By Ben Worthen, The Wall Street Journal Asia
Monday 30 March 2009
Security specialists uncovered planned coordinated cyber-attack on Dalai Lama, government agencies.
Security researchers said they have discovered software capable of stealing information installed on computers in 103 countries, an apparently coordinated cyberattack that targeted the office of the Dalai Lama and government agencies around the world.
The software infected more than 1,200 computers in all, almost 30% of which are considered high-value targets, according to a report published Sunday by Information Warfare Monitor, a Toronto-based organization. Among the affected computers were those in embassies belonging to Germany, India, Romania, and Thailand, and in the ministries of foreign affairs for Barbados, Iran and Latvia.
The researchers said the infected computers acted as a kind of illicit information-gathering network. Researchers said they observed sensitive documents being stolen from a computer network operated by the Dalai Lama's organization, and traced the attacks to computers located in China. The report doesn't suggest who was behind the attack.
Click here to find out more!A separate report by researchers at Cambridge University, also published Sunday, alleges that the Chinese government or a group working closely with it is responsible for the attack on the computer in the office of the Dalai Lama.
Media officials at China's Ministry of Foreign Affairs and State Council Information Office declined requests for comment Sunday. The Chinese government has repeatedly denied past allegations that it sponsors cyberattacks.
The New York Times published an article about the reports on its Web site Saturday.
The apparent attacks are the latest in a series of incidents that suggest cyber-espionage is on the rise. Last year, Kevin Chilton, commander of the U.S. Strategic Command, said military computer networks are increasingly coming under attack from hackers trying to steal information, many of whom appear to have ties to China. The U.S. government has also said that military contractors have been victims of these attacks.
In trying to tap into government computers, attackers have been stepping up the use of sabotaged programs, sometimes called "malware." The technique is essentially the same as that used by criminals who try to break into people's home PCs to steal credit cards or other information.
A victim is tricked into opening an infected file attached to an email or downloading a file from a Web site. Criminals have managed to gain control over millions of computers by sending files pretending to be racy pictures of celebrities or winning lottery tickets.
In an espionage attack, the messages are much more targeted, says Shishir Nagaraja, one of the authors of the Cambridge study who investigated the attack on the office of the Dalai Lama. The emails appear to come from someone the recipient knows and may contain a file that recipient has been expecting.
"Who wouldn't open that?" says Mr. Nagaraja. The attacks "depend less on technical measures and more on abusing trust."
In the attacks tracked by the Canadian researchers, the installed software provided near-complete control over the victims' computers. The attackers could search for and steal sensitive files, capture passwords to Web sites, and even activate a computer's Web camera if they desired. The victims were usually unaware that someone else could control their computers.
Mr. Nagaraja stresses that businesses are also at risk. While the incidents uncovered by the researchers dealt mainly with government organizations, corporations could hire hackers to steal information from rivals using similar techniques.
Indeed, there is a precedent for such incidents. In May 2005, Michael and Ruth Haephrati were arrested and later pleaded guilty to stealing secrets from dozens of businesses in Israel by crafting fake business proposals that really contained malicious software.
The Haephratis would call their targets on the phone to make sure they had opened the infected files.
Targeted attacks are on the rise. Researchers at MessageLabs, a division of Symantec Corp., only detected about one or two targeted attacks per week in 2005. In 2008, the researchers detected 53 of these attacks a day.
The Canadian researchers are based at the Munk Centre for International Studies at the University of Toronto.
Jason Dean contributed to this article.