Skip to: Content
Skip to: Site Navigation
Skip to: Search

Terrorism & Security

Cyber spy network with global reach raises alarms

University of Toronto researchers say that hackers, using servers in China, infiltrated government and private systems in 103 countries.

By / March 29, 2009

• A daily summary of global reports on security issues.

Skip to next paragraph

Recent posts

A group of hackers based almost exclusively in China has hacked into 1,295 computers in 103 countries. Canadian researchers at the University of Toronto revealed that cyber spies infiltrated systems in foreign ministries, embassies, international organizations, and the offices of the Dalai Lama. Thirty percent of the targeted computers could be considered "high-value" targets. No US government computers were compromised; however, the cyber spies broke into a NATO computer for half a day.

The Chinese government has denied any connection to the group and it remains unclear who is responsible and whether they worked for an official intelligence agency. In their report (to read it, click here) which was published in the Information Warfare Monitor on Sunday, the researchers said that their investigation "raises more questions than it answers," but their findings should serve as a "wake-up call."

At the very least, a large percentage of high-value targets compromised by this network demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spinet…These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly.

The University of Toronto team began its investigation at the request of the office of the Dalai Lama, but ultimately discovered that, in addition to targeting the exiled Tibetan leader, the spy network was focusing on South Asian and Southeast Asian countries, reports Canada's Globe and Mail. Malware installed by the spy network could activate infected computers' cameras and microphones, allowing cybersleuths to see and hear what was happening in the room.

The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies but in most cases the contents of the stolen files have not been determined.
Working with the Tibetans, however, the researchers found specific correspondence had been stolen and the intruders had gained control of the electronic mail server computers of the Dalai Lama's organization.

A map printed in The New York Times shows where computers were infected. The Times also reports that although reports indicate that most of the computers responsible for the cyberespionage are located in China, investigators have cautioned against drawing conclusions that Chinese authorities were involved.

The spying could be a nonstate, for-profit operation, for example, or one run by private citizens in China known as "patriotic hackers."
"We're a bit more careful about it, knowing the nuance of what happens in the subterranean realms," said Ronald J. Deibert, a member of the research group and an associate professor of political science at [the Munk Center for International Studies at the University of Toronto]. "This could well be the C.I.A. or the Russians. It's a murky realm that we're lifting the lid on."

Read Comments

View reader comments | Comment on this story