DFA computers was hack by cyber spies

Monday, March 30, 2009

The computer network of the Department of Foreign Affairs (DFA) has been infiltrated by a cyber spy network based mainly in China, Canadian researchers said on Saturday.

The Philippines is one of the 103 countries where classified documents from government and private organizations, including the computers of the Dalai Lama and Tibetan exiles, have been hacked into, according to the Information Warfare Monitor (IWM).

IWM is composed of researchers from Ottawa-based think tank SecDev Group and University of Toronto’s Munk Center for International Studies.

The Canadian researchers detected a cyber espionage network involving more than 1,295 compromised computers from the ministries of foreign affairs of the Philippines, Iran, Bangladesh, Latvia, Indonesia, Brunei, Barbados and Bhutan.

The researchers also discovered hacked systems in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.

Asked about the China-based spy network that infiltrated the DFA’s computer system, Philippine National Security Adviser Norberto Gonzales said: “I haven’t received any official report on that. But I will check if it’s true and what particular computer system was compromised.”

The DFA, for its part, said it was looking into the cyber-espionage exposé, adding that it was doing all it can to protect its information technology software and networks.

Malicious software

Once the hackers infiltrate the systems, they gain control using malicious software or malware, which they install in the compromised computers, and send and receive data from them, the IWM researchers said.

In a report titled “Tracking ‘GhostNet’: Investigating a Cyber Espionage Network” to be released online on Sunday, the researchers said the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

Calls to China’s foreign ministry and industry and information ministry went unanswered on Sunday. The Chinese Embassy in Toronto did not immediately return calls for comment on Saturday.

The researchers had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malware.

Real-time evidence

IMW’s sleuthing opened a window into a broader operation that, in less than two years, has infiltrated more than a thousand computers in over 100 countries, including the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York.

“We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama,” IMW investigator Greg Walton said.

The Dalai Lama fled over the Himalaya mountains into exile 50 years ago when China quashed an uprising in Tibet, placing the kingdom under its direct rule for the first time. The spiritual leader and the Tibetan government in exile are based in Dharmsala, India.

Students For a Free Tibet activist Bhutila Karpoche said her organization’s computers had been hacked into numerous times over the past four or five years, and particularly in the past year.


Karpoche said she often got e-mail that contained viruses that crashed the group’s computers.

The IMW researchers said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.

Intelligence analysts said many governments, including those of China, Russia and the United States, and other parties were using sophisticated computer programs to covertly gather information.

The newly reported spying operation is by far the largest to come to light in terms of countries affected.

Whaling information

The malware is remarkable both for its sweep—in computer jargon, it has not been merely “phishing” for random consumers’ information, but “whaling” for particular important targets—and for its Big Brother-style capacities.

It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room.

The electronic spy game has had at least some real-world impact, according to the IMW researchers.

For example, they said, after an e-mail invitation was sent by the Dalai Lama’s office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit.


And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities.

Two researchers at Cambridge University in Britain who worked on the part of the investigation related to the Tibetans were also releasing their own report on Sunday.

In an online abstract for “The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement,” Shishir Nagaraja and Ross Anderson wrote that while malware attacks were not new, these attacks should be noted for their ability to collect “actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed.”

They said prevention against such attacks would be difficult since traditional defense against social malware in government agencies involved expensive and intrusive measures that ranged from mandatory access controls to tedious operational security procedures.

source: technology.inquirer.net

My Zimbio share