Reported internet spy network just tip of iceberg: researcher
Hackers targetted governments and other organizations in 103 countries
An internet spy network that targeted hundreds of "high value" computers belonging to government departments and other organizations in 103 countries is likely just one of many, says one of the Canadian researchers who uncovered it.
"We happened to discover and publicize this particular one. But you can safely guess that there are many of these going on," said Ron Deibert, director of the Citizen Lab at the Munk Centre for International Studies at the University of Toronto Monday.
'I do know that China is not the only country that engages in this kind of activity.' — Ron Deibert, University of Toronto
Deibert's organization and the Ottawa-based think tank SecDev Group released a report on the spy network Sunday after a 10-month investigation. The network, dubbed GhostNet, infiltrated at least 1,295 computers, including many belonging to embassies, foreign ministries and other government offices around the world.
While some of the IP addresses used by the hackers were traced back to Hainan Island, the location of China's major signals and intelligence agency, Deibert told CBC Radio's Ottawa Morning that the attack could have been carried out by anyone, as the control servers were not set up securely.
"I do know that China is not the only country that engages in this kind of activity," he said. "It's almost like cyberspace has become a wild west."
He added that United States, for example, has openly talked in its unclassified defence and intelligence literature about fighting and winning wars in cyberspace.
Nor is this a new type of intelligence practice.
"What is new is that we discovered it and documented it."
Rafal Rohozinski of SecDev Group, one of the principal authors of the report had told CBC News earlier that cyberspying allegations have been made for years against government and non-governmental organizations alike.
"But beyond allegations, we really haven't had any hard evidence," Rohozinski said. "So, what we decided to do in our investigation is build that hard evidence."
Policy response needed: Deibert
Deibert said now that people are aware that this type of activity is taking place, policy-makers in Canada and other countries need to develop strategies to prevent this type of espionage from happening.
The GhostNet investigation began after the authors were asked to look into allegations that the Chinese were hacking into computers set up by the Tibetan exile community. The researchers eventually found a much wider network of computers that had been infected by hackers with malware that allowed the hackers to gain control of the computers and look at all files.
Three out of the four servers in the network were based in China while a fourth was in the United States.