Page last updated at 17:33 GMT, Sunday, 29 March 2009 18:33 UK

Major cyber spy network uncovered

A computer keyboard (file image)
There is no conclusive evidence of Chinese government involvement

An electronic spy network, based mainly in China, has infiltrated computers from government offices around the world, Canadian researchers say.

They said the network had infiltrated 1,295 computers in 103 countries.

They included computers belonging to foreign ministries and embassies and those linked with the Dalai Lama - Tibet's spiritual leader.

There is no conclusive evidence China's government was behind it, researchers say. Beijing also denied involvement.

The report, Tracking GhostNet: Investigating a Cyber Espionage Network, comes after a 10-month investigation by the Information Warfare Monitor (IWM), which comprises researchers from Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies.

They were acting on a request from the Tibetan spiritual leader's office to check whether the computers of his Tibetan exile network had been infiltrated.

Researchers found that ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan appear to had been targeted.

Hacked systems were also discovered in the embassies of countries including India, South Korea, Indonesia, Romania, Cyprus, Thailand, Germany and Pakistan.

Analysts say the attacks are in effect industrial espionage, with hackers showing an interest in the activities of lawmakers and major companies.


The researchers said hackers were apparently able to take control of computers belonging to several foreign ministries and embassies across the world using malicious software, or malware.

"We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama," investigator Greg Walton was quoted by the Associated Press news agency as saying.

The Dalai Lama
The Dalai Lama fled Tibet to go into exile 50 years ago

They say they believe the system, which they called GhostNet, was focused on governments in Asia.

By installing malware on compromised computers, hackers were able to take control of them to send and receive classified data.

In this case, the software also gave hackers the ability to use audio and video recording devices to monitor the rooms the computers were in. But investigators said they did not know whether or not this element had been used.

According to the New York Times, the spying operation is the largest to have been uncovered in terms of the number of countries affected.

In an abstract for a second report released on Sunday by two Cambridge University researchers - entitled The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement - investigators said while such attacks were not new, these particularly stood out for their ability to collect "actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed".

CORRECTION: The BBC News website mistakenly gave the impression in an earlier version of this story that the IWM produced the "Snooping Dragon" report. We wish to stress that this report is entirely separate from the "Tracking GhostNet" report.

Print Sponsor

China spying 'biggest US threat'
15 Nov 07 |  Americas
US and China agree hotline plan
29 Feb 08 |  Asia-Pacific
US panel supports China net laws
24 Oct 07 |  Business

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific