Articles in the Globe and Mail and the New York Times document the work by researchers at the Munk School of Global Affairs at the University of Toronto to expose a new network of global hack attacks originating from China. From the Globe and Mail:
The report is careful not to conclude the Chinese government is behind the operation, since it is difficult to tell who is orchestrating the attacks. Last year, the Chinese government denied any involvement in GhostNet after the researchers uncovered nearly 1,300 infected computers in 103 countries linked to servers in China.
But computers belonging to exiled Tibetan leader, the Dalai Lama, who is denounced by China, have been the most compromised.
Almost every e-mail sent to or from the Dalai Lama’s offices in 2009 has shown up in the files, the report says. Nearby India has also taken the brunt of the cyber attacks, with numerous secret government documents recovered by the Canadian researchers. They include 78 documents related to the financing of military projects in India, details of live fire exercises and missile projects, and two documents marked “secret” belonging to the national security council.
Sensitive data from 16 countries, such as visa applications by Canadian citizens, were also recovered. It is believed the hackers accessed those files through computers at India’s embassies in Kabul, Dubai, Nigeria and Moscow, which were corrupted.
As is often the case, while there are potential ties between these hacking rings and PLA military schools and think tanks, there is little explicit evidence that the perpetrators are, in fact, the Chinese government. The two things that stand out, though, are that the biggest targets are the Tibetan Government in Exile, human rights activists, and the Indian government. I find it hard to believe that your run of the mill hacker cares too much about the emails from the Dalai Lama’s office nor the movement of human rights activists in North America and Europe.
Moreover, if the Chinese government wasn’t behind these particular attacks (or GhostNet or the attacks on Google), why are they allowing these high level hackers to remain in operation? If they are not connected to the Chinese government then surely the Chinese government knows more about who these criminal hackers are than a few researchers in Toronto, Canada? And if not, what does it say about the actual grip the Chinese Communist Party really has over control of its power?