Chinese spy network targets Indian embassy computers

Posted on 2009-03-30
TORONTO/NEW DELHI- A Chinese cyber spy network has hacked into nearly 1,300 computers across 103 countries, with India being the fourth-worst victim, and the infected machines include those at Indian embassies and other government organisations.
About one-third of the hacked computers include those possibly containing classified data and installed in embassies, government offices and many high-profile private organisations, Canada-based Internet research firm Information Warfare Monitor (IWM) found in an investigation.
The investigation was focused on allegations of Chinese cyber espionage against the Tibetan community, IWM said, adding that the research revealed at least 1,295 infected computers in 103 countries. Taiwan was targeted most, followed by the US, Vietnam and India, IWM said in a report.
About 30 per cent of the computers hacked into by the network, named GhostNet by IWM, can be considered high-value diplomatic, political, economic and military targets. The list of affected computers include those at the Indian embassies in the US, Belgium, Germany, and Italy; the High Commissions of India in Cyprus and the UK; the National Informatics Centre, Software and Technology Parks of India, Office of the Dalai Lama and the Tibetan government in Exile in India.
The other targets include the embassies of other countries, the ASEAN Secretariat, SAARC, Asian Development Bank, news organisations, foreign affairs ministries in many countries and an unclassified computer at NATO headquarters.
“The GhostNet system directs infected computers to download a Trojan known as ghost RAT that allows attackers to gain complete, real-time control,” IWM said, adding that these trojans are controlled from commercial Internet access terminals located on island of Hainan, People’s Republic of China.
The probe also found “documented evidence” of the network penetrating computers containing sensitive and secret information at the private offices of Dalai Lama and other Tibetan targets.
IWM further said that about 26.7 per cent of the targets were either significant to China’s relationship with Tibet, Taiwan or India, or were identified as computers at foreign embassies, diplomatic missions, government ministries or international organisations.
The study revealed that the earliest infections were noticed in May 2007, while there was a significant spike between December 2007 and August 2008. IWM said that it conducted its field-based investigations in Europe, North America and India, where it worked directly with the affected Tibetan organisations.