Global spy network sourced to China

Security researchers have discovered a vast China-based spy network which they say has accessed hundreds of politically-sensitive computers worldwide.

The network has infiltrated 1,295 computers in 103 countries, researchers from the Munk Center for International Studies at the University of Toronto said, 30% of which are high-value diplomatic targets.

Targets include the Dalai Lama's organization, the ministries of foreign affairs in countries including Iran, Bangladesh, Indonesia and the Philippines, and embassies in countries such as India, South Korea, Indonesia, Taiwan and Thailand.

The Asean secretariat, the South East Asian Association for Regional Co-operation (SAARC),  the Asian Development Bank and a number of news organizations had also been infected, the researchers said.

The Munk Center said there was no proof the attacks were originating from within the Chinese government, and could have been executed by Chinese nationalist hackers or a criminal syndicate. 

But researchers from the University of Cambridge, who independently discovered the network, were not so coy.

"[A]gents of the Chinese government compromised the computing infrastructure of the Office of His Holiness the Dalai Lama," Cambridge researchers Shishir Nagaraja and Ross Anderson said in a report.

They said the Dalai Lama's office began to suspect it was under surveillance after emailing a foreign diplomat to set up a meeting with the Lama.

"But before they could follow it up with a courtesy telephone call, the diplomat's office was contacted by the Chinese government and warned not to go ahead with the meeting," the researchers said.

The office then asked the researchers to investigate for signs their mail servers were compromised.

Nagaraja and Anderson said the attackers gained access to the Dalai's computer network using social engineering, installing rootkits on the compromised computers. The attackers spied on emails, and captured mail in transit, replacing their attachments with attachments infected by the network.

Researchers have tracked the spy network back to four control servers - three in the provinces of Hainan, Guangdong and Sichuan, and the fourth at a web-hosting company in the US state of California.

Nagaraja and Anderson noted that Sichuan is home to the Chinese intelligence unit tasked with monitoring the Dalai Lama.

A spokesperson for the Chinese government told the New York Times that the reports were "nonsense." He said the government forbids any form of cybercrime.