Monday, March 30, 2009

Chinese Cyber War

From The Times of London here:

A spy network believed to have been controlled from China has hacked into classified documents on government and private computers in 103 countries, according to internet researchers. The spy system, dubbed GhostNet, is alleged to have compromised 1,295 machines at Nato and foreign ministries, embassies, banks and news organisations across the world, as well as computers used by the Dalai Lama and Tibetan exiles.

The work of Information Warfare Monitor (IWM) investigators focused initially on allegations of Chinese cyber-espionage against the Tibetan exile community, but led to a much wider network of compromised machines. IWM said that, while China appeared to be the main source of the network, it had not been able conclusively to identify the hackers. The IWM is composed of researchers from an Ottawa-based think-tank, SecDev Group, and the Munk Centre for International Studies at the University of Toronto.

They found that the foreign ministries of Iran, Bangladesh, Latvia, Indonesia, the Philippines, Brunei, Barbados and Bhutan had been spied on remotely, and the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan hacked.


and this:

The IWM report said: “GhostNet represents a network of compromised computers in high-value political, economic and media locations in numerous countries worldwide. These organisations are almost certainly oblivious to the compromised situation in which they find themselves. The computers of diplomats, military attachés, private assistants, secretaries to prime ministers, journalists and others are under the concealed control of unknown assailant(s).

“In Dharamsala [the headquarters of the Tibetan government in exile] and elsewhere, we have witnessed machines being profiled and sensitive documents being removed. Almost certainly, documents are being removed without the targets’ knowledge, key-strokes logged, web cameras are being silently triggered and audio inputs surreptitiously activated.”

Chinese hackers are thought to have targeted Western networks repeatedly. Computers at the Foreign and Commonwealth Office and other Whitehall departments were attacked from China in 2007. In the same year, Jonathan Evans, the MI5 Director-General, alerted 300 British businesses that they were under Chinese cyber-attack.


and this scary paragraph:

British intelligence chiefs have warned recently that China may have gained the capability effectively to shut down Britain by crippling its telecoms and utilities. Equipment installed by Huawei, the Chinese telecoms giant, in BT’s new communications network could be used to halt critical services such as power, food and water supplies, they said.


Of course, the Chinese take offense at being accused and try to deflect the blame back towards the accuser (a very old interrogation technique, guys!):

The Chinese Embassy in London said that there was no evidence to back up the claim that the Chinese Government was behind GhostNet and alleged that the report had been “commissioned by the Tibetan government in exile”.

Liu Weimin, a spokesman, said: “I will not be surprised if this report is just another case of their recent media and propaganda campaign. In China, it is against the law to hack into the computers of others, and we are victims of such cyber-attack. It is a global challenge that requires global cooperation. China is an active participant in such cooperation in the world.”


What is the proper assessment of these Chinese actions? Are they just performing normal intelligence gathering and probing for weak spots? Are they preparing to aid some entity in a manner which benefits their ultimate goals? Is a cyber cold war underway? What it is not, is an episode from "24".

No comments: