Information Warfare Monitor Whistleblower report: Threat to Maltese computers neutralised

Malta Independent Friday, 3 April 2009, 00:00 Last update: about 13 years ago

The threats to five computers at Maltese embassies and a former government entity have been neutralised and the network is again secure, The Malta Independent has learned.

The five computers were hacked by what has been termed “GhostNet”, allegedly a China-based network of cyber spies who are understood to have gained full control of 1,295 high value computer terminals around the world.

The Malta Embassy to Belgium had one terminal which had four infections on it, while the rest were based in Libya, Australia, Malta and the Malta External Trade Corporation.

Sources within government IT security circles said that the threats to the machines were removed and that everyone was now back online and Trojan free.

The report was compiled by the highly respected Information Warfare Monitor, based in Canada, after Toronto researchers were asked by the Dalai Lama’s offices to examine their computers. The researchers found that computers had been infected by a virus created by malicious software – or malware. The scam kicks off after opening an email from the address [email protected] which contains a Trojan embedded in a Word document.

That discovery led researchers to a group of servers on Hainan Island, off China. Other servers they tracked were based in China’s Xinjiang Uyghur autonomous region, where intelligence units dealing with Tibetan independence groups are based.

Sources told this newspaper that the government IT security agency concurs with the report in the sense that while the attacks were confirmed, one could not point the finger directly at the Chinese government.

Explaining further, the source said that once a PC is infected, it forwards the emails to other terminals and that all it takes is one click to set the programme in motion. “The email could have been forwarded by someone that was ignorant to the threat and another person (at the Malta end) opened a seemingly legitimate document.”

Another issue which has to be borne in mind, said the source, is that Maltese embassies and other departments around the world work in different time zones to Malta. “Yes, the computers were compromised, but they have been brought back on track. What this report serves to remind us is that we must never be complacent and we must remain vigilant,” said the source. The source also said that there would be a review of security procedures in the near future and this will also centre around education and awareness classes for staff. At the end of the day, it’s as simple as a left click, which is what sent the Trojan round in the first place.