The New York Times is reporting that a group of University of Toronto researchers have discovered a massive online spying operation that has accessed sensitive information from hundreds of sources worldwide.
The operation is based largely in China, where it has wormed its way into some 1,300 computers in more than 100 countries over the past two years, the researchers say.
Some of these computers are located in government offices, while others are the property of private businesses. The researchers say some of the Dalai Lama's Tibetan exile centres have been targeted, as have various South and Southeast Asian governments.
The researchers' findings were released Saturday night online, in a report entitled "Tracking 'GhostNet: Investigating a Cyber Espionage Network."
An accompanying news release said: "For security reasons, we have redacted parts of the report until affected parties can be notified by the relevant authorities. A full uncensored report will be released in one week."
This is the second major report from the Information Warfare Monitor -- a joint project of the SecDev Group (Ottawa) and the Citizen Lab (Munk Centre for International Studies, University of Toronto).
"We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama," investigator Greg Walton said.
According to the research group, GhostNet continues to infiltrate and spy on about 12 new computers each week, allowing a malicious outsider to control such functions as video and audio recording.
With that level of control over a computer, the outside user could see and hear what is happening in a private room.
The team discovered the commands that had been sent out to the infected computers and probed some of the document names which had been stolen by the spies. However, most of the stolen contents weren't recoverable.
The F.B.I. has declined to speak publicly about the findings, but the research team said that they had already notified law enforcement agents.
The news release also said: "While our analysis reveals that numerous politically sensitive and high value computer systems were compromised in ways that circumstantially point to China as the culprit, we do not know the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. One of the characteristics of cyber-attacks of the sort we document here is the ease by which attribution can be obscured. Regardless of who or what is ultimately in control of GhostNet, it is the capabilities of exploitation, and the strategic intelligence that can be harvested from it, which matters most. This report underscores the growing capabilities of cyber attacks, the ease by which cyberspace can be used as a vector for signals intelligence, and the importance of taking information security seriously by security professionals and policy makers worldwide..."