- Forums

Go Back Forums > General Discussions > The Lounge
User Name

Thread Tools Display Modes

Old 03-29-2009, 06:26 AM
Texas's Avatar
Texas Texas is offline
Major General
Join Date: Jun 2005
Posts: 3,765
Default 'World's biggest cyber spy network' snoops on classified documents in 103 countries

Mike Harvey, Technology Correspondent

A cyber spy network operated from China hacked into classified documents on government and private computers in 103 countries, internet researchers have revealed.
The spy system, which investigators dubbed GhostNet, compromised 1,295 machines at Nato and in foreign affairs ministries, embassies, banks and news organisations across the world, as well as computers used by the Dalai Lama and Tibetan exiles.
The work of Information Warfare Monitor (IWM) investigators focused initially on allegations of Chinese cyber espionage against the Tibetan exile community but led to a much wider network of compromised machines.
IWM said that, while its analysis pointed to China as the main source of the network, it had not been able conclusively to identify the hackers. The IWM is composed of researchers from an Ottawa-based think tank, SecDev Group, and the University of Toronto's Munk Centre for International Studies.
The researchers found that more than 1,295 computers had been affected at the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan. They also discovered hacked systems in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.
The remote spying operation is thought to be the most extensive yet uncovered in the political world and is estimated to be invading more than a dozen new computers a week. Other infected computers were found at Deloitte & Touche in New York.
The IWM report said: "GhostNet represents a network of compromised computers resident in high-value political, economic, and media locations spread across numerous countries worldwide. At the time of writing, these organisations are almost certainly oblivious to the compromised situation in which they find themselves. The computers of diplomats, military attachés, private assistants, secretaries to Prime Ministers, journalists and others are under the concealed control of unknown assailant(s)."
It added: "In Dharamsala [the headquarters of the Tibetan government in exile] and elsewhere, we have witnessed machines being profiled and sensitive documents being removed. At our laboratory, we have analysed our own infected 'honey pot' computer and discovered that the capabilities of GhostNet are potent and wide-ranging.
"Almost certainly, documents are being removed without the targets’ knowledge, keystrokes logged, web cameras are being silently triggered, and audio inputs surreptitiously activated."
Once the hackers infiltrated the systems, they gained control using malware – software they had installed on the compromised computers – and sent and received data from them, the researchers said. The investigation concluded that Tibetan computer systems were compromised by multiple infections that gave attackers unprecedented access to potentially sensitive information, including documents from the private office of the Dalai Lama.
The investigators went to India, Europe and North America to collect evidence about the infected systems used by Tibetan exiles. It was in the second stage of the inquiry, when they were analysing the data, that they uncovered the network of compromised computers.
The IWM report said in its summary: "The GhostNet system directs infected computers to download a Trojan known as Ghost Rat that allows attackers to gain complete, real-time control. These instances of Ghost Rat are consistently controlled from commercial internet access accounts located on the island of Hainan, in the People’s Republic of China."
The researchers said GhostNet was spread using classic malware techniques. "Contextually relevant emails are sent to specific targets with attached documents that are packed with exploit code and Trojan horse programmes designed to take advantage of vulnerabilities in software installed on the target’s computer.
"Once compromised, files located on infected computers may be mined for contact information, and used to spread malware through e-mail and document attachments that appear to come from legitimate sources, and contain legitimate documents and messages."
Greg Walton, the editor of IWM, said: "Regardless of who or what is ultimately in control of GhostNet, it is the capabilities of exploitation, and the strategic intelligence that can be harvested from it, which matters most. Indeed, although the Achilles’ heel of the GhostNet system allowed us to monitor and document its far-reaching network of infiltration, we can safely hypothesise that it is neither the first nor the only one of its kind."
Two researchers at Cambridge University who worked on the part of the investigation related to the Tibetans are releasing their own report. In an online abstract for The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement, Shishir Nagaraja and Ross Anderson wrote that while malware attacks are not new, these attacks should be noted for their ability to collect "actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed".
Reply With Quote

Old 03-29-2009, 08:05 PM
Cheedog's Avatar
Cheedog Cheedog is offline
Join Date: Mar 2009
Posts: 13
Default Really Now....

Well isn't this some ****. To be able to get info to a country that has some big military muscle. Well what can we say?... This kind of thing is to be expected in this day in age. Where comps rule everything. And more and more threats keep popping up. Lets see how far this lil rabbit hole goes.
Reply With Quote

Old 04-04-2009, 02:19 PM
Exo1's Avatar
Exo1 Exo1 is offline
General of the Armies
Join Date: Jul 2006
Location: Ireland (Ex Irish Army)
Posts: 10,457

Nothing new for the enterprising Chinese, and a good marker for the rest of the world to NEVER trust the Chinese Govt no matter how nice they appear to be....
"Barrel High, Powder Dry!"

"Illic est haud effrego ex Veneratio"
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -6. The time now is 07:10 PM.

Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
·Contact Us   ·Legal   ·Privacy   ·Link To Us    ·Advertise With Us    ·About Us    ·Site Map     
     Copyright 2004-2019 Activv, LLC. All rights reserved. is a service provided by Activv.
This website is not affiliated, endorsed, authorized, or associated in any way with any government, military or country.