Researchers Traced International Cyber-Spy Network to China
Canadian researchers have uncovered a vast cyber-espionage network based mainly in China. The network uses social engineering to load malware on people’s computers then gain access to their documents. Pro-Tibet groups appear to be the main targets, but the actual source of the network can’t be pinned down.
A cyber spy network based mainly in China hacked into classified documents from government and private organizations in 103 countries, including the computers of the Dalai Lama and Tibetan exiles, Canadian researchers said Saturday.
The work of the Information Warfare Monitor initially focused on allegations of Chinese cyber espionage against the Tibetan community in exile, and eventually led to a much wider network of compromised machines, the Internet-based research group said.
he researchers detected a cyber espionage network involving over 1,295 compromised computers from the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan. They also discovered hacked systems in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.
Once the hackers infiltrated the systems, they gained control using malware — software they install on the compromised computers — and sent and received data from them
Tools of Repression
In an online abstract for “The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement,” Shishir Nagaraja and Ross Anderson write that while malware attacks are not new, these attacks should be noted for their ability to collect “actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed.”
