Massive cyber-spook network uncovered
By Stuart Turton
Posted on 30 Mar 2009 at 09:39
Researchers claim to have discovered the world's largest cyber-espionage network, following a ten month investigation.
The report claims the network, dubbed Ghost Net, is hosted exclusively in China and has been used to hack 1,295 computers in 103 countries.
However, unlike most large botnets the purpose of the network does not appear to be financial gain. The report claims Ghost Net was used to infiltrate "ministries of foreign affairs, embassies, international organisations, news media, and NGOs".
The researchers, based at the Munk Center for International Studies at the University of Toronto, first became aware of Ghost Net after being asked by the Dalai Lama to investigate his office's computer network, after he suspected it had been attacked.
The team discovered the network had being completely overun with malware that was intercepting communications and sending the data back to Ghost Net.
Following the trail the team claims to have discovered evidence that the foreign offices of countries such as Iran, Bangladesh, South Korea, Portugal, Germany and Pakistan had been targeted.
In each case Ghost Net infiltrated the systems with a trojan known as gh0st RAT hidden inside an emailed message. Once opened gh0st RAT allowed attackers to gain complete control of the computer, right down to the ability to take over the webcam for audio and visual bugging.
Though analysts have been quick to blame the Chinese Government of cyber-snooping, the report is doubtful.
"Some may conclude that what we lay out here points definitively to China as the culprit," it reads. "Certainly Chinese cyber-espionage is a major global concern... but attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading.
"Numbers can tell a different story. The sheer number of young digital natives online can more than account for the increase in Chinese malware. Likewise, the threshold for engaging in cyber-espionage is falling."
Researchers have even suggested China could be a front for other organisations: "This could well be the CIA or the Russians. It's a murky realm that we're lifting the lid on," says Donald Deibert from the University of Toronto.
Cambridge Report
However, a second report written by University of Cambridge researchers was less circumspect, claiming the network was run by "agents of the Chinese government."
It also claims to offer proof that this intelligence has been acted upon: "His office sent an email invitation on behalf of His Holiness to a foreign diplomat, but before they could follow it up with a courtesy telephone call, the diplomat's office was contacted by the Chinese government and warned not
to go ahead with the meeting."
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
advertisement
Printed from www.pcpro.co.uk