China analysts dismiss cyber-espionage claims

(CNN) -- Analysts in China are dismissing claims that nearly 1,300 computers in more than 100 countries have been attacked, and have become part of a cyber-espionage network apparently based in China.

"This is purely another political issue that the West is trying to exaggerate," Song Xiaojun, a Beijing-based strategy and military analyst, told China Daily, a state-run newspaper.

Zhu Feng, a professor with the school of international studies at Peking University, added: "Cyber security has been a global issue, but this time those who see China as an emerging threat again have picked the subject as a new weapon."

Computers -- including machines at NATO, governments and embassies -- are infected with software that lets attackers gain complete control of them, cyber-security experts alleged in two reports Sunday.

One report was issued by the University of Toronto's Munk Center for International Studies in conjunction with the Ottawa, Canada-based think tank The SecDev Group; the second came from the University of Cambridge Computer Laboratory. Watch CNN's John Vause report on the network »

Researchers have dubbed the cyber-espionage network GhostNet. The network can not only search a computer but see and hear the people using it, according to the Canadian report.

"GhostNet is capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and web cameras," the report says.

The discovery of GhostNet grew out of suspicions that the office of the Dalai Lama had been hacked.

His staff sent a foreign diplomat an e-mail invitation to meet the Tibetan spiritual leader, but before the Dalai Lama's people could follow up with a phone call, "the diplomat's office was contacted by the Chinese government and warned not to go ahead with the meeting," according to the Cambridge report.

The investigation resulted in both reports. Both found links to computers in China, but the researchers did not conclude who they thought was behind the "malware," or malicious software.

The Dalai Lama told CNN he did not know who was behind the hacking, but said there should be an investigation.

China, he added, "as a great nation... (has a) certain sort of moral responsibility and practical responsibility. Now in order to utilize that opportunity, China should -- must -- bring trust from rest of the world. Then China really can (a) make positive contribution," he told CNN's Sara Sidner.

"In spite (of being a) big nation, they act like (a) very weak nation -- all sort of spying... I think that is very, very unfortunate," he said through a translator.

The cybersecurity experts who say they discovered GhostNet said China was a player in the field, but did not blame Beijing for the attacks.

"Chinese cyber espionage is a major global concern... (b)ut attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading," says the Canadian report, titled, "Tracking GhostNet: Investigating a Cyber Espionage Network."

"The sheer number of young digital natives online can more than account for the increase in Chinese malware," it adds.

But the report also points out that China is among a handful of countries, also including the United States, Israel and the United Kingdom, which are "assumed" to have considerable cyber-espionage capabilities.

Attempts by CNN to contact the Chinese government in Beijing, and its American embassy and consulate offices were unsuccessful.

Hackers gained access to computers in the Dalai Lama's office by tricking computer users into downloading attachments in e-mail which had been carefully engineered to appear safe, according to the authors of the Cambridge report, titled, "The snooping dragon: social-malware surveillance of the Tibetan movement."

"The attackers took the trouble to write e-mails that appeared to come from fellow Tibetans and indeed from co-workers," say the report's authors, Shishir Nagaraja and Ross Anderson. Once the attackers gained an initial foothold, "they also stole mail in transit and replaced the attachments with toxic ones," they add.

The Dalai Lama investigation led to the discovery of hundreds more infected machines in locations from The Associated Press in Britain and Deloitte and Touche in New York, to the ministries of foreign affairs in Indonesia, Iran and the Philippines. The office of the prime minister of Laos was also snared, as was a single non-secure computer at NATO, "Tracking GhostNet" claims. Infected computers "checked in" with control servers as early as May 2007 and as recently as March 12 of this year, the report adds.

Attempts by CNN to verify the reports' allegations with NATO, the Laotian government and the Dalai Lama's organization in India were not immediately successful on Sunday.

All About Computer Security • China • Dalai Lama