Vast Electronic Spying Operation Discovered

homesalad writes "Researchers in Toronto have discovered a huge international electronic spying operation that they are calling 'GhostNet.' So far it has infiltrated government and corporate offices in 103 countries, including the office of the Dalai Lama (who originally went to the researchers for help analyzing a suspected infiltration). The operation appears to be based in China, and the information gained has been used to interfere with the actions of the Dalai Lama and to thwart individuals seeking to help Tibetan exiles. The researchers found no evidence of infiltration of US government computers, although machines at the Indian embassy were compromised. Here is the researchers' summary; a full report, 'Tracking "GhostNet": Investigating a Cyber Espionage Network' will be issued this weekend." A separate academic group in the UK that helped with the research is issuing its own report, expected to be available on March 29. Here is the abstract. They seem to be putting more stress on the "social malware" nature of the attack and ways to mitigate such techniques.

Target operating system?

[transporter_ii (986545)]

Infection happens two ways. In one method, a userâ(TM)s clicking on a document attached to an e-mail message lets the system covertly install software deep in the target operating system. Alternatively, a user clicks on a Web link in an e-mail message and is taken directly to a âoepoisonedâ Web site.

Unless I missed it, I don't see Windows mentioned...but I'm going to go out on a limb here and figure the targeted OS is Windows.

Transporter_ii

Re:Target operating system?

[srussia (884021)]

Macs? I'd think he'd be a Linux type of guy.

Mac, for sure. If someone knows the sound of one mouse button clicking, the DL is it!

Target the OS with the back door?

[transporter_ii (986545)]

I wonder how much Microsoft's Malicious Software reporting tool would be to help in targeting specific systems?

Botnet fighters have another tool in their arsenal, thanks to Microsoft. The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows.

See: http://www.infoworld.com/article/08/04/29/Microsoft-botnet-hunting-tool-helps-bust-hackers_1.html [infoworld.com]

Microsoft had not previously talked about its botnet tool, but it turns out that it was used by police in Canada to make a high-profile bust earlier this year.

Someone care to expand on the above??? I've googled some but came up with nothing so far.

 

Commenters ?

[by Anonymous Coward]

Im wondering how many posts here are submitted on behalf of the Chinese Government?
They can join and influence our conversations but we can never join theirs..

Russian Crooks are already there

[PineHall (206441)]

"What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course," the Cambridge researchers, Shishir Nagaraja and Ross Anderson, wrote in their report, "The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement."

I would guess that the Russian crooks are doing it today with very targeted attacks. We just have not discovered it, or if discovered the financial institutions attacked have covered it up.

Skype Monitoring

[by Anonymous Coward]

It is definitely not only China that employs some monitoring techniques on its citizens' Skype accounts. Last year during Myanmar's Saffron Revolution, my Burmese roommate organized information sessions and candle light vigils on our small, liberal arts school's campus, taking care to remain anonymous or using my name as a proxy for his actions. The only Burmese contact he had at the time was Skyping with his ex-girlfriend, a student at a nearby liberal arts school who organized protests of greater scope on her campus. After about 3 days he mysteriously received a call from his mother who sounded scared (remember, most non-satellite phone lines were all but taken down during the protests) assuring him that she was OK but he needed to stop everything he was planning on campus. My roommate had no choice but to stop his involvement in the protests.

um, or he got sold out?

[SuperBanana (662181)]

The only Burmese contact he had at the time was Skyping with his ex-girlfriend, a student at a nearby liberal arts school who organized protests of greater scope on her campus

Did it occur to you that maybe, just maybe, your roommate was sold out by his "burmese contact"? Skype sniffers can't tell the Burmese government that the other person was the ex-girlfriend of a...I don't know what the fuck is going on in that set of connections, but dude, it's far more likely the guy in Burma is on the take...or someone in his apartment is.

Or maybe you all wildly misinterpreted his mother's "don't make waves" urgings.

Re:Sanctions overdue

[jlarocco (851450)]

Yeah, it's definitely the government and big business. It couldn't possibly be hundreds of millions of Americans spending hundreds of billions of dollars, demanding cheap products made in China.

Re:Sanctions overdue

[Runaway1956 (1322357)]

Errrr, you're about half right. Stupid people do demand and buy the cheapest thing they can find, even if it's melanine laced. So, yes, they are at fault for not recognizing or demanding quality. On the other hand, government and big business has been actively exporting American jobs for quite a long time now, along with American technology, American money, and American education. Yeah, the idiot "consumer" takes his share of the blame, but the coordination comes from higher up. Who was it, exactly, that gave China it's "most favored trading partner" status? Oh yeah, that same traitor who sold missile technology to China, later sold to N. Korea, then exported to the mideast for use against Israel. Hmmmmmmm.

