Tuesday, January 5, 2010

Cyber-spies hack computers of 3 RP gov’t offices

Suspected cyber-spies from the Chinese mainland have hacked into computers of at least three government offices in the Philippines as well as the Asian Development Bank office based in Manila, Canadian researchers said over the weekend.

In the study titled “Tracking Ghostnet: Investigating a Cyber Espionage Network”, the research team Information Warfare Monitor said a cyber spy network based almost entirely in China has hacked into computer networks around the world, stealing classified information from governments and private organizations in more than 100 countries including the Philippines.

The Ottawa-based think tank, composed of SecDev Group and University of Toronto’s Munk Center for International Studies, said the cyber-espionage network compromised 1,295 infected computers in 103 countries. Thirty percent of the infected computers are considered high-value and include the ministries of foreign affairs of Iran, Brunei, Bangladesh, Latvia and Indonesia.

In the Philippines, the cyber-espionage system has infected one computer in the Department of Foreign Affairs, two computers in the Department of Science and Technology, one computer in the Bureau of International Trade Relations of the Department of Trade and Industry and at least one computer in the Asian Development Bank.

Two computers in the Embassy of Thailand in the Philippines were also infected with malware that allows hackers to steal sensitive data and take control of the computers. The study said the embassy computers were most likely infected in August 2008 after a spike in malware infections spread across 46 countries.

The cyber-espionage ring also infected computers of the Associated Press office in the United Kingdom, the Office of the Dalai Lama in India and the Association of Southeast Asian Nations Secretariat in Indonesia and Malaysia.

The Department of Justice on Monday said the alleged hacking of government computers in the foreign affairs, trade and industry and science and technology departments is a matter of national security.

“If you hack diplomatic exchange, that will affect national security,” Justice Secretary Raul Gonzalez told reporters.

Gonzalez said he will order an investigation as soon as he receives confirmation of the alleged hacking incident.

DFA Spokesman Ed Malaya said the department “takes seriously reports such as this, and will carefully look into its details, including the methodologies used to arrive at their observation.”

“As part of due diligence, we will undertake all measures to maintain and ensure the integrity of our IT systems,” he added.


The Canadian team said the GhostNet system directs infected computers to download a Trojan known as gh0st RAT that allows attackers to gain complete, real-time control of the computers. The infected file is usually a seemingly harmless Word or PDF file which, once opened, unleashes malicious code on the machine.

The code exploits a vulnerability in the user's computer, and uses it to order the computer to connect with a server somewhere else in the world. Once infected, hackers can search and download files and covertly operate microphones and web cameras attached to the computer.

The study found that the network was based almost exclusively in the Hainan province in China, although the researchers stopped short of saying the Chinese government was involved in the system.

In the study, the research team said it had not been able to ascertain the type of data obtained by the attackers apart from the basic system information and file listings of the documents.

It noted, however, that the system was focused on the governments of South and Southeast Asian nations.

“Many of the high confidence, high-value targets that we identified are clearly linked to Chinese foreign and defense policy, particularly in South and South East Asia. Like radar sweeping around the southern border of China, there is an arc of infected nodes from India, Bhutan, Bangladesh and Vietnam, through Laos, Brunei,
Philippines, Hong Kong, and Taiwan,” the study noted.

The group, however, said the malware could have been deployed “by a random set of infected computers that just happens to include high profile targets of significance to China, collected by an individual or group with no political agenda per se.”

It said a single individual or group of individuals such as criminal networks could have targeted the high value computers for profit. It also did not discount the possibility that the network of infected computers could have been targeted by a state other than China, but operated physically within China to mislead authorities.

The researchers say their findings should serve as a wake-up call to policy makers, as they "demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet.” -- With reports from RG Cruz and Marieton Pacheco, ABS-CBN News


1 comment:

Kevin Kuybus said...

Its very bad for hackers to hack government systems