Canadian researchers have concluded that a vast electronic spying operation controlled from China has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, a media report said on Sunday.
Quoting a report, the New York Times said the system is being controlled from computers based almost exclusively in China but they could not say conclusively that the Chinese government was involved.
The researchers were quoted as saying they had found no evidence that the United States government offices had been infiltrated, although a North Atlantic Treaty Organisation computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated.
The researchers, based at Munk Centre for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama to examine its computers for signs of malicious software or malware.
Their sleuthing, said the Times, opened a window into a broader operation that in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama's Tibetan exile centres in India, Brussels, London and New York.
The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries, the paper reported.
It quoted intelligence analysts as saying many governments, including those of China, Russia and the US, and other parties use sophisticated computer programmes to covertly gather information. The newly reported spying operation is by far the largest to come to light in terms of countries affected, the paper said.
Still going strong, the operation continues to invade and monitor more than a dozen new computers a week, it said quoting the report 'Tracking GhostNet: Investigating a Cyber Espionage Network'. It can turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room.
The investigators say they do not know if this facet has been employed, the Times said. The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined, it added.
Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lama's organisation, the Times said. The electronic spy game has had at least some real-world impact, the researchers were quoted as saying.
For example, they said, after an e-mail invitation was sent by the Dalai Lama's office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit.
And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities, it added.
The Toronto researchers said they had notified international law enforcement agencies of the spying operation, which in their view exposed basic shortcomings in the legal structure of cyberspace. Although the Canadian researchers said that most of the computers behind spying were in China, the paper said, they cautioned against concluding that Chinese government was involved.
A spokesman for the Chinese Consulate in New York, the paper said, dismissed the idea that China was involved. "These are old stories and they are nonsense," spokesman Wenqi Gao said. "The Chinese government is opposed to and strictly forbids any cybercrime."
The Toronto researchers, who allowed a reporter for The New York Times to review the spies' digital tracks, are publishing their findings in Information Warfare Monitor, an online publication associated with the Munk Centre, the paper added.
At the same time, two computer researchers at Cambridge University who worked on part of the investigation related to the Tibetans, are releasing an independent report. In any case, the paper said, it was suspicions of Chinese interference that led to the discovery of the spy operation.
Last summer, the office of the Dalai Lama invited two specialists to India to audit computers used by his organisation. The specialists, Greg Walton, the editor of Information Warfare Monitor, and Nagaraja, a network security expert found that the computers had indeed been infected and that intruders had stolen files from personal computers serving several Tibetan exile groups.