[A]gents of the Chinese government compromised the computing infrastructure of the Office of His Holiness the Dalai Lama. They used social phishing to install rootkits on a number of machines and then downloaded sensitive data.... What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course.

(Look for the movie Snooping Dragon, Nosy Tiger coming to a multiplex near you.)

The U.S. government is not on the list of those infiltrated by GhostNet, but that hardly means we're in the clear. Defense officials have claimed on several occasions (China denies this, natch). The country has been accused of to have a look 'round the joint. Just this week in his office.

Whatever it is we're doing, the Chinese appear to be deeply interested. That, or maybe they're just still really ticked off about that album. So I'm betting the Cambridge guys are on the right track. And they're saying nobody in government or business should be feeling very cozy about their IT security right now.

No-one should think that it could not happen to them, just because their company is in New York or London rather than an Indian hill station! The Tibetan sys admins were just as capable as one finds in the USA or Britain. Indeed, they were probably more aware of the Chinese threat and as a result more alert than a typical company security team. ... All in all, the Tibetans' performance has been more effective than we would have expected from a randomly-chosen Western organisation.