Massive Chinese spynet targeted Dalai Lama

Massive Chinese spynet targeted Dalai Lama

Summary: It all started with the Dalai Lama. The Tibetan leader's offices in India, Brussels, London and New York asked the researchers to examane its computers for malware.

TOPICS: China, CXO, Hardware

It all started with the Dalai Lama. The Tibetan leader's offices in India, Brussels, London and New York asked the researchers to examane its computers for malware. But researchers at the Munk Center for International Studies at the University of Toronto found something much more than garden-variety spyware, John Markoff reports for the New York Times.

This was industrial-strength spyware, controlled from computers almost exclusively based in China, and aimed not just at the Dalai Lama but in fact thousands of computers in 103 countries.

The spy operation, dubbed "GhostNet," has stolen hundreds of documents from government computers around the world, the Toronto researchers say in their report, "Tracking GhostNet" (Scribd) Besides the Dalai Lama, GhostNet appears focused on India and Southeast Asian countries.

Computers based in China ... spying on the Dalai Lama ... Hmm, could the Chinese government be behind GhostNet?

Careful there, say the Toronto researchers.

“We’re a bit more careful about it, knowing the nuance of what happens in the subterranean realms,” said Ronald J. Deibert, a member of the research group and an associate professor of political science at Munk. “This could well be the C.I.A. or the Russians. It’s a murky realm that we’re lifting the lid on.”

Nonsense, say two British researchers at Cambridge.

“What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course,” the Cambridge researchers, Shishir Nagaraja and Ross Anderson, wrote in [their report.]

I can appreciate Toronto's caution, but let's be real. Consider this real-life impact:

After an e-mail invitation was sent by the Dalai Lama’s office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities.

Seems like the Chinese government is pretty on top of this operation, doesn't it? Anyway, here's the inside story of how GhostNet was exposed: Last summer the Dalai Lama invited two computer specialists to examine their computers. They found the systems had been infected and files stolen. They shared the data with Nart Villeneuve, a white hat hacker at Toronto.

Early this month, Mr. Villeneuve noticed an odd string of 22 characters embedded in files created by the malicious software and searched for it with Google. It led him to a group of computers on Hainan Island, off China, and to a Web site that would prove to be critically important.

In a puzzling security lapse, the Web page that Mr. Villeneuve found was not protected by a password, while much of the rest of the system uses encryption.

Mr. Villeneuve and his colleagues figured out how the operation worked by commanding it to infect a system in their computer lab in Toronto. On March 12, the spies took their own bait. Mr. Villeneuve watched a brief series of commands flicker on his computer screen as someone — presumably in China — rummaged through the files. Finding nothing of interest, the intruder soon disappeared.

Through trial and error, the researchers learned to use the system’s Chinese-language “dashboard” — a control panel reachable with a standard Web browser — by which one could manipulate the more than 1,200 computers worldwide that had by then been infected.

Topics: China, CXO, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Terrible lawyering but good detective work

    Just because the Chinese Govt. has and acts on the information doesn't really pin the act of stealing the information on them.

    If I had that information and knew I could sell it, I would.

    Our intelligence agencies gather information in any number of ways (not to mention fabricate stuff to sway public opinion but that is another issue...). Do you think we would turn down information leading to Bin Laden or other adversary just because the place it come from is smelly.

    That China may know the source and is not stopping it is a concern. They should come clean on it.

    I don't see the smoking gun you do and think your case would fail miserably.

    Surely though, if it isn't a case of $, someone may very well be currying favor with the Chinese Govt. to get their other misdeeds overlooked.

    Perhaps the culprit is a sort of Oliver North type who did very illegal things at the request of his Gov. but whose Gov. said they didn't exactly him to do those things. This means of course the real truth will be known by precious few.
    • Agreed that there are too many unanswered questions

      But the respect of the Chinese Communist authorities for the rule of law has never been very high, so it would not at all surprise me to find that they were acting directly (after all, the Dalai Lama has been deemed a public enemy ever since Tibet was annexed). But, as you say, there is no real evidence of that of presented in the article, and it's best not to assume.

