Skip to main content

Nart Villeneuve, Greg Walton and Ronald J. Deibert discovered the spying operation dubbed GhostNet. They are seen at the Munk Centre on March 29 2009.JENNIFER ROBERTS

Canadian researchers have uncovered a computer spying operation that they say has stolen documents from hundreds of government and private offices around the world.

The New York Times website reported Saturday that the researchers, based at the Munk Centre for International Studies at the University of Toronto, said the system was being controlled from computers based almost exclusively in China.

But they could not say conclusively the Chinese government was involved.

A spokesman for the Chinese Consulate in New York dismissed the idea that China was involved, while the Chinese Embassy in Toronto did not immediately return calls for comment.

The researchers had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware.

"We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama," investigator Greg Walton said.

They discovered a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices.

The researchers said they believe in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.

Students For a Free Tibet activist Bhutila Karpoche said she was not surprised about the possibility that China could be behind the network.

"Our computers have been hacked into numerous times over the past four to five years, and especially in the past year," Ms. Karpoche said. She said she often gets e-mails that end up containing viruses that crash the group's computers.

The operation continues to invade and monitor more than a dozen new computers a week, the researchers said.

The malware can turn on camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room.

The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies but in most cases the contents of the stolen files have not been determined.

Working with the Tibetans, however, the researchers found specific correspondence had been stolen and the intruders had gained control of the electronic mail server computers of the Dalai Lama's organization.

The researchers said they have notified international law-enforcement agencies of the spying operation.

The F.B.I. declined comment on the operation.

The researchers are to publish their findings Sunday in Information Warfare Monitor, an online publication associated with the Munk Centre.

The researchers detected a cyber espionage network involving more than 1,295 compromised computers from the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan. They also discovered hacked systems in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.

With files from The Associated Press

Interact with The Globe