Two reports issued this weekend provided a stunning glimpse into the extent of China’s espionage operations using the Internet. Tracking GhostNet: Investigating a Cyber Espionage Network and The Snooping Dragon: Social-Malware Surveillance of the Tibetan Movement, served as clear warnings — especially to the Tibetan movement — that Chinese authorities are watching, listening, collecting and acting on the information obtained.
The second report said that the malware is “well written” and has been “devastatingly effective,” targeting, among others, foreign ministries, NGOs, news organizations, NATO and the Tibetan government-in-exile. The first report says GhostNet infected at least 1,295 computers in 103 countries, “of which close to 30 percent can be considered as high-value diplomatic, political, economic, and military targets.”
Beyond collecting information, the software developed in China, known as gh0st RAT, allows attackers to gain full, real-time control of, send instructions to and retrieve information from the targeted computer.
In the private realm, the implications of cyber espionage as a tool of repression are devastating. In one instance, a woman working for Drewla, a group that uses online chatting forums to reach out to Chinese and educate them on the plight of Tibetans, was arrested at the Nepalese-Tibetan border as she was returning to her village in Tibet. She was interrogated by Chinese intelligence officers, held incommunicado and presented with the full transcripts of her Internet chat activity. She was then banned from Tibet.
While the Tracking GhostNet report is careful not to attribute all cyber attacks to intelligence-gathering operations by Beijing, it is active in that domain and has used actionable intelligence collected electronically to pursue its objectives.
Although the reports paid special attention to Chinese spying on Tibetans, in the process the authors determined that of 986 known infected IP hosts in 93 countries, Taiwan had the most — 148 — including its embassy in Swaziland, the Institute for Information Industry, Net Trade, the Taiwan External Trade Development Council and the Government Service Network.
Coupled with evidence that, despite President Ma Ying-jeou’s (馬英九) cross-strait peace initiative, China has not taken the military option off the table, revelations of China’s cyber espionage network raise questions about the wisdom of intensifying relations with China. If, as can be assumed, China remains committed to targeting Taiwan for intelligence collection, then the more electronic contact there is between the two sides, the greater the opportunities will be for the transmission of malware. The repercussions in the banking and high-tech sectors, not to mention defense and public safety, could be huge.
China could target individuals, especially in pro-independence groups and opponents of cross-strait agreements. As fear of, and opposition to, agreements with China that risk undermining the sovereignty of Taiwan increases, China can be expected to monitor dissidents in ways that recall its treatment of Tibetans, as outlined in the reports.
Chinese intelligence has a long history of such activity but until recently its espionage was done through human intelligence. Now that communication is mostly electronic, however, espionage can be carried out remotely and with greater efficiency. Given the stakes, Taiwan should conduct its own study on the matter.