      I don't think the moral equivalence angle works very well, since the Dalai Lama is and always has been nonviolent, unless you have some evidence that the US is *currently* spying on our nonviolent critics abroad (stuff that the CIA did 40 years ago isn't really relevant here).
      John L. Ries
    • As this is not a court ....

      I will feel free to make logical leaps without locked-down evidence. We know China employs a global phalanx of online monitors and advocates; we know the DL is a public enemy, as you say; we know all nations have a need to spy on the info ops of others; the op also targeted diplomatic missions around the world; it seemed to target other major competitors like India and SE Asia ...

      Is it so unreasonable to connect the dots here? Or does it defy reason to think that the government is not very closely linked to this operation -- not just receiving the info, but encouraging the authors; indeed, funding them?

  • Windows rooted again

    What better 'heads-up' for the downside of the Windows desktop OS monoculture?

    Every single 'fully patched' Windows machine happily supported this rooting because anti-virus software can only protect against known exploits. How many other 'unknown' exploits are quietly shafting Windows PCs all over the world?

    OS diversification, no matter how much Microsoft squeal and whine, is the only way to limit the efficacy of exploits like this. Windows is inherently less secure than the Unixes by design, and will forever be so, as long as 'naughty code' can be installed and run on a Windows machine, with no end-user intervention.
  • RE: Massive Chinese spynet targeted Dalai Lama

    Canada and the US and Europe too have kowtowed
    to China for so long that we are now in bed with a
    complete dictatorship. Is it any surprise the PRC is
    infecting our computers and spying on us?
    • A government that doesn't respect the rights of its own citizens...

      ...isn't likely to respect the rights of foreigners either. We've seen totalitarian and otherwise dictatorial regimes assassinate people on foreign soil in the past (those old enough might remember the Letelier assassination which took place in Washington, DC in 1975), so we shouldn't be surprised if such regimes feel free to spy on people they find threatening, local laws, and the Universal Declaration of Human Rights withstanding.

      And yes, I'm aware of what the US government is alleged to have done in foreign countries in the name of the "War on Terrorism". I don't condone it, but the interesting thing is that US citizens like myself can discuss it publicly (under our own names, even), without fear of recrimination from either the federal government, or our more "patriotic" fellow-citizens. This is even true here in staunchly Republican Utah, one of the few states where former President George W. Bush was always popular. Try doing that in China.

      I'm not suggesting we go to war against China, or that we withdraw recognition from the Communist regime, but we shouldn't regard them as much friendlier than the old Soviet Union was either. As Richard Nixon long ago said to Mao Tse-Tung, we cannot be friends, but we cannot afford to be enemies.

      John L. Ries
  • Will the Chinese Shut Down the Hacking?

    Whether or not the Chinese shut down the hackers will tell us a lot about who funds and runs the operations. Now that the Chinese hacking is public knowledge and that even the locations have been identified, the Chinese have been backed into a corner. If the hacking continues it will demonstrate one of two things: Either the Chinese are inept at locating and shutting down the hacking (which a moderately skilled Sys Admin and a few cops can do) or it will prove that the Chinese government sanctions and perhaps even funds the hacking.
    • Absolutely right

      Either the operation will be broken up and the perpetrators will spend time in prison (or a labor camp with the rest of the subversives), or it has at least the informal blessing of the Chinese government.

      There is literally no middle ground here.
      John L. Ries
  • RE: Massive Chinese spynet targeted Dalai Lama

    Well, the U.S. better be keeping their eyes open. We have so much corruption in our governments I wouldn't trust them not to sell us out, they would sell out their own grandmothers for enough dough.
  • Most amusing...

    It took better than 48 hours to (finally) get the news that, like most malware, this is a Microsoft monopoly exclusive problem.