The NYTimes is reporting that a “vast electronic spying operation” was discovered by researchers in Toronto.  They concluded that thousands of computers in government and private offices around the world were compromised.

The researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware.

Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York.

The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.

[...]

The malware is remarkable both for its sweep — in computer jargon, it has not been merely “phishing” for random consumers’ information, but “whaling” for particular important targets — and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed.

The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined. Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lama’s organization.

The electronic spy game has had at least some real-world impact, they said. For example, they said, after an e-mail invitation was sent by the Dalai Lama’s office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities.

A separate group of researchers in the UK issued their own report, focusing on the technical nature of operation and possible countermeasures.

This event is significant for several reasons.  The scope of the operation is impressive.  It was a targeted surveillance attack for apparent political purposes intended to collect actionable intelligence by a repressive police state.  The capability of the malware to record sound and video from compromised computers poses a very real threat of illicit or covert electronic surveillance from any connected computer with a microphone and webcam.  The techniques of the attack, using socially targeted malware were highly effective.  Typical countermeasures for this type of attack involve mandatory access controls and intrusive operational security procedures, which are unlikely to be deployed outside of secure government or military organizations. Such threats are bound to proliferate into online criminal activities. The recent data breach at Heartland Payment systems involving targeted malware may indicate that this is already starting to happen.

This is a little old, but I just came across a reference to it on the Security Metrics mailing list. Robert X. Cringely writes about a metric to predict emerging global leaders in technology (and presumably economic development and power) that is based on the number of Cisco Certified Internetwork Experts (CCIEs), broken down by country. Cringely writes:

Where I took a step further was to divide the number of CCIEs into each country’s population, then do the same for each country’s Gross Domestic Product and correct for widely varying populations and states of economic development. For a baseline, then, the U.S. has at present 5,863 CCIEs, which is 1.947 CCIEs per 100,000 population and $2.2 billion of GDP per CCIE.

The results for Europe and North America are not surprising, with Canada, the UK, and Ireland being relatively close to the US. What is more interesting are the numbers for Asia.

India has 0.036 CCIEs per 100K to China’s 0.22 per 100K — a 7X differential — while India has $10 billion in GDP per CCIE to China’s $3.3 billion. There is no doubt that there is plenty of network expertise in India, but these numbers show that expertise isn’t making it out of the technology centers to the rest of the country. China, on the other hand, is developing its IT infrastructure much more broadly. This also doesn’t take into account the simply huge numbers coming out of Hong Kong, where there are 3.3 CCIEs per 100K and $1.13 billion in GDP per CCIE — numbers that might properly be added to the rest of China in some accounts.

Japan has 1.23 CCIEs per 100K to South Korea’s 1.9, but the significant difference between these two countries is the $4 billion per CCIE in GDP for Japan compared to $1.28 billion in South Korea, which is clearly investing massively in network infrastructure.

Looking 30 years into the future I think it is clear that the regional leaders will be China and Korea, NOT India and Japan.