China's "GhostNet" hits 103 states

By Malcolm Moore

A vast Chinese cyber-espionage network, codenamed GhostNet, has penetrated 103 countries and infects at least a dozen new computers every week, according to researchers.
The discovery of GhostNet, which is designed to infiltrate sensitive ministries and embassies - and is known to have succeeded in many cases - is the latest sign of China's determination to win a future "information war". A ten-month investigation by the Munk Centre for International Studies in Toronto has revealed that GhostNet not only searches computers for information and taps their emails, but also turns them into giant listening devices.

Once a computer has been infected, hackers can turn on its web camera and microphones and record any conversations within range.

Another report from Cambridge University said the sophisticated computer attacks had been "devastatingly effective" and that "few organisations, outside the defence and intelligence sector, could withstand such an attack".

The report stopped short of accusing the Beijing government of responsibility for the network, but said the vast majority of cyber attacks originated from inside China. It also remains unclear whether GhostNet was built by the Chinese government, or by independent hackers inside the country.

Ronald Deibert, one of the researchers, said: "We're a bit careful about it, knowing the nuance of what happens in subterranean realms. This could also well be the CIA or the Russians. It's a murky realm that we're lifting the lid on."

However, the US Defence department has repeatedly warned of China's increasing capabilities in electronic warfare. A report from the Pentagon, issued last week, said that the Chinese army "often cites the need in modern warfare to control information, sometimes termed 'information dominance'."

The report added: "China has made steady progress in recent years in developing offensive nuclear, space and cyber-warfare capabilities, the only aspects of China's armed forces that, today, have the potential to be truly global."

The Chinese government decided long ago to make control of information a central plank of the country's policy. At the 10th National People's Congress, in 2003, the Chinese army announced the creation of "information warfare units". General Dai Qingmin said internet attacks would run in advance of any military operation to cripple enemies.

But on Sunday night the Chinese government denied any involvement in cyber-spying. Liu Weimin, a spokesman for the Chinese embassy in London, said Beijing had also fallen victim to hackers and dismissed the report as part of the Dalai Lama's "media and propaganda campaign".

The discovery of GhostNet was prompted when the office of the Dalai Lama in Dharamsala, India, contacted experts to investigate if it was being bugged.

Ross Anderson, at Cambridge University, and Shishir Nagaraja at the University of Illinois, wrote in a new report: "The office of the Dalai Lama started to suspect it was under surveillance while setting up meetings between His Holiness and foreign dignitaries. They sent an email invitation on behalf of His Holiness to a foreign diplomat, but before they could follow it up with a courtesy telephone call, the diplomat's office was contacted by the Chinese government and warned not to go ahead with the meeting."

Mr Nagaraja travelled to Dharamsala last September and discovered that the Tibetan computer system had been breached from inside China. The Tibetan computers contained highly sensitive details about refugees and schools, both of which are possible targets for Chinese reprisals.