Black Code: Inside the Battle for Cyberspace Read Online Free PDF Page A

the idea of the Citizen Lab checking into this matter, Tibetan officials agreed to turn over their machines for inspection. It was a serious decision, as we would be given unrestricted access to computers at the Office of His Holiness the Dalai Lama, the Tibetan Government-in-Exile, and Tibetan NGOS in Dharamsala, New York, Brussels, and London. Although the Dalai Lama himself liked to point out publicly that they “had no secrets,” his office and those of other Tibetan organizations handled sensitive communications, including private correspondence and information about travel schedules. They took a risk working with us, one that paid off in the end.
    •  •  •
    Cyber espionage is a dark art , widely speculated about but rarely examined in the light of day. There have been cases of state cyber spying reported on in the media, but too often key pieces of evidence were either missing or, more likely, locked down in the secret chambers of the world’s leading intelligence agencies. “Titan Rain,”a huge compromise of American military and intelligence agencies and companies, was an exception between 2003 and 2006, and suspicions ran high that it was orchestrated by China-based hackers doing dirty work for their government. The Chinese government was almost certainly connected in some manner to what we unearthed too, and once the cat was out of the bag there would be international diplomatic furor.
    While the Citizen Lab had been analyzing and exposing strange goings-on in cyberspace for years, the GhostNet investigation was unprecedented, the scope of the pilfering extraordinary. Computers based in the Dalai Lama’s headquarters and Tibetan organizations were compromised, but so too were those in foreign government agencies, and in international organizations, companies, and media outlets the world over. Included among the victims were the ministries of foreign affairs in Iran, Bangladesh, Latvia, Indonesia, the Philippines, Brunei, Barbados, and Bhutan, and the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany, and Pakistan. Computers at the UN and ASEAN, and an unclassified computer located at NATO headquarters, were also attacked, as was the prime minister’s office in Laos. One remarkable breach was of the mail server at the Associated Press office in Hong Kong, giving the GhostNet attackers access to emails sent to and from AP in Hong Kong containing information about stories before they were published.
    For months we had a bird’s-eye view of the attackers’ command-and-control network, could see everything they were doing. They had made the mistake of not password-protecting all of theircomputer directories, assuming that no one would be able to access them if they were not linked to publicly. But Villeneuve spotted that string of twenty-two characters used repeatedly in the networking traffic collected from Tibetan organizations’ computers, and on a hunch he copied then Googled it. Two results came up for obscure websites based in China, and he was then able to map almost all of the command-and-control infrastructure of the attackers, allowing us to see inside their operations without their knowledge. For weeks we watched transfixed, while an ever-expanding list of victims had their computers tapped, as cyber espionage on a massive scale unfolded in real time. We were able to isolate an individual at the Indian embassy in Washington, D.C., whose computer had been compromised by correlating data from the attacker’s web interface with open-source information via Google, and this led us to his bio and contact information website. We thought about calling him with a warning –
unplug your computer now!
– but decided against doing so because we were concerned about tipping off the attackers. Better to analyze all of the data first, we thought. We were inside an international spy operation, the attackers and their hundreds of victims had no idea,