China denies involvement in GhostNet cyber-attacks

The Chinese Government has strongly denied accusations that it ran a global cyberspy network dubbed 'GhostNet' that, at its peak, compromised hundreds of computers across embassies, banks, Tibetan exile groups (including the private office of the Dalai Lama) and Nato ministries.

According to two reports published at the weekend, the espionage ring took over 1,295 computers in more than 100 countries  - including Iran, India, South Korea, Germany, Pakistan and Taiwan - by infecting them with 'malware'. This is malicious software that infiltrates machines as email attachments and is then used to copy and send files from the afflicted computers.

Deloitte & Touche was also infected by malware controlled by GhostNet

The malware is reported to have given its creators - identified in one report by Cambridge University's computer laboratory as the Chinese state, but unnamed by the Information Warfare Monitor (IWM) - enough control over the host computer that they could turn on the camera and microphone on the machine to act as a surveillance device.

Investigations began after researchers for IWM (including students at Toronto University and members of SecDev Group, an Ottawa think-tank) were called in by the Dalai Lama's private office to examine computers suspected of being 'taken over'.

The researchers discovered malware and followed the electronic trail to a group of servers on the Chinese island of Hainan, which is home to the Lingshui signals intelligence facility and the Third Technical Department of the People's Liberation Army. It is alleged that the Dalai Lama's computers had had files removed from them and that his offices had been bugged via the machines.

Further sleuthing revealed that embassies and companies such as the Deloitte & Touche accountancy firm had also been infected and taken under the control of GhostNet. Journalists, senior civil servants and politicians all had their computers targeted.

Chinese officials have rubbished the reports' claims, accusing the Toronto report of being "commissioned by the Tibetan government in exile" and comprising "just some video footage pieced together from different sources to attack China". China's ambassador to Britain Liu Weimen maintained that in China "it is against the law to hack into the computers of others" and that cyber attacks are "a global challenge" requiring global co-operation.

His denial was given credence by the remarks of Ronald Deibert from the University of Toronto, author of the IWM report, Tracking GhostNet. "We're a bit more careful about [identifying who ran the network], knowing the nuance of what happens in the subterranean realms," said Deibert. "This could well be the CIA or the Russians. It's a murky realm that we're lifting the lid on."

Deibert also made this point: "The most significant actors in cyberspace are not states. In China, the authorities most likely perceive individual attackers [ie, teenagers in internet cafes] as convenient instruments of national power."

However, as reported by The First Post two years ago, Chinese achievements in the field of hi-tech espionage would suggest that they certainly possess the know-how to launch such sophisticated cyberwar.

A confidential memo currently circulating in Whitehall suggests that Britain could be shut down by a cyber-attack launched against BT's new £10bn network which uses key components provided by Huawei, a telecoms firm run by the former director of the telecoms research arm of the Chinese Army.

WHAT THEY SAYJames Fallows, the Atlantic: My guess is that the 'convenient instruments' hypothesis will eventually prove to be true (versus the 'centrally controlled plot' scenario), if the 'truth' of the case is ever fully determined. For reasons the Toronto report lays out, the episode looks more like the effort of groups of clever young hackers than a concentrated project of the People Liberation Army cyberwar division.

Editorial, the Globe and Mail, Toronto: No one should be surprised when foreign countries (or our own) use computer-spying techniques. But, as the Cambridge researchers point out, in the hands of a repressive state these spy techniques could have fatal consequences for people exercising simple acts of free speech. The future belongs to the hackers. ·