鲜花( 1) 鸡蛋( 0)
|
By The Canadian Press. o- F: s7 j1 ?7 q! F
0 w2 z6 \1 x) M# v; _8 f
4 M1 M% o9 f% [/ l0 {# T# x8 qTORONTO - A cyber spy network based mainly in China has tapped into classified documents from government and private organizations in 103 countries, including the computers of Tibetan exiles, Canadian researchers said Saturday.* M, P- Z1 E4 {5 z$ t
7 c7 j3 h, B5 H$ z
The work of the Information Warfare Monitor initially focused on allegations of Chinese cyber espionage against the Tibetan community in exile, especially the Dalai Lama, who is frequently denounced by Chinese officials.6 r% o# \# i& l# A6 ]
1 `8 h: L9 w4 W l8 U+ v5 Y
The research eventually led to a much wider network of compromised machines, the Internet-based research group said.# n, p! e9 J4 I8 A0 X
' @" K' r( X. d, j, o
Information Warfare Monitor is a joint effort of the SecDev Group in Ottawa and the Citizen Lab at the University of Toronto.: ?% R8 Y, u3 t4 |1 a; d Y. d
- |, d6 _6 l- c# g% p1 ]
The group said in a news release Sunday that investigators conducted field research in India, Europe and North America, including in the private office of the Dalai Lama, the Tibetan government-in-exile and several Tibetan NGOs.
: Q: \! l2 ?8 ]5 c
. `# Z0 E0 p5 S, f& I7 WInvestigator Greg Walton said: "We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama."
5 ], H S0 q" |; J1 P3 A, p5 H0 u& G
# |* S: ^) d2 |8 hDuring the second phase of the investigation, the data led to the discovery of insecure, web-based interfaces to four control servers. The interfaces allow attackers to send instructions to and receive data from compromised computers.
. v0 g1 V, V+ `) y6 `
4 K% @3 I; ~; b* k& }0 x1 ^! y6 s"What we found is not so much unprecedented in scope and sophistication," said Nart Villeneuve, a senior IWM analyst.( h, p2 S `% q: [
6 U- U& A/ P; v
"But the relatively small size of the network and concentration of high-value targets is significant. It does not fit the profile for a typical cyber crime network."% W: p- L3 |, _* H) U c
. i" {6 a J( \, R# GPrincipal investigators Ron Deibert and Rafal Rohozinski said: "This report serves as a wake-up call."" s+ \5 ~% j' D' P% K% b
* s" }# h8 X% M4 h"At the very least, the large percentage of high-value targets compromised by this network demonstrates the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet."
n7 d; i% S8 T2 A( X9 m7 v
. m# _' O* r5 G4 r9 [2 yThe compromised computers included, among many others, the ministry of foreign affairs of Iran; the embassies of India, South Korea, Indonesia, Thailand, Taiwan, Portugal, Germany and Pakistan; the ASEAN Secretariat; the Asian Development Bank; news organizations and an unclassified computer located at NATO headquarters.; j" D; J% ?. A/ J y# ?
- x5 q+ D/ j3 l2 WThe research group said while its analysis points to China as the main source of the network, it has not conclusively been able to detect the exact identity or motivation of the hackers.: R* `+ F [$ b1 S7 c4 e% u
& {2 |7 R2 G! ^! B/ PA spokesman for the Chinese Consulate in New York dismissed the idea that China was involved.# O5 `2 _: s5 u* @+ o
2 t0 u9 m3 }5 X3 E- VThe researchers said they have notified international law-enforcement agencies of the spying operation.
h5 Z0 N4 s9 p+ K5 [$ K( o! f- w/ [, @& N' z
The F.B.I. declined comment on the operation.( X' M' B) g w! J y0 l& A5 p: k& n
; }# {. U- H: EThe full report of the investigation entitled, "Tracking GhostNet: Investigating a Cyber Espionage Network," was released online Sunday. |
|