China-based electronic spying operation uncovered

Researchers at the University of Toronto call it Ghostnet and say it targeted Nato, the Indian Embassy in Washington and Tibetan exile centres in India, Brussels and London. VOA News quotes researchers as saying that in addition to stealing computer files, the cyber spies could turn on the internal camera on a remote computer to eavesdrop on live conversations. Nart Villeneuve, of the University of Toronto's Munk Centre for International Studies, says that while the operation was sophisticated in its organisation and scope, it used readily available Internet viruses called Trojans, attached to e-mail messages, to infiltrate computers. The Toronto researchers uncovered the cyber spying operating when they were asked by the exiled Tibetan leader, the Dalia Lama, to examine his organisation's computers for malware - malicious software that can infiltrate or damage a computer system. According to a report on the IoL site, the 10-month investigation found the spying was being done from computers based almost exclusively in China. Foreign Ministry officials said they were unaware of a Chinese cyber spy ring. 'I have no information about it,' said a Foreign Ministry spokesperson. 'I'm not aware of it, and even if there had been some sort of breach, I'm not sure that anything would be released, because our relationship with China is so sensitive.' Researchers from the Canadian operational think tank Information Warfare Monitor - the research group that flagged the online espionage - said they had detected the cyber spy network involving compromised computers from the Foreign Ministries of Iran, Bangladesh, Latvia, Indonesia, the Philippines, Brunei, Barbados and Bhutan. Full VOA News report Full report on the IoL site

While malware attacks are not new, these attacks should be noted for their ability to collect 'actionable intelligence for use by the security services of a repressive state, with potentially fatal consequences for those exposed', say researchers at England's Cambridge University who worked on the part of the investigation related to the Tibetans. The Jerusalem Post notes that Shishir Nagaraja and Ross Anderson claim prevention of such attacks will be difficult since traditional defence against social malware in government agencies involves expensive and intrusive measures that range from mandatory access controls to tedious operational security procedures. Computer Weekly notes that the research identifies how the Tibetan movement was infiltrated using a combination of social engineering and malware, called social malware. Well-designed e-mail lures and well-written malware is devastatingly effective: 'Few organisations outside the defence and intelligence sector could withstand such an attack,' the report said. ZD Net quotes lawyer and technology writer, Richard Koman, as saying the attack was uncovered when an odd string of 22 characters was found embedded in files created by the malicious software. A Google search led to computers on Hainan Island, off China, and to a Web site that would prove to be critically important. Full report in The Jerusalem Post Full report in The Jerusalem Post Full ZD Net report Read the report

In other developments, Vietnamese security firm BKIS says it has come across clues suggesting that the Conficker worm, which is supposed to start communicating with computers on 1 April, may have Chinese origins. CNET News reports that BKIS reported that it spotted similarities between Conficker's code and that of the 2001 Nimda virus, though in both cases the findings are not at all definitive. Chinese officials came under scrutiny in October after it was revealed that the Chinese version of the popular Internet-telephone platform Skype, TOM-Skype, had been spying on its users. Keywords and specific usernames were reported to Chinese officials after they used terms such as 'Independent Taiwan,' 'Tibet,' or 'The Dalai Lama,' among others. Full CNET News report

Meanwhile, the Electronic Freedom Foundation has voiced alarm at the blanket censorship apparently placed on YouTube last week by Chinese authorities, notes a report on the News24 site. 'Such absolute blocks are unusual,' said Danny O'Brien, International Outreach Co-ordinator with the Internet freedom group. 'The purpose is to make very clear that it's a deliberate gesture.' Chinese authorities have been evasive over their involvement, but the block came just days after Tibetan exiles posted a video showing Chinese troops beating Buddhist monks. The Times reports that the footage was released by the Central Tibetan Administration, Tibet's government-in-exile, last week, and cannot be independently verified. But Tseten Samdup Chhoekyapa, the Dalai Lama's representative, said the footage showed 'police beating protesters'. Chinese Foreign Ministry spokesperson Qin Gang said many people have a false impression that the government fears the Internet. According to a report on the IoL site, Qin said China's 300m Internet users and 100m blogs showed that 'China's Internet is open enough, but also needs to be regulated by law in order to prevent the spread of harmful information and for national security'. Full report on the News24 site Full report in The Times Full report on the IoL site