Computers in more than 100 countries worldwide have been infiltrated and compromised by a huge sleuthing computer network, nicknamed Ghostnet, that originates from China.
A 10-month investigation carried out by Canadian-based Information Warfare Monitor (IWM) found out that nearly 1300 computers were infected with most of them found in South East Asia.
In a report called "Tracking Ghostnet", the authors say that although the servers were physically located in China, there was no conclusive evidence that the Chinese government was behind this extensive hack.
But the fact that unlike other similar schemes, Ghostnet was not after any financial gains and it seems that political motives were root cause of the attack.
IWM says that the network was used to penetrate "ministries of foreign affairs, embassies, international organisations, news media, and NGOs" and one of the prime candidates for the attack, the Dalai Lama's office computer network, was the first to be officially identified as being compromised.
Greg Walton of IWM said in the report that they "uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama".
Ghost Net used a Trojan malware called gh0st RAT to infiltrate computers via an email attachment and allowed attackers to gain complete control of the computer, effectively establishing a stealth "remote desktop connection" with the victim PC
This allowed them to packet sniff on content being sent but also do key-logging as well as listening and watching their victims using webcams and other peripherals.
The Dalai Lama's computer networks were not the only one targeted during the attack. Systems in foreign countries like Iran, Bangladesh, Indonesia, Philippines, Brunei, Barbados, Bhutan, India, South Korea, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan were also affected.
You can follow ITProPortal.com on Twitter @ http://www.twitter.com/itproportal.
A second report published by two researchers of the University of Illinois and Cambridge University points the finger squarely at the Chinese government as the mother ship of all the snooping attacks. Unlike Russia, which prefers direct Cyber-attacks (as it was the case with Lithuania back in 2008), China appears to be more subtle, preferring to collect sensitive data.
China analysts dismiss cyber-espionage claims
Remote spy system loots government computers
Online plot 'wakeup call'
Chinese hackers infiltrate Indian embassy data
Major Cyber Spy Operation Unearthed
Tracking ‘GhostNet’: Investigating a Cyber Espionage Network
Investigation points to China as source of attack
Massive Chinese spynet targeted Dalai Lama
Major Chinese cyber spy network infiltrates governments worldwide
Chinese Cyber-Spies Infiltrate Computers in 103 Countries
Global 'cyber spy' network revealed