GhostNet spying operation linked to China

The researchers, all of who are well acknowledged experts at detecting computer espionage, say they believe that this ‘GhostNet’ has been targeting not only the Dali Lama but also the governments of South Asian and Southeast Asian countries.Not only that but the operation is still going strong as it continues to invade and monitor more than a dozen new computers a week.

The malware is remarkable both for its sweep — in computer jargon, it has not been merely “phishing” for random consumers’ information, but “whaling” for particular important targets — and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed.

The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined. Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lama’s organization.

Source: New York Times

While the Canadian team of researchers agree that most of the computers behind the spying operation are operating out of China they wouldn’t say that it was tied definitely to the Chinese government. However another team, in England, who have also been tracking down this GhostNet do suggest that the Chinese government is involved.