Security Briefing – 31 March 2009

Chinese cyber-espionage network penetrates 103 countries

Two reports published by the universities of Cambridge and Toronto have claimed that a huge electronic espionage system run from servers in China has been used to spy on individuals, governments and organisations. The so-called ‘GhostNet’ system is alleged to have infiltrated 1,295 computers in 103 countries and has targeted foreign ministries and embassies, mainly in south and south-east Asia, as well as the offices of the Dalai Lama.

Chinese government denies involvement

The Cambridge authors of ‘The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement’ directly accuse the Chinese government of cyber-attacking Tibetan exile groups but the Canadian researchers (from the Information Warfare Monitor) are more cautious, saying the attacks could just have been the work of isolated hackers. Most of the servers running GhostNet are in China, while two are in Hong Kong and the United States. The 10 month investigation began after Tibetan officials became concerned about possible communication interceptions and commissioned the Toronto researchers to examine their computers.

China moved quickly to dismiss the cyber-espionage claims, with analysts claiming that the reports were being used by the West to exaggerate the Chinese threat. The Chinese embassy in London said that the reports were part of a ‘propaganda campaign’ by the exiled Tibetan government and that there was no evidence to suggest that the Chinese government had been involved.

Need for heightened levels of cyber-security

The Canadian researchers warned that the infiltration of government computers around the world showed the need for Internet security to be taken more seriously by federal governments. Peter Van Loan, Canadian Minister for Public Safety, stated that every day people were trying to breach government’s computer systems and he said that such a security threat would only increase in future years.

Governmental security services have often blamed cyber attacks on other countries. In 2007, the UK’s MI5 Director-General, Jonathan Evans, warned that 300 British businesses were the subject of Chinese cyber-attacks. The latest US-China Economic and Security Review Commission’s annual report, published in November 2008, found that Chinese hackers had compromised the computer systems of US government agencies and defence companies. Furthermore, the US Department of Justice arrested four individuals in February 2009 for sending stolen military and aerospace secrets to China.

International Operations Group - Services

Cases of governmental and corporate espionage are set to increase during 2009 as economic pressures build during the global financial crisis. NATO opened a ‘cyber defence centre’ in 2008 to help member states successfully counter cyber-threats, while UN secretary-general Ban Ki-Moon announced in February 2009 that cyber-weapons are being added to the list of arms dealt with by the UN’s Advisory Board on Disarmament Matters.

International Operations Group can assist in the detection and deterrence of acts of espionage. We offer an enhanced range of surveillance detection capabilities and use up-to-date technology equipment and processes to ascertain whether an organisation or individual is the target of surveillance. Foreign governments and embassies employ these same services across the globe, as a part of their enterprise-wide security-monitoring program.

Please email us at intel [at] interopsgroup [dot] com or telephone us on +61 2 8003 3933 for additional information or confidential support.

For more information on our fee-based intelligence updates or bespoke reporting, please email Rob Stevenson - rob [at] interopsgroup [dot] com. Rob can also be telephoned on +61 [0] 420 244 909.