Re:Sanctions overdue

[ScrewMaster (602015)]

Sanctions against China are way overdue. Our gov't and big businesses are just feeding that monster.

That won't happen until (and if) we get our own manufacturing base back on track and can wean ourselves off the Chinese tit of cheap imports. That, or grow some balls and raise the tariff structure to prevent the destruction of our remaining domestic industries. I don't see that happening in the near future: the Feds are too corrupt at this point and don't really care about our future (or even, I'm convinced, understand why a dependent cannot ever be a truly free nation.)

Right now, any noises we make towards sanctions are just that: noise. All they have to do is threaten to send fifty or sixty million "refugees" here and that's that.

Re:Sanctions overdue

[u38cg (607297)]

Hi. This is reality calling, ding-dong. If you increase tariffs against China, you will (a) immediately increase the prices of all goods, (b) you will seriously increase your tax rates, because your government will no longer be able to fund its debt by selling its Treasuries to China (because China will have no more greenbacks coming in). You won't have a domestic industry to take up the slack, because you will have destroyed domestic demand. Seriously, buy a copy of the Wealth of Nations, for the love of God. Oh, not to mention the risk of provoking a war with China; and if you think that's going to be an easy fight, I have more bad news for you.

Re:Sanctions overdue

[ScrewMaster (602015)]

And keeping that work in China signals to all Americans that "you will not be able to earn a living doing mindless work".

Presently, a lot of Americans are laboring under the delusion that they should somehow get a house, car, TV, medicine, and internet in exchange for installing wingnuts all day on an assembly line.

High-sounding but irrelevant verbiage having no bearing on the facts. I mean, how grandiose you are in dismissing one simple fact: working our manufacturing economy was how Americans managed to have a standard of living envied by most of the world. How do you think wealth is created? By magic? Hardly: it's by building and selling things to other countries, it's called trade. The fact is, we've been doing a lousy job of that for the past thirty-odd years and that's why our standard of living is dropping and unemployment is increasing. Suppose we took your idea to its logical conclusion, and ended up with an entirely automated production system with no need for people at all. We'd all be unemployed at that point. No thanks. Fact is, there are millions upon millions of people that are perfectly happy installing wingnuts for a living, and there's not a goddamn thing wrong with that. Sure, in your idealized world we'd all live up to our "full potential" (whatever that is) but the reality is, most people are all they're ever going to be.

Open your eyes, and dispense with the notion, nay, the fiction, that a nation can be an industrial superpower without the industry. People with blinders on call that a "service economy" but it's really a synonym for "third world hellhole." Now, it may be that you're willing to live in some socioeconomic armpit (my girlfriend came from one: I could let her tell you what that means) but I'm not. Let me tell you, I've spent thirty years as an engineer working in our industrial sector, and we need it.

China may be willing to accept pollution (for now) but that doesn't mean that you must accept pollution in order to have an industrial base. We cleaned up our act and still managed to become a superpower. So can they, and eventually the cost of Chinese-made products will increase to reflect that. So the question is: will we still be around, or will we be just another third-world country ripe for the plucking?

You decide. But at this point in history, there's only one way to create wealth, and you don't do it by not working. Robots may be more efficient at manufacturing some products than human beings, but keep firmly in mind that civilization does not solely revolve around manufacturing trade goods efficiently. People have to figure in there somewhere. That's China's biggest problem right now: their people are little better than organic robots. In any event, if you look at efficiency as the only reason for industry, then you're no better than the typical American CEO slimeball that sold his own people down the river for a quick buck.

Re:Sanctions overdue

[GleeBot (1301227)]

How do you think wealth is created? By magic? Hardly: it's by building and selling things to other countries, it's called trade.

This is categorically incorrect. You can create wealth without ever trading with another country on the entire planet. The idea that wealth only comes from a positive current account is a discredited idea that dates back to mercantilism.

You know how you really create wealth? By growing your GDP faster than your population, resulting in a growth in disposable income per capita. It doesn't matter if we're digging holes and filling them again, as long as at least one party in the economy finds this valuable to them.

Let's say I write a book and sell it to you for $10. Then let's say I pocket $2 of that as profit, then turn