Massive cyber-spook network uncovered
By Stuart Turton
Posted on 30 Mar 2009 at 09:39
Researchers claim to have discovered the world's largest cyber-espionage network, following a ten month investigation.
The report claims the network, dubbed Ghost Net, is hosted exclusively in China and has been used to hack 1,295 computers in 103 countries.
However, unlike most large botnets the purpose of the network does not appear to be financial gain. The report claims Ghost Net was used to infiltrate "ministries of foreign affairs, embassies, international organisations, news media, and NGOs".
The researchers, based at the Munk Center for International Studies at the University of Toronto, first became aware of Ghost Net after being asked by the Dalai Lama to investigate his office's computer network, after he suspected it had been attacked.
The team discovered the network had being completely overun with malware that was intercepting communications and sending the data back to Ghost Net.
Following the trail the team claims to have discovered evidence that the foreign offices of countries such as Iran, Bangladesh, South Korea, Portugal, Germany and Pakistan had been targeted.
In each case Ghost Net infiltrated the systems with a trojan known as gh0st RAT hidden inside an emailed message. Once opened gh0st RAT allowed attackers to gain complete control of the computer, right down to the ability to take over the webcam for audio and visual bugging.
Though analysts have been quick to blame the Chinese Government of cyber-snooping, the report is doubtful.
"Some may conclude that what we lay out here points definitively to China as the culprit," it reads. "Certainly Chinese cyber-espionage is a major global concern... but attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading.
"Numbers can tell a different story. The sheer number of young digital natives online can more than account for the increase in Chinese malware. Likewise, the threshold for engaging in cyber-espionage is falling."
Researchers have even suggested China could be a front for other organisations: "This could well be the CIA or the Russians. It's a murky realm that we're lifting the lid on," says Donald Deibert from the University of Toronto.
Cambridge Report
However, a second report written by University of Cambridge researchers was less circumspect, claiming the network was run by "agents of the Chinese government."
It also claims to offer proof that this intelligence has been acted upon: "His office sent an email invitation on behalf of His Holiness to a foreign diplomat, but before they could follow it up with a courtesy telephone call, the diplomat's office was contacted by the Chinese government and warned not
to go ahead with the meeting."
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
