Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login

Site Notices
Posted: 3/29/2009 3:06:37 PM EDT
Reports: Cyberspy network targets governments
Story Highlights
Researchers: Dalai Lama's office, NATO, governments among targets

Network, dubbed "GhostNet," can take control of computers, search files

Researchers link network to China, but don't conclude who is responsible

Investigation finds hundreds of infected machines in more than 100 countries

LONDON, England (CNN) –– Nearly 1,300 computers in more than 100 countries have been attacked and have become part of an computer espionage network apparently based in China, security experts alleged in two reports Sunday.

Computers –– including machines at NATO, governments and embassies –– are infected with software that lets attackers gain complete control of them, according to the reports. One was issued by the University of Toronto's Munk Centre for International Studies in conjunction with the Ottawa, Canada-based think tank The SecDev Group; the second came from the University of Cambridge Computer Laboratory.

Researchers have dubbed the network GhostNet. The network can not only search a computer but see and hear the people using it, according to the Canadian report.

"GhostNet is capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and web cameras," the report says.
The discovery of GhostNet grew out of suspicions that the office of the Dalai Lama had been hacked.

His staff sent a foreign diplomat an e-mail invitation to meet the Tibetan spiritual leader, but before the Dalai Lama's people could follow up with a phone call, "the diplomat's office was contacted by the Chinese government and warned not to go ahead with the meeting," according to the Cambridge report.

An investigation resulted in both reports. Both found links to computers in China, but the researchers did not conclude who they thought was behind the "malware," or malicious software.

"Chinese cyber espionage is a major global concern ... [b]ut attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading," according to the Canadian report titled, "Tracking GhostNet: Investigating a Cyber Espionage Network."

"The sheer number of young digital natives online can more than account for the increase in Chinese malware," it adds.

But the report also points out that China is among a handful of countries, including the United States, Israel and United Kingdom, that are "assumed" to have considerable computer espionage capabilities.

Attempts by CNN to contact the Chinese government in Beijing and its American embassy and consulate offices were unsuccessful on Sunday, as the offices were closed.

However, a spokesman for the Chinese consulate in New York dismissed the idea China was involved when speaking to The New York Times.

"These are old stories and they are nonsense," Wenqi Gao told the Times. "The Chinese government is opposed to and strictly forbids any cyber crime."

Hackers gained access to computers in the Dalai Lama's office by tricking computer users into downloading e-mail attachments that had been carefully engineered to appear safe, according to the authors of the Cambridge report, titled, "The Snooping Dragon: Social-malware Surveillance of the Tibetan Movement."

"The attackers took the trouble to write e-mails that appeared to come from fellow Tibetans and indeed from co-workers," according to the report, authored by Shishir Nagaraja and Ross Anderson. Once the attackers gained an initial foothold, "they also stole mail in transit and replaced the attachments with toxic ones," the report adds.

The Dalai Lama investigation led to the discovery of hundreds more infected machines in locations from The Associated Press in Britain and Deloitte and Touche in New York, to the ministries of foreign affairs in Indonesia, Iran and the Philippines. The office of the prime minister of Laos was also snared, as was a single non-secure computer at NATO, according to the Canadian report. Infected computers "checked in" with control servers as early as May 2007 and as recently as March 12 of this year, the report adds.

Attempts by CNN to verify the reports' allegations with NATO, the Laotian government and the Dalai Lama's organization in India were not immediately successful on Sunday.

The attack has broader implications, Nagaraja and Anderson warn, since a single person could carry out a similar one.

"Even a capable motivated individual could have carried out the attacks we describe here," they say.

The computer systems of businesses are almost certain to be hacked by similar means, if they have not been already, the experts claim.

"Social malware will be used for fraud, and the typical company really has no defense against it," since it is so expensive and inconvenient, for example, to keep sensitive information or processes on computers with no Internet access. "We expect that many crooks will get rich before effective countermeasures are widely deployed."

The Information Warfare Monitor Web site, where the Canadian report was released, was down Sunday afternoon.

GhostNet is not affiliated with GhostNet Inc., a business technology company


http://www.cnn.com/2009/TECH/03/29/ghostnet.cyber.espionage/index.html?iref=mpstoryview

I wonder how often this is used in our own country to monitor "suspects".
Link Posted: 3/29/2009 3:56:21 PM EDT
bump
Link Posted: 3/29/2009 4:01:18 PM EDT
* quietly takes off giant chicken outfit *

Link Posted: 3/29/2009 4:03:14 PM EDT
Originally Posted By Merrell:
* quietly takes off giant chicken outfit *



Link Posted: 3/29/2009 4:06:49 PM EDT
You could do this 10 years ago with Back orifice and Sub7 and all the other trojans, back before most people had anti-virus. Fun times.
Link Posted: 3/29/2009 4:09:06 PM EDT
The chinese are watching you masterbate.
Link Posted: 3/29/2009 4:11:34 PM EDT
Hey trig boy, it's your birthday...

Link Posted: 3/29/2009 4:12:49 PM EDT
Originally Posted By MattelFromHell:
The chinese are watching you masterbate.


I'm thinking they won't want to be watching me for very long...
Link Posted: 3/29/2009 4:18:11 PM EDT
I "fixed" the webcam on my Crack-puter.

Link Posted: 3/29/2009 4:28:29 PM EDT
Originally Posted By ZekeMenuar:
I "fixed" the webcam on my Crack-puter.

http://img.photobucket.com/albums/v145/ZekeMenuar1/rim00001-5.jpg


But they can still use the mic.
Link Posted: 3/29/2009 4:32:55 PM EDT
[Last Edit: 3/29/2009 4:38:17 PM EDT by ZekeMenuar]
If they want to listen to whatever I watch on Justin TV they can go ahead. Today it's been Beavis and Butthead,

The webcam and mic on my computer are disabled.
Link Posted: 3/29/2009 4:36:40 PM EDT
Yup, I think I'll be breaking out the roll of black electrical tape soon as I get home.
Link Posted: 3/29/2009 4:48:23 PM EDT

Originally Posted By kraftwerk:
You could do this 10 years ago with Back orifice and Sub7 and all the other trojans, back before most people had anti-virus. Fun times.

Yep it was great... I spent many fun hours putting in IP blocks on my port scanner and doing my thing.. notepad conversations were the most fun after I had toyed with them for a while.
Link Posted: 3/29/2009 5:41:28 PM EDT
Sounds like the Skynet virus...

I for one welcome our metal overlords and offer my services as a task master in the humans to oil factories.
Link Posted: 3/30/2009 4:42:39 AM EDT
Originally Posted By Mister44:
Sounds like the Skynet virus...

I for one welcome our metal overlords and offer my services as a task master in the humans to oil factories.


Link Posted: 3/30/2009 5:39:48 AM EDT
Link Posted: 3/30/2009 5:48:27 AM EDT
Originally Posted By kraftwerk:
You could do this 10 years ago with Back orifice and Sub7 and all the other trojans, back before most people had anti-virus. Fun times.


you forgot netbus.
Link Posted: 3/30/2009 6:02:09 AM EDT
I bought a new laptop over the Christmas holidays and before it was even logged onto the internet I ran few virus scans and found trojans fresh from the factory. Imagine that HP uses China as assembly point and somehow your factory fresh computer has virus programs installed.

Po-Po
Top Top