Once in a while a good computer security scare comes along that has all the makings of a taut Cold War spy thriller and the latest news of a global computer espionage ring is one such story.
A new report entitled “Tracking GhostNet: Investigating a Cyber Espionage Network,” argues that poorly defended computers used by government and private organizations in 103 nations may have been violated. The study has attracted widespread media attention after a New York Times story about it at the weekend.
The study by a group of activist researchers based in Toronto called “Information Warfare Monitor” says computers in various foreign ministries, embassies and Taiwanese trade groups have been pilfered by computers located at a Chinese government intelligence center on the island of Hainan. A computer in the private offices of the Dalai Lama was infected and e-mail lists and negotiating documents were stolen using a virus that “phoned home” to its controller, it alleges.
Data retrieved in the attacks appears to have been used to rein in Tibetan critics of China. But the report has trouble pinning the theft of computer secrets back to the Chinese government. It is also unclear how much information of value was gathered, outside a handful of instances. It conflates evidence of sniffing with acts of actual snooping.
A spokesman for China’s Foreign Ministry has dismissed the report’s claims as rumor and said his government was committed to protecting Internet security. “There’s a ghost abroad called the Cold War and a virus called the China threat,” ministry spokesman Qin Gang told a news conference.
In fairness, the researchers acknowledge up front that its findings raise more questions than answers and that it is “not clear whether the attacker(s) really knew what they had penetrated, or if the information was ever exploited for commercial or intelligence value.” It says that proving who is responsible for cyber attacks remains a major challenge — what experts refer to as the “attribution problem.”
The report was conducted at the request of the office of the Dalai Lama and Tibetan exile organizations, who have long accused the Chinese government of using cyber war to disrupt their activities. It describes the sophisticated techniques used to infiltrate the computers of the offices of the Tibetan government-in-exile. But the connections it draws to a wider global spy ring are sketchy. Some of the break-ins may be explained by shoddy computer maintenance.
In cyberliterature, the bad guys, typically unknown, break into vital government, military, banking or political organizations and cause immeasurable damage or steal uncounted billions of dollars. Throw in contemporary geopolitical rivalries and references to the latest techno-jargon and the formula is more or less complete.
To be sure, international computer security experts have seen the hand of Chinese hackers in growing number of computer intrusions around the world in recent years. The global scale combined with the sophisticated targeting of specific computers by GhostNet make most efforts at wiretapping government opponents scrawny by comparison.
But China is not alone among major world governments in viewing cyber warfare as a tenet of national security. To an unknown degree, for example, the United States, Israel and Britain snoop not just on their enemies but also their critics.
The problem with much of the writing about computer security is that it conflates basic issues of computer hygiene with diabolical threats to society or the economy. In the virtual world, teenage vandalism of web sites blurs into acts of terror. Police and government officials don’t help by painting the Internet’s inherent tension between openness and security as a danger to public safety.