Print
The Conficker worm has been generating the big security headlines, but what The New York Times calls a "vast electronic spying operation" reveals an ongoing, very sophisticated cyberespionage campaign that may well represent an even more important threat than Conficker - especially to the Dalai Lama's Tibetan freedom movement.
Researchers at the University of Toronto Munk Center's Citizen Lab summarize GhostNet thus:
Documented evidence of a cyber espionage network— GhostNet—infecting at least 1,295 computers in 103 countries, of which close to 30% can be considered as high-value diplomatic, political, economic, and military targets.
Documented evidence of GhostNet penetration of computer systems containing sensitive and secret information at the private offces of the Dalai Lama and other Tibetan targets.
Documentation and reverse engineering of the modus operandi of the GhostNet system—including vectors, targeting, delivery mechanisms, data retrieval and control systems—reveals a covert, diffcult-to-detect and elaborate cyber-espionage system capable of taking full control of affected systems.
The attacks started with so-called "social malware" (emails apparently from trusted sources that included documents containing malware installers). Once the malware was installed, the programs used a variety of methods to compromise targeted computer: rootkits, HTTP GET/POST transmission of stolen data, keyloggers, backdoor remote administration tools, and even remote control of webcams and microphones for surreptitious recording.
The F-Secure "News from the Lab" blog posting on GhostNet describes how the attack works, includes a partial map of the extent of the attacks, a video on targeted attacks, and links to reports from the University of Toronto's Munk Center and Cambridge University. If you're responsible for computer security in your business or home, want a better understanding of cyberespionage, or are looking for better ways to detect information theft, these reports are must-reads.
How can you stop a GhostNet-style attack on your PCs? Consider the following:
What methods have you found to be most effective to sniff out and stop these types of information stealers? Hit Comment and share your discoveries.
Map courtesy The New York Times.
Comments are closed on this article
Yokanise
April 02, 2009 at 1:27pm
Yes, I hate the current Red Chinese gov't. They're all a bunch of commie/nazi pigs & should be shot. They're committing cultural genocide on Tibet & trying to wipe out the Uighurs, among other things. They make cheap junk that people should'nt buy. Let all work for their downfall!
Marcus_Soperus
April 02, 2009 at 12:56pm
...at these articles from the MaximumPC.com archives:
http://www.maximumpc.com/article/news/face_music_itunes_faces_chinese_ire_selling_protibetan_album
http://www.maximumpc.com/article/news/censored_internet_international_media_beijing_olympics
http://www.maximumpc.com/article/news/skypes_chinese_chapter_caught_censoring_archiving_messages
http://www.maximumpc.com/article/news/fake_flash_memory_spreading_quickly_china
http://www.maximumpc.com/article/news/malware_loves_china
http://www.maximumpc.com/article/digital_picture_frames_now_with_free_malware
http://www.maximumpc.com/article/daily_news_brief_9800gtx_and_gx2_benchmarks
http://www.maximumpc.com/article/daily_news_brief_seagate_drives_ship_with_virus
http://www.maximumpc.com/article/daily_news_brief_big_tech_news_served_in_bite_sized_chunks
http://www.maximumpc.com/article/big_maxtor_disks_making_big_security_headaches
--------------------------------------------------
It's amazing how illogical a business built on binary logic can be.
comwk
April 02, 2009 at 10:15am
why does all the problem always link to china?
is that me, or just the whole world think that way?
my computer indefected, chinese people did it,
my car borken down, chinese people did it
my investment is all gone, chinese did it
everything in the end is link to chinese people, why ?
is that becasue they have money?
or is their comme system is working better than us now
or becuase our government doesn't like them so we have to blame them
let me tell you, chinese people are more friendly than us.
i can't said all of them are good, but in general they are friendly.
if there is THREAT i have to worry. i would have worry about our government light up too many fires all over world. when we finally realize that, it's probably too late.
Velcrow
April 02, 2009 at 11:11am
Wow, you really took that personal for some reason. It's not far fetched to believe the Chinese government would be spying on Tibetan people considering their 'friendly' history, or foreign entities for that matter. Hell, all governments probably do it but just don't get caught.
As for your car breaking down, it's also likely the parts where made in China or Mexico and simply assembled in the USA. So yeah, you might want to blame them for it.
And the economy, I haven't heard anybody blame the Chinese for that. Yet. I may start today because it sounds like fun.
Chinese people may be nice, but I consider any government that filters information a threat. It's not like the small town butcher over there is coding GhostNet in his free time. China has a history of stifling information flow to and from it's people.
AntiHero
April 02, 2009 at 12:45pm
So true. People blame china because 90% of the products you use are manufactured there, really look at your personal belongings, asian countries for the most part (Indonesia, China, Korea, Japan, Malaysia, India, Phillipines) because of the cheap production costs. It's cheaper to pay them less than what we would call acceptable, and then ship it into every other country that is considered prospect market. And since most north americans will blame ANYONE but themselves, they blame china. Real life example in many cases for me as an IT guy, you could show up somewhere, fix a pc, and leave, they then call back saying something is wrong on a different pc, that you didn't come in contact with, they still look to say "well, you were here, and then it wasn't working" well, in Europe, (according to my Swedish co-worker) it happens significantly less there.
I don't like Microsoft, I associate with it.
