What should we make of this Chinese cyber-spy story?
Yesterday's story in the New York Times about "GhostNet," the Chinese-based computer spying network that has apparently penetrated some 1,295 computers in more than 100 countries around the world, obviously raises this big question: Was the Chinese government behind it, or not? Three of the four servers that hosted GhostNet were apparently inside China (the fourth was in California), and many of the targets were involved one way or another in Free-Tibet activities or other causes opposed by the Chinese government. Wouldn't it have to have been the ChiComs?
Maybe, maybe not. I've now read (thanks to a stop-by at free WiFi site masquerading as a McDonald's) the 53-page report from the University of Toronto team that used clever reverse-engineering tools to penetrate "GhostNet" and monitor it from within. The report, in the Scribd format that deserves discussion itself some other time, is available here.
The U Toronto researchers are, in my view, properly agnostic about who is ultimately responsible for this malware operation. On the one hand, they point out that "China is actively developing an operational capacity in cyberspace.... Chinese cyber warfare doctrine is well developed, and significant resources have been invested by the People's Liberation Army and security services in developing defensive and offensive capabilities." But on the other hand,
"Attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading... The most significant actors in cyberspace are not states.... In China, the authorities most likely perceive individual attackers [ie, teenagers in internet cafes] as convenient instruments of national power."
For anyone technically inclined, the report is full of fascinating crime-procedural type details about the way the investigation unfolded and what the GhostNet system revealed once the moles from Toronto had made their way inside.