Cyber Espionage From State Governments? Don't Be Surprised

Did the Chinese government, for strategic purposes, infiltrate more than 1,200 computers in 103 countries to spy on nations' embassies and government agencies, in addition to the NATO military alliance and even the Deloitte & Touche consultancy?

While not claiming absolute proof, the just-released report "Tracking GhostNet: Investigating a Cyber Espionage Network" says "circumstantial evidence" strongly suggests "this set of high profile targets has been exploited by the Chinese state for military and strategic-intelligence purposes."

The Chinese government strongly refutes those charges, calling them "rumors about so-called Internet spies" and "entirely fabricated." But some say it's naïve to presume that China -- and the United States and other nations as well -- don't engage in cyber-espionage.

"It's part of the intelligence game. I suspect we know exactly what's happening," says Murray Jennex, associate professor in the Information and Decision Systems Department at San Diego State University.

Jennex, who says he spent time in Eastern Europe working on utilities projects, directly experienced cyber-espionage incidents when his e-mail was intercepted and fed to newspapers.

The point, he says, is that cyber-espionage is real and governments do it, and the kind of things that China is accused of in the GhostNet report might also be something that other countries, including the United States, might stand accused of one day, too.

"Our own people may be doing the same thing," Jennex says. He says cyber-espionage, far from being an aberration, is in some respects "a normal thing that will happen and continue to happen."

The GhostNet report -- which claims there's a vast espionage network of compromised government and industry computers around the world linked back to China -- is the collaborative effort of investigators associated with SecDev Group and the University of Toronto's Munk Centre for International Studies.

Starting with the computers of monks working for the Dalai Lama's Tibetan Government in Exile -- a political entity in conflict with the Chinese government for several years -- the team of investigators claim to have uncovered what they say is computer infiltration spread across several countries' embassies, private firms, and broadband service providers back to command-and-control servers in China and Hong Kong, plus one in the United States.

The investigative team concluded at least 1,295 computers in 103 countries had been methodically compromised with malware that could remove documents without the targets' knowledge, log keystrokes, turn on Web cameras and audio inputs.

According to the report, there's a "covert, difficult-to-detect and elaborate cyber-espionage system capable of taking full control of affected systems" that leads back to China.

While circumstantial evidence points to the Chinese government, the GhostNet report concludes there could be other explanations, such as a criminal network, "patriotic hackers" acting on their own, or an entirely different government doing reconnaissance and surveillance hiding behind the smokescreen of appearing to look like China.

"It's difficult to prove, so they won't say exactly who is doing it," Jennex says. "You don't want to say anything without absolute proof."

It's not the first time that China has been accused of cyber-espionage.  In December 2007, the British government publicly accused China of conducting espionage in British banks and accounting firms, a charge China firmly denied.

Subscribe to the Security Watch Newsletter

Comments