An investigation into the hacking of computers used by the Office of His Holiness the Dalai Lama (OHHDL) and Tibetan exiles uncovered a Chinese hacker network that has broken into public and private computer networks in 103 countries. Mike Harvey of the Times Online writes,
The spy system, dubbed GhostNet, is alleged to have compromised 1,295 machines at Nato and foreign ministries, embassies, banks and news organisations across the world, as well as computers used by the Dalai Lama and Tibetan exiles.
You can read the entire report online here
Another report published this month by the University of Cambridge Computer Laboratory describes how Chinese hackers broke into OHHDL computers. It's a chilling document.
The OHHDL began to realize computers were compromised when it became obvious the government of China was reading OHHDL emails. "They sent an email invitation on behalf of His Holiness to a foreign diplomat, but before they could follow it up with a courtesy telephone call, the diplomat's office was contacted by the Chinese government and warned not to go ahead with the meeting."
There's some technical language in the report that's a little outside my normal vocabulary, but maybe most of you will understand this -- the hackers were sending what seemed to be friendly emails to exiled Tibetans. The emails would contain a link to a bogus website, and if the recipient clicked on the link their computers would be infested with malware. This is called "social phishing." The malware installed "rootkits" on a number of machines that enabled the Chinese hackers to download sensitive data.
The report explains why some information was sensitive:
An example comes from schooling. While organising Tibetan-language schools in India or the USA is an open matter, such schools in Tibet itself may have to be covert. Their operation may place teachers' and even students' lives at risk. Indeed, everyone associated with the Tibetan movement who sets foot in Tibet or China is at risk of their lives. Another potentially sensitive information asset is a database of Tibetan refugees, including where they lived in Tibet, when they left and where they live now.According to the conclusion,
In this note we described how agents of the Chinese government compromised the computing infrastructure of the Office of His Holiness the Dalai Lama. They used social phishing to install rootkits on a number of machines and then downloaded sensitive data. People in Tibet may have died as a result.