TheJakartaPost

Please Update your browser

Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.

Jakarta Post

Digital espionage - off the shelf

I've talked in this column before about the dangers lurking online

Jeremy Wagstaff (The Jakarta Post)
Mon, April 20, 2009

Share This Article

Change Size

Digital espionage - off the shelf

I've talked in this column before about the dangers lurking online. But while I'm sure you guys are listening, I'm not sure governments are.

Researchers from Canada recently unearthed an espionage network - apparently run from inside China - that has penetrated the computers of governments and embassies from 18 countries, the Association of Southeast Asian Nations, the Asian Development Bank, and at least one major news organization.

This is somewhat alarming. But maybe what is more alarming about this is about how easy it seems to have been. All of it was done with software tools you could probably buy in your local pirated software store.

The team, from the Munk Center for International Studies at the University of Toronto, was investigating claims that the Dalai Lama's Tibetan "government-in-exile" in India had been badly compromised.

One young Tibetan woman returning home was stopped at the border, for example, and interrogated for two months. When she denied any involvement in the Dalai Lama's operations, they waved a dossier of full transcripts of all her Internet chats over the years.

What the team found was that the Dalai Lama's computers had been carefully targeted using tricks regular readers of this column might recognize.

The idea is simple enough: Infect the Dalai Lama's computer with a virus. That virus then rummages around in the computer - pretty much taking it over.

It can dig out interesting files. It can log keystrokes, recording whatever the user is typing. It can turn on the webcam, and take a snapshot of the person using the computer.

All of this is then sent to a computer hosted in China.

This is all familiar to folk who follow security issues. We all know a little about phishing - the art of luring a user into giving up his password and username to a bad guy - and trojans - viruses that mimic the old horse by hiding its true purpose in an innocuous or appealing wrapper.

Then there's social engineering: exploiting the fact that we're all a bit stupid, and tend to give out information if we're lured into doing so by social tricks - pretending to be someone else, pretending to be a beautiful woman, pre-tending to be in trouble and needing help.

What's interesting in the Dalai Lama's case is that while the tools used to breach his walls are relatively simple, the social engineering bit is quite meticulous.

To get someone inside his operation, to open the doors to their trojan horse, the attackers combed websites and forums used by the Dalai Lama's people. They picked up documents, noted the way they wrote, the sort of things they were interested in.

They then created fake emails that looked - to a Dalai Lama monk - to be real. With an attachment that looked authentic. One document, for example, was called "Translation of Freedom Movement ID Book for Tibetans in Exile.doc."

Open the document and it all looks fine. It really does contain stuff relevant to a Tibetan exile. But inside lurks code that downloads and installs malware - bad software, literally - that will do all the things I described.

The other thing: Only 11 out of 34 antivirus programs would have spotted the virus.

This is not just phishing. It's "spear phishing" - meaning that the guys who did this were only interested in infecting one set of computers: the Dalai Lama's.

Now the researchers are careful not to accuse the Chinese government directly. They point out that this could well be private citizens doing it, or even perhaps a foreign government.

On the other hand, another group of researchers looking into the same infections didn't hold back. Shishir Nagaraja and Ross Anderson from the University of Cambridge describe in a report, also issued in March, "how agents of the Chinese government compromised the computing infrastructure" of the Dalai Lama.

Perhaps more worrying, the Canadian team unearthed a much broader intelligence-gathering operation than simply the Dalai Lama.

They found 1,295 computers infected by viruses run by the same operation - in 103 countries. These belonged to eight foreign ministries, at least 25 embassies (of at least a dozen different countries, in Europe, South Asia and Southeast Asia) and the prime minister's office in Laos.

So what does all this mean?

Well, first off, I have no idea whether the Chinese government is involved. Although the list of compromised countries and departments all, one might argue, fall in the orbit of Beijing's interests.

And it should be said that just because one computer apparently belongs to a ministry or an embassy it doesn't mean the whole ministry/operation is compromised.

But that doesn't mean there isn't a problem.

The researchers have stumbled on probably a very small part of a new world: Individuals, gangs, intelligence agencies or whole departments who are taking simple tools, patching them together with a bit of sticky tape and some old-fashioned trickery, and grabbing what intelligence they can.

The problem is that most of us - whether at home or work - still haven't woken up to the problem. And that is threefold:

Our computers contain lots of bits and pieces that are of political or commercial value to others;

Those people will go to surprising lengths to find out how to get that stuff;

And finally, our computers are much, much more vulnerable than we think.

Now might be a good time to read the report (you can find it here: http://is.gd/pum8) and see if your country's embassy/ministry/prime minister's office has been compromised.

And if you are running an organization/ministry/embassy/news organization, now might be the time to check your computers one more time.

(c) Copyright 2009 Loose Wire Pte Ltd.

This article cannot be reproduced without written permission from the author. Jeremy Wagstaff is a commentator on technology and appears regularly on the BBC World Service. He can be found online at jeremywagstaff.com or via email at jeremy@loose-wire.com. Or on twitter at loosewire

{

Your Opinion Matters

Share your experiences, suggestions, and any issues you've encountered on The Jakarta Post. We're here to listen.

Enter at least 30 characters
0 / 30

Thank You

Thank you for sharing your thoughts. We appreciate your feedback.