation is by far the largest to come to light in terms of countries affected.

This is also believed to be the first time researchers have been able to expose the workings of a computer system used in an intrusion of this magnitude.

Still going strong, the operation continues to invade and monitor more than a dozen new computers a week, the researchers said in their report, “Tracking ‘GhostNet’: Investigating a Cyber Espionage Network.” They said they had found no evidence that United States government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated.

The malware is remarkable both for its sweep — in computer jargon, it has not been merely “phishing” for random consumers’ information, but “whaling” for particular important targets — and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed.

The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined. Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lama’s organization.

The electronic spy game has had at least some real-world impact, they said. For example, they said, after an e-mail invitation was sent by the Dalai Lama’s office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities.

The Toronto researchers said they had notified international law enforcement agencies of the spying operation, which in their view exposed basic shortcomings in the legal structure of cyberspace. The F.B.I. declined to comment on the operation.

Although the Canadian researchers said that most of the computers behind the spying were in China, they cautioned against concluding that China’s government was involved. The spying could be a nonstate, for-profit operation, for example, or one run by private citizens in China known as “patriotic hackers.”

“We’re a bit more careful about it, knowing the nuance of what happens in the subterranean realms,” said Ronald J. Deibert, a member of the research group and an associate professor of political science at Munk. “This could well be the C.I.A. or the Russians. It’s a murky realm that we’re lifting the lid on.”

A spokesman for the Chinese Consulate in New York dismissed the idea that China was involved. “These are old stories and they are nonsense,” the spokesman, Wenqi Gao, said. “The Chinese government is opposed to and strictly forbids any cybercrime.”

The Toronto researchers, who allowed a reporter for The New York Times to review the spies’ digital tracks, are publishing their findings in Information Warfare Monitor, an online publication associated with the Munk Center.

At the same time, two computer researchers at Cambridge University in Britain who worked on the part of the investigation related to the Tibetans, are releasing an independent report. They do fault China, and they warned that other hackers could adopt the tactics used in the malware operation.

“What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course,” the Cambridge researchers, Shishir Nagaraja and Ross Anderson, wrote in their report, “The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement.”
In any case, it was suspicions of Chinese interference that led to the discovery of the spy operation. Last summer, the office of the Dalai Lama invited two specialists to India to audit computers used by the Dalai Lama’s organization. The specialists, Greg Walton, the editor of Information Warfare Monitor, and Mr. Nagaraja, a network security expert, found that the computers had indeed been infected and that intruders had stolen files from personal computers serving several Tibetan exile groups.

Back in Toronto, Mr. Walton shared data with colleagues at the Munk Center’s computer lab.

One of them was Nart Villeneuve, 34, a graduate student and self-taught “white hat” hacker with dazzling technical skills. Last year, Mr. Villeneuve linked the Chinese version of the Skype communications service to a Chinese government operation that was systematically eavesdropping on users’ instant-messaging sessions.

Early this month, Mr. Villeneuve noticed an odd string of 22 characters embedded in files created by the malicious software and searched for it with Google. It led him to a group of computers on Hainan Island, off China, and to a Web site that would prove to be critically important.

In a puzzling security lapse, the Web page that Mr. Villeneuve found was not protected by a password, while much of the rest of the system uses encryption.

Mr. Villeneuve and his colleagues figured out how the operation worked by commanding it to infect a system in their computer lab in Toronto. On March 12, the spies took their own bait. Mr. Villeneuve watched a brief series of commands flicker on his computer screen as someone — presumably in China — rummaged through the files. Finding nothing of interest, the intruder soon disappeared.

Through trial and error, the researchers learned to use the system’s Chinese-language “dashboard” — a control panel reachable with a standard Web browser — by which one could manipulate the more than 1,200 computers worldwide that had by then been infected.

Infection happens two ways. In one method, a user’s clicking on a document attached to an e-mail message lets the system covertly install software deep in the target operating system. Alternatively, a user clicks on a Web link in an e-mail message and is taken directly to a “poisoned” Web site.

The researchers said they avoided breaking any laws during three weeks of monitoring and extensively experimenting with the system’s unprotected software control panel. They provided, among other information, a log of compromised computers dating to May 22, 2007.

They found that three of the four control servers were in different provinces in China — Hainan, Guangdong and Sichuan — while the fourth was discovered to be at a Web-hosting company based in Southern California.

Beyond that, said Rafal A. Rohozinski, one of the investigators, “attribution is difficult because there is no agreed upon international legal framework for being able to pursue investigations down to their logical conclusion, which is highly local.”

CLICK BELOW TO SEE PICTURE:
The New York Times > Technology > Image > The Vast Reach of ‘GhostNet’

 

[Communist]

And your monkey is getting old by the minute.

Thats racist slur. Though its off topic, but should one forget operation shuddhikaran or bluestar?

 

[Gabbar]

Thats racist slur. Though its off topic, but should one forget operation shuddhikaran or bluestar?

How is that racial slur, I am refering to your Avatar.

 

[Communist]

How is that racial slur, I am refering to your Avatar.

And I was referring to BBC.

 

[gubbi]

And I was referring to BBC.

How much does the Chinese govt pay u per post?

 

[Communist]

How much does the Chinese govt pay u per post?

As much as the RAW-CIA pays you per post.

 

[Gabbar]

self delete.

 

[SSGPA1]

In this age all countries are supposed to do that. Problem is that Chinese got cuaght and others are not.

Would this make any difference? Yes, now Chinese will be more careful.

 

[wtf]

Thus it is a mere propaganda.

If it is one, Seems like it is remarkably effective.

Pakistani, Australian and Indian newspapers have picked it up today (US newspapers and British ones had the same info yesterday). The original study is Canadian, not sure if they have a bias for or against China.

Daily Times - Leading News Resource of Pakistan

Beijing's army of spies casts wide net | The Australian

'China's spy operation infiltrated many comps'