Forgot your password?
typodupeerror
The Internet Botnet Security News

A Year's Further Research On an Espionage Network 61

Posted by kdawson
from the ghostnet's-successor dept.
Mortimer.CA writes "Last year researchers discovered a giant electronic spying operation they dubbed GhostNet. Now, after a further year's worth of research, Infowar Monitor has released a new report. The report (Scribbed PDF) documents a complex ecosystem of cyber espionage that systematically targeted and compromised computer systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries. While the servers are in China, the report's authors say that there is 'no evidence in this report of the involvement of the People's Republic of China or any other government in the shadow network.' Furthermore, the 'intruders even stole documents related to the travel of NATO forces in Afghanistan, illustrating that even though the Indian government was the primary target of the attacks, one gap in computer security can leave many nations exposed.'"
This discussion has been archived. No new comments can be posted.

A Year's Further Research On an Espionage Network

Comments Filter:
  • two words (Score:4, Insightful)

    by j00r0m4nc3r (959816) on Tuesday April 06, 2010 @02:17PM (#31751460)
    Plausible. Deniability. [wikipedia.org]
  • by oldspewey (1303305) on Tuesday April 06, 2010 @02:17PM (#31751464)
    I continue to get a kick out of the Chinese government's fixation on the Dalai Lama. If the whole thing didn't involve the theft of a nation and the brutal repression of the Tibetan people, the situation would be hilarious in a Monthy Python sort of way.
    • I continue to get a kick out of the Chinese government's fixation on the Dalai Lama. If the whole thing didn't involve the theft of a nation and the brutal repression of the Tibetan people, the situation would be hilarious in a Monthy Python sort of way.

      Or whoever is behind the attack is going after the Dalai Lama to implicate the Chinese Government.

      • by blair1q (305137) on Tuesday April 06, 2010 @02:33PM (#31751730) Journal

        Or the Chinese government is going after the Dalai Lama in a crudely obsessive way to make you think it's someone going after the Dalai Lama to implicate the Chinese government.

        • Re: (Score:2, Interesting)

          by sopssa (1498795) *

          Or someone is going after Dalai Lama in a crudely obsessive way to make you think it's Chinese doing it in a crudely obsessive way so you would think it's the Chinese who are trying to hide it by doing it in a crudely obsessive way.

          • Or someone is going after Dalai Lama in a crudely obsessive way to make you think it's Chinese doing it in a crudely obsessive way so you would think it's the Chinese who are trying to hide it by doing it in a crudely obsessive way.

            You have a truly dizzying intellect.

        • ... to think they want you to think that is what they want you think.

    • . . . the theft of a nation . . .

      . . . is the easy bit.

      Fencing a nation is a bitch: http://en.wikipedia.org/wiki/Fence_(criminal) [wikipedia.org]

    • by wiredog (43288)

      and always has been, and don't try to tell the Chinese differently.

    • by RockDoctor (15477)

      I continue to get a kick out of the Chinese government's fixation on the Dalai Lama. If the whole thing didn't involve the theft of a nation and the brutal repression of the Tibetan people, the situation would be hilarious in a Monthy Python sort of way.

      s/Chinese/British
      s/Dalai Lama/Mahatma Ghandi/
      s/Tibet/India/

      Now do you see why the Chinese are worried?

      BTW, there's one fewer 'h' in Monty Python than you think. Or one more 'l', depending on which joke you're trying to make.

  • Research 2.0 (Score:5, Interesting)

    by Jazz-Masta (240659) on Tuesday April 06, 2010 @02:22PM (#31751574)

    The team describes its findings in a report called Shadows in the Cloud: An investigation into Cyber Espionage 2.0

    Even "researchers" have caught the marketing bug. "Cloud" "Cyber" "2.0"

    Full report here:

    http://www.scribd.com/doc/29435784/SHADOWS-IN-THE-CLOUD-Investigating-Cyber-Espionage-2-0

  • by Drunkulus (920976) on Tuesday April 06, 2010 @02:28PM (#31751668)
    We also discovered a gigantic copyright infringement network, which is codenamed "scribd."
  • by GPLDAN (732269) on Tuesday April 06, 2010 @02:31PM (#31751702)
    The best bit of journalism in the last year on this subject:

    http://www.nytimes.com/2010/02/02/business/global/02hacker.html?emc=eta1 [nytimes.com]

    Now - read the story of Maija the not-so-l33t hacker and pay special attention to how the story explains how the Chinese special intelligence services work. The whole thing is outsourced, loose affiliation. The blackwater-ization of hacking, where for the government is most interested in a plausible denial.

