Cyber Spies: 'Ghostnet' and the New World of Espionage
The German government is constantly the target of hackers seeking to insert spy programs into its computer systems. The attacks, often originating in China, are becoming more and more sophisticated.
It sounded definitive and reassuring when Chinese Prime Minister Wen Jiabao, during German Chancellor Angela Merkel's visit to China in the summer of 2007, promised that his government would take "determined" and "forceful" measures to prevent hacker attacks. Wen's concession was not entirely voluntary. Shortly before Merkel's trip, SPIEGEL had reported on massive hacker attacks on the German government, which German intelligence officials had traced to servers in various Chinese provinces.
The German government -- here, the Reichstag in Berlin -- is a favorite target of hackers.
Each year, special virus scanners detect about 600 attempts to insert sophisticated spy software into the two central Internet interfaces of IVBB, a computer network that links the computers at the German Chancellery with government ministries in Bonn and Berlin. These and other attempts are evidence of a relentless barrage of increasingly sophisticated cyber attacks, many of which go undetected.
Mailing malicious code
Clues about the hackers can be gleaned from the technical characteristics of an attack, as well as the identities of the target and the subject matter. The aim of the attacks leading up to the chancellor's trip to China, for example, was to ferret out information about issues Merkel wanted to discuss with representatives of the People's Republic.
German intelligence also detected a noticeable increase in cyber attacks before meetings between Merkel and the Dalai Lama. The hackers appear to be particularly interested in the Tibet issue. In January 2008, various German officials received an e-mail with an attached document titled: "Analysis of Chinese Government Policy Toward Tibet." The sender was supposedly a Tibetan organization in the United States. A malicious program was hidden in the analysis.
It is clear that the Chinese intelligence agencies and military have engaged in cyber espionage since the late 1990s. China is also home to a community of skilled and patriotic hackers who have staged what amount to campaigns on foreign Internet sites for years. Because China regulates its Internet so strictly -- it controls access more than almost any other nation in the world -- one can assume the government has at least tolerated hacker activity for a long time.
Perhaps coincidentally, only three days after Ghostnet made headlines, Premier Wen announced that he too had fallen victim to an audacious case of cyber espionage. Attackers from Taiwan, he said, had hacked into a Chinese State Council computer containing drafts of Wen's government report, the South China Morning Post reported Wednesday. The premier was "beside himself" over the incident, the paper wrote.
Translated from the German by Christopher Sultan
© SPIEGEL ONLINE 2009
All Rights Reserved
Reproduction only allowed with the permission of SPIEGELnet GmbH