Chinese cyber spy network hacks into 103 nations

China accused of running ‘GhostNet’ after Dalai Lama’s office raise alarm

The Chinese government is under pressure to answer allegations that it is operating a huge cyber spy network that has hacked into classified files in computers in 103 countries and monitored secret correspondence sent by the office of the Dalai Lama.

Researchers in Britain and Canada revealed over the weekend the existence of the so-called GhostNet network that has been gathering information from governments and private organisations. Some researchers said it could not be proved conclusively that the Chinese government was behind the network but others directly accused the authorities in Beijing.

Experts said the vast scale of the network was unsettling. The researchers found that the network had spied on computers belonging to governments in Europe and South Asia, using software so advanced it could turn on the camera and audio-recording functions of an infected computer, allowing those watching to see and hear what was happening in a room.

About 1,300 computers were found to have been compromised. They belonged to the foreign ministries of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan. Hacked systems were also found in the embassies of India, South Korea, Indonesia, Romania, Thailand, Taiwan and Pakistan.

Some of the most extensive evidence uncovered related to the computers used by the office of the Dalai Lama and the exiled Tibetan government, which is based in the Indian Himalayan town of Dharamsala.

The office of the Dalai Lama initially contacted the researchers for help amid fears about its computers. After investigating the office's computers, the researchers discovered evidence of a much broader spy network.

"We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama," said Greg Walton, a researcher based at the University of Toronto.

No one from the Dalai Lama's office was available for comment but researchers said the spying had already affected the operation of the exiled government; after the Dalai Lama's office emailed an invitation to a foreign diplomat to visit, the Chinese government contacted the diplomat and tried to persuade them not to go. Tibetan groups said the revelations did not surprise them. Tsewang Rigzin, the president of the Tibetan Youth Congress in Dharamsala, said: "I am sure they are spying on us as well. They are spamming our email and sending us loads of junk mail."

Matt Whitticase, from the London-based Free Tibet campaign, said the number of emails sent to his organisation containing sophisticated Trojans and other malware increased during times of controversy for China. Before last summer's Olympics and during the crackdown on demonstrators in Tibet, the number spiked.

"I am not surprised by this. The Chinese government monitors any group it considers a threat. The Tibetan government in exile would definitely be one such target," he said.

The Toronto team said they could not prove the Chinese government was behind the hacking but in a separate report, those who researched spying on the Tibetan exile movement did not hesitate to point the finger.

Ross Anderson, from Cambridge University, and Shishir Nagaraja, from the University of Illinois, said the web-hosting and email services used by the Dalai Lama's office were provided by a California-based company. Examining the email server logs, they discovered a number of successful logins from IP addresses that belonged to Chinese and Hong Kong providers. None were associated with anyone from the Tibetan government's office.

They wrote: "Agents of the Chinese government compromised the computing infrastructure of the office of His Holiness the Dalai Lama ... and then downloaded sensitive data. People in Tibet may have died as a result. The compromise was detected and dealt with, but its implications are sobering. It shows how difficult it is to defend sensitive information against an opponent who uses social engineering techniques to install malware."

In 2007, Britain accused China of carrying out cyber espionage against major companies and banks.