Major cyber spy network uncovered

There is no conclusive evidence of Chinese government involvement

An electronic spy network, based mainly in China, has infiltrated computers from government offices around the world, Canadian researchers say.

They said the network had infiltrated 1,295 computers in 103 countries.

They included computers belonging to foreign ministries and embassies and those linked with the Dalai Lama - Tibet's spiritual leader.

There is no conclusive evidence China's government was behind it, researchers say. Beijing also denied involvement.

The report comes after a 10-month investigation by the Information Warfare Monitor (IWM), which comprises researchers from Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies.

They were acting on a request from the Tibetan spiritual leader's office to check whether the computers of his Tibetan exile network had been infiltrated.

Researchers found that ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan appear to had been targeted.

Hacked systems were also discovered in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.

Analysts say the attacks are in effect industrial espionage, with hackers showing an interest in the activities of lawmakers and major companies.

Compromised

The researchers said hackers were apparently able to take control of computers belonging to several foreign ministries and embassies across the world using malicious software, or malware.

"We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama," investigator Greg Walton was quoted by the Associated Press news agency as saying.

They say they believe the system, which they called GhostNet, was focused on governments in Asia.

By installing malware on compromised computers, hackers were able to take control of them to send and receive classified data.

In this case, the software also gave hackers the ability to use audio and video recording devices to monitor the rooms the computers were in. But investigators said they did not know whether or not this element had been used.

According to the New York Times, the spying operation is the largest to have been uncovered in terms of the number of countries affected.

In an abstract for the report entitled The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement - posted on the IWM website - investigators said while such attacks were not new, these particularly stood out for their ability to collect "actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed".

EGovernment Plaque at The Civil Service Institute

Definition of a Chief Information Officer in Brunei

Only a few work as a full time CIO. Many hold other duties other than being appointed as a CIO for a particular ministry. So imagine being a CIO in Brunei, not knowing what to do exactly, implementing projects in 'silos'. Yet blaming the C-Level management of not supporting, budget cuts and so on. The emphasis was and still is, vendor. Nearly all IT projects in Brunei are vendor-driven.

The chief information officer (CIO) is a job title for the board-level head of information technology within an organization. The CIO typically reports to the chief operations officer or the chief executive officer. In military organizations, they report to the commanding officer.

CIO

Chief Information Officer (CIO) is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals. As information technology and systems have become more important, the CIO has come to be viewed in many organizations as a key contributor in formulating strategic goals. Typically, the CIO in a large enterprise delegates technical decisions to employees more familiar with details. Usually, a CIO proposes the information technology needed by an enterprise to achieve its goals and then works within a budget to implement the plan. The CIO role is also sometimes used interchangeably with the chief technology officer role, although they may be slightly different. When both positions are present in an organization, the CIO is generally responsible for processes and practices supporting the flow of information, whereas the CTO is generally responsible for technology infrastructure.

Information technology

The prominence of the CIO position has risen greatly as information technology has become a more important part of business. In some organizations, the CIO may be a member of the executive board of the organization. No specific qualification is typical of CIOs in general. In the past, many have expertise in computer science, software engineering, or information systems, but this is not universal. Increasingly CIOs, especially those from a technical background, hold Master of Business Administration or Master of Science in Management degrees.^[1]. More recently CIOs' leadership capabilities, business acumen and strategic perspectives have taken precedence over technical skills. It is now quite common for CIOs to be appointed from the business side of the organization, especially if they have project management skills.

In recent years governments and government departments have employed CIOs and recruited them from the private sector. The main reason for this is that as government departments have modernized their processes they have made costly IT mistakes and now require highly experienced IT executives to cut the best deals for their organizations.

In 2007 a survey amongst CIOs by CIO magazine in the UK discovered that their top 10 concerns were: people leadership, managing budgets, business alignment, infrastructure refresh, security, compliance, resource management, managing customers, managing change and board politics^[2].

Typically, a CIO is involved with analyzing and reworking existing business processes, with identifying and developing the capability to use new tools, with reshaping the enterprise's physical infrastructure and network access, and with identifying and exploiting the enterprise's knowledge resources. Many CIOs head the enterprise's efforts to integrate the Internet into both its long-term strategy and its immediate business plans.