A spy network, mainly based in China, has been said to have infiltrated computer networks from government offices around the world, according to Canadian researchers. However, even though they are located in China, there is no conclusive evidence of China being involved.
Called “GhostNet”, it has become the largest reported spying operation to come to light. It has also been believed that this is the first time that researches have been able to expose the workings of the spy network.
The researchers were asked by the Dalai Lama, the Tibetan leader who was forced to leave after the Chinese invaded the area, to examine the computers for signs of malicious software or malware.
The report, published on the weekend, has said that 1,295 computers, located in 103 countries, have been infiltrated in less than two years. Many of the computers belong to embassies, foreign ministries and other government offices, along with offices linked to the Dalia Lama’s office in exile in India, Brussels, London and New York.
The published document in Scribd, which is below the article, has censored several pieces of information; but has listed three servers in China and one in the United States as “control servers”, and six other Chinese and Hong Kong-based servers as “control/command servers”. However, a report in the New York Times has revealed that the US server is based in North California for a web hosting company.
It also revealed the interface of the network, which shows a “Send Command” link, allowing the attacker to send specific commands to a selected computer infected to be part of the spying operations. This would allow the spy to download binaries, which could include keystroke logging; acquire system information or cause the malware to be dormant.
The report has shown that Vietnam and Taiwan had the largest number of infections, with Vietnam having 130 computers infected, and Taiwan having 148 computers infected.
Also listed were the embassies in Australia belong to Germany and Malta, the Associated Press bureaux in London, NATO and ASEAN have been affected. However, a report has found that no evidence that any computers in any of the United States government offices have been infected.
Image from: pilipala9/Flickr (CC)