Vast Spy System Loots Computers in 103 Countries
New York Times (03/29/09) Markoff, John

Researchers at the University of Toronto’s Munk Center for International Studies say a massive electronic spying operation has successfully stolen documents from hundreds of government and private offices around the world.

The researchers say the system was controlled from computers almost exclusively in China, but they cannot conclusively say the Chinese government is involved. The researchers were asked by the office of the Dalai Lama to examine its computers for signs of malware and discovered a vast operation that, in less than two years, managed to infiltrate at least 1,295 computers in 103 countries, including computers belonging to many embassies, foreign ministries, other government offices, and the Dalai Lama’s Tibetan exile centers in India, Brussels, London, and New York.

The Munk Center researchers say that in addition to spying on the Dalai Lama, the system, which they named GhostNet, also focused on governments in South Asian and Southeast Asian countries. GhostNet is by far the largest, in terms of the number of countries affected, spying operation to be exposed, and it is believed that this is the first time that researchers have been able to uncover the workings of a computer systems used for intrusions of such magnitude.

The researchers say GhostNet continues to infect and monitor more than a dozen new computers a week. The malware not only “phishes” for unwary victims but also “whales” for specific, important targets. The malware can even turn on the video and audio features of an infected computer, enabling the malware’s operators to see and hear what goes on in front of the computer. The researchers have notified international law enforcement agencies of the spying operation, which they believe exposes shortcomings in the legal structure of cyberspace.