    Then tell me again how the Chinese intelligence services aren't funding and running Ghostnet.
    The way I see it, these hackers probably get treated as well as Bobby Kotick treats his people. Do thy bidding and get hookers sent over for lunch, maybe two if you find a 0-day.
    • Re: (Score:3, Insightful)

      by osu-neko (2604)

      Then tell me again how the Chinese intelligence services aren't funding and running Ghostnet.

      Now now, let's not be hasty, there's no evidence in this report of the involvement of the People's Republic of China. It could be anyone on the long list of organizations who happen to hate the Dalai Lama, Chinese dissidents, etc. ;)

  • Echelon is too costly.

    so build into all US produced ( or at least with US label ) network devices a small Trojan Boot Loader hidden with dirty programming.

    and activate these TBL's with instructions hidden in serachengine answers- according to the serial No of who bought which.

    And you end up with a fifth colon paid by the very IT user.

    ( A French Diplomat made a slip of tounge when asked if they did not fear Argentine to use Exocet missiles against themselves: we can switch it off - analogue a US Diploma

    • by russotto (537200) on Tuesday April 06, 2010 @02:52PM (#31752000) Journal

      so build into all US produced ( or at least with US label ) network devices a small Trojan Boot Loader hidden with dirty programming.

      It's plausible, but it's a works-once kind of thing. As soon as you make any major use of it, it's going to be found out, and everyone else is going to go looking for it. So you have to save it for when it's really valuable, but doing that means you risk it being found anyway and never using it.

      It['s

      And you end up with a fifth colon paid by the very IT user.

      What happened to colons two through four?

      • by kubitus (927806)
        a prominent US-based IT security company estimated the effort to detect a TBL at 5 to 6 man-years plus a constructed event rousing the interest so that the TBL would be woken up from dormancy to be detected during the activation phase.

        to find TBL instructions and reporting home inside search engine requests was considered as fairly difficult.

    • And you end up with a fifth colon...

      :-)
      :-P
      :-0
      :-D

      >:-( <-----The Fifth Colon. Fear his anger.

    • by lennier (44736)

      And you end up with a fifth colon paid by the very IT user.

      Is that sort of like tearing someone a new one, only four times worse?

  • I think you just discovered a big botnet. Countless machines are being used a camouflage to blur out the real man behind the operations.

    Probably, it's just a free game with an open door. Anyone who figured out this botnet's protocol would be able to use it for free.

  • Does anyone really believe that the Chinese (or any other government) would be stupid enough to do this from their own servers? One of the key tenents of espianoge is to cover your tracks. The closest something like this will ever get to the Chinese government is if the CIA or some other intelligence service happens to catch someone handing off a USB drive filled with whatever digital loot was acquired from the botnet. The government itself does not need to directly sponsor this sort of activity. It wou

    • by Jeng (926980)

      The Chinese may be rationalizing their distance in a way that may not make sense to us, it only has to make sense to them to do it.

  • by ka9dgx (72702)
    I find it quite ironic that they publish their report as a PDF, one of the biggest sources of vulnerabilities known to man. Why not something a bit more open and standard, like HTML?
    • by ka9dgx (72702)
      How was that a troll? PDFs suck, we all hate having to deal with them.... yet they offer no other way to view the report.
  • Why couldn't this be China. Perhaps they don't have the resources of the US or Europe to find more discrete methods of espionage. Perhaps they just don't care who knows. Clearly it doesn't matter all that much if the evidence points to them because so many people are reluctant to accuse China anyway.

    I'd say the ones doing the work are probably sloppy. Skilled, but not thorough enough to cover their tracks. And the higher ups are probably feeling rather cocky and couldn't care less since on the international

1 + 1 = 3, for large values of 1.

Working...