Aussie PCs compromised in suspected GhostNet spy op

29.03.2009
Computers at the German and Maltese embassies in Australia are among 1,295 hacked computers in 103 countries that appear to have been targeted in a Chinese cyber espionage operation dubbed GhostNet.

After a 10-month investigation, researchers at Information Warfare Monitor have uncovered and infiltrated the suspected cyber espionage network, dubbed GhostNet. The researchers were initially investigating Chinese cyber spying against Tibetan institutions of the Dalai Lama.

"Close to 30 percent of the infected hosts are considered high-value and include computers located at ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The investigation was able to conclude that Tibetan computer systems were compromised by multiple infections that gave attackers unprecedented access to potentially sensitive information, including documents from the private office of the Dalai Lama," Information Warfare Monitor says.

The researchers say the fact that numerous politically sensitive and high value systems were compromised , the do not know the motivation or identity of the attacker.

The researchers managed to identify the servers used for the operation and to study its command and control systems from the inside, as documented in their report, released this weekend.

While no NZ-based systems are listed in the researchers' initial report, Computerworld has sent a query to the researchers to determine whether local computers have been identified as compromised.

"Regardless of who or what is ultimately in control of GhostNet, it is the capabilities of exploitation, and the strategic intelligence that can be harvested from it, which matters most. Indeed, although the Achilles’ heel of the GhostNet system allowed us to monitor and document its far-reaching network of infiltration, we can safely hypothesize that it is neither the first nor the only one of its kind," they say.