University of Toronto researchers announced that they have uncovered a cyberspying network based in China that has infected more than 1,295 computers in 103 countries, calling the discovery "a wake-up call."
More than 30 per cent of the infected hosts of the malware-based network now called GhostNet are considered high-value targets and include computers located in various ministries of foreign affairs, embassies, international organizations, news media, non-government organizations and even the private office of the Dalai Lama, the head of Tibet's government-in-exile, according to a report released by SecDev Group, a research organization based in Ottawa and Citizen Lab and Internet research team headquartered at the Munk Centre for International Studies at U of T.
Infected machines were found in the foreign ministries of Bangladesh, Barbados, Bhutan, Brunei, Indonesia, Iran, Latvia and the Philippines. Infected computers were also found at the embassies of Cyprus, Germany, India, Malta, Pakistan, Portugal, Romania, South Korea, Thailand and Taiwan, the report called "Tracking GhostNet: Investigating a Cyber Espionage Network," said.
Although the researchers are careful to stress that the report should not be used to “point fingers” at any government, they say evidence indicate that the Chinese government may be involved.
“Among the information stolen were a list of foreign dignitaries that have contacts with the Dalai Lama, e-mail correspondences and intenirary,” said Greg Walton, senior security researcher for the OpenNet Initiative and fellow at the Citizen Lab.
In another instance, he said, a Tibetan woman who worked for an NGO was recently picked up by Chinese authorities upon her return to her country. The woman told researchers that authorities who interrogated her confronted her with details of her online correspondence.
“This would suggest that a government is being targeted and that the Chinese government may have a part. But this is circumstantial evidence,” he said at a press conference yesterday at the Munk Center in Toronto.
“This should serve as a call to action to government agencies around the world to develop policies around preventing these activities,” said Janice Stein, head of the Munk Centre.
“We believe Canada should play a critical if not leading role in this initiative since we have the expertise in the area,” she said.
The network had three servers based in the Chinese mainland and a fourth located in the United States, said Nart Villenueve, another Citizen Lab fellow and the researcher credited for finding the servers by doing a Google search on a data string.