After Google's dramatic exit from China, most people know that China at least hosts--and perhaps even sponsors--hackers. A new report produced jointly by the Information Warfare Monitor and the Shadowserver Foundation seems to confirm this. The project--Tracking Ghostnet: Investigating a Cyber Espionage Network--looks into "allegations of Chinese cyber espionage against the Tibetan community." In the end, it "documented a wide ranging neetwork of compromised computers, including at least 1,295 spread across 103 countries, 30 percent of which we identified and determined to be 'high-value' targets, including ministries of foreign affairs, embassies, international organizations, news organizations, and a computer located at NATO headquarters."
Ultimately, while the report found the Indian government to be "the most victimized" of the institutions and organizations they monitored (unsurprising, given the focus on Tibet), it's the China part of the equation that is getting the most coverage. The New York Times breathlessly reports researchers are "turning the tables on a China-based computer espionage gang."
How surprising is the report? Here's what it says and why one expert from Foreign Policy remains unmoved.
- Connections to the State The five researchers say their investigation "clearly ... tracks back directly to the PRC [People's Republic of China], and to known entities within the criminal underground of the PRC. There is also an obvious correlation to be drawn between the victims, the nature of the documents stolen, and the strategic interests of the Chinese state. But correlations do not equal causation." There have been some studies, they explain, pointing to a "privateering model," where the state "authorizes private persons to perform attacks." The state isn't thought to exert "direct ... control" over hacking groups. The researchers also found plenty of personal financial information compromised as well as "politically sensitive information," suggesting that there's more than one motive at work. Nevertheless, they think it's quite possible the information collected by the hacking network winds up in government hands.
- 'Yawn' As Foreign Policy's Kayvan Farzaneh points out, "the Indian press ... seems somewhat unconcerned--the report has gotten little attention there and the Chinese government has brushed it off as media hype. It just seems that all parties are resigned to the fact, at least tacitly, that this is the way things work nowadays." Nevertheless, Farzaneh "thinks it will be interesting to see if [China] investigates such hacker networks operating from its territory." Though the government has denied involvement in the past, there's enough evidence here to warrant some exploration. He also points out, though, that the U.S. hosts a fair number of cybercriminals as well.