Researchers uncover massive cyber espionage network
Ten month investigation finds thousands of infected hosts in more than a hundred countries
Researchers at the Information Warfare Monitor (IWM) have uncovered a massive cyber espionage network, dubbed GhostNet, that spans 103 countries and involves nearly 1,300 infected hosts.
The team was initially requested to look into alleged Chinese cyber spying against Tibetan institutions but their investigation led to bigger discoveries.
It found that nearly 30% of infected hosts included 'high-value' computers at ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Bhutan Barbados; embassies of countries such as India, South Korea and Pakistan and international organisations like the Association of Southeast Asian Nations (ASEAN) and even an unclassified computer at NATO headquarters.
“Our investigation reveals that GhostNet is capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and web cameras,” the report states.
Answering the question of who exactly is responsible for GhostNet, the report claims that “this set of high profile targets has been exploited by the Chinese state for military and strategic-intelligence purposes” but adds that “it is not inconceivable that this network of infected computers could have been targeted by a state other than China, but operated physically within China…”
IWM, an advanced research activity that tracks the emergence of cyberspace as a strategic domain, includes researchers from Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies.