Last weekend, a report by researchers at the Munk Center of the University of Toronto revealed "GhostNet," a computer espionage virus that had infected around 1,300 computers worldwide--including many "high value" targets where diplomatic and national security information was stored. The attack focused on computers in Southern Asia and offices belonging to the Dalai Lama, exiled leader of China-occupied Tibet. GhostNet-infected machines were controlled by computers located in the People's Republic. Experts disagree on whether the evidence proves China's guilt or merely suggests it overwhelmingly. Either way, the most important message goes far beyond computer espionage.
The attack had real-world implications, although what's emerged so far is apt to be a small fraction of the actual damage. After the Dalai Lama's office sent an e-mail invitation to a foreign diplomat, Beijing diplomats happened to phone the same diplomat and discourage the visit. A China-bound traveler who had used the Internet to help put Tibetan exiles in contact with Chinese dissidents was stopped at the Chinese border, shown transcripts of the online exchanges, and warned to cut it out.
The focused nature of the attack helped it succeed. Businesses and other organizations that detect viruses are less likely to notice and get hold of a new virus that attacks a mere thousand computers instead of hundreds of thousands. Until the target organizations do get hold of the virus, they can't analyze it and use "signature detection" and related techniques to warn users when infected cyberstuff arrives on their machines.
GhostNet evidently invaded its victim computers when users opened a toxic e-mail attachment or followed a link to a poisoned Web site. A GhostNet-infected machine would then bide its time like a mole behind enemy lines, awaiting an electronic signal from headquarters, at which point it would betray its host on command.
The infected computer could browse local files under remote control and send back copies to Ghost HQ. The virus was even capable of using a victim computer's built-in camera and microphone to watch and listen. GhostNet, in other words, transformed ordinary computers into advanced bugging devices that the victims had paid for and installed themselves.
Of course the Internet is a dangerous place because the world is, and the Net mirrors the world more faithfully every day: The Internet is the still pond that reflects the surrounding village on its surface. Detailed investigation by experts is the way to smoke out criminals in the real world and in the cybersphere. In both worlds, criminal minds evolve and mutate continuously. Adding new security devices as new crimes catch on can mitigate the problem but can't solve it.
The crime paradox is the same whether we are talking real world or cybersphere: The more completely you isolate valuable property, the less vulnerable it becomes--and the harder for legitimate users to access and (therefore) the less valuable. If you transfer important documents from a locked desk to a safe-deposit box to a sealed concrete bunker, they get safer each step of the way and wind up completely useless. Allowing a computer only occasional, short and unpredictable access to the Internet complicates some aspects of computer crime, but (obviously) restricts ordinary e-mail, messaging and Web use. To make some computer completely safe, you would disconnect it completely--in which case the criminals could break into your office and steal it.
Discussion and reporting about GhostNet has focused mainly on its frightening technical sophistication. But that misses the larger point.
GhostNet reminds us that the new Cold War won't be fought with the threats and weapons of the old one. Americans might have less trouble keeping in mind occupied Tibet, the war on Chinese Christianity, the imprisonment and torture of political dissidents and members of Falun Gong, the one-child-only decree and other specimens of PRC tyranny if they didn't find Asian-on-Asian violence so deucedly boring. Instead of paying attention to those issues, we simper about mutual respect and cooperation--without acknowledging the fact that China is today the world's most powerful Evil Empire. The Soviets favored large armies and nuclear arsenals, but China is our new Cold War enemy, and her favorite weapons will also be novel: financial weapons, trade weapons, cyberweapons. Welcome to Cold War II.
David Gelernter is a national fellow at AEI.