Massive Chinese Espionage Network
The story broke in The New York Times yesterday:
In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.
[…]
Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York.
The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.
The Chinese government denies involvement. It’s probably true; these networks tend to be run by amateur hackers with the tacit approval of the government, not the government itself. I wrote this on the topic last year.
It’s only circumstantial evidence that the hackers are Chinese:
In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.
And here’s the report, from the University of Toronto.
Good commentary by James Fallows:
My guess is that the “convenient instruments” hypothesis will eventually prove to be true (versus the “centrally controlled plot” scenario), if the “truth” of the case is ever fully determined. For reasons the Toronto report lays out, the episode looks more like the effort of groups of clever young hackers than a concentrated project of the People Liberation Army cyberwar division. But no one knows for certain, and further information about the case is definitely worth following.
An excellent article on Wired.com, and another on ArsTechnica.
There’s another paper, released at the same time on the same topic, from Cambridge University. It makes more pointed claims about the attackers and their origins, claims I’m not sure can be supported from the evidence.
In this note we described how agents of the Chinese government compromised the computing infrastructure of the Office of His His Holiness the Dalai Lama.
EDITED TO ADD (3/30): More information on the tools the hackers used.
EDITED TO ADD (3/30): An interview with the University of Toronto researchers.
EDITED TO ADD (4/1): The Chinese government denies involvement.
EDITD TO ADD (4/1): My essay from last year on Chinese hacking.
Chris • March 30, 2009 1:15 PM
I fail to see how the Chinese get to have it both ways here. They can’t have one of the most invasive Internet policing apparatus, and then claim no knowledge of what’s going on. Tacit approval indeed.