In what will come as no surprise to many the Information War Monitor has exposed a Chinese hacking group (the so-called GhostNet) who had infiltrated over 1000 computers in over 100 countries, 30% of which were considered to be “high-value” targets (i.e. belonging to government agencies, international organisations etc.). Perhaps most telling was the number of foreign embassy’s infected and possible targeting of Taiwan and the Dalai Lama in particular.
The Trojan horse program, typically spread through email attachments, gave the attackers complete control of the infected computers allowing them to search and download files, log keystrokes, and control attached devices such as webcams or microphones. Command servers were identified and traced to be in mainland China (Hainan, Guangdong, Sichuan and Jiangsu) as well as one in Hong Kong and the US. Hainan Island is home to the Lingshui signals intelligence facility of the People’s Liberation Army although no concrete evidence could be found to link them.
Even more worrying is the fact that because of the inherent insecurity of the Internet’s design almost anyone can mount a cyber-attack with easily downloadable hacking toolkits and a basic understanding of the technology. Whilst these intrusions were traceable to IP addresses in China there is no evidence to be able to say whether the activity was government-sanctioned or just a kid in his bedroom. Catching those responsible who are more likely than not on the other side of the world under different jurisdictions is almost impossible currently. China has denied any involvement and described the study as “nonsense”.
Whilst little is known of the current sophistication of cyber espionage it is believed that the US, UK, and Israel are currently leaders in this field and clearly China wants a part in it. Most previous cyberattacks such as those in the Russia-Georgia conflict have been tracked to nationalistic individuals acting alone.
The report, which covers the findings of their 10-month investigation, is fascinating reading if you’re interested in computer security and the technicalities of how these attacks work. For more on the inner mind of cybercriminal organisations in China check out The Dark Visitor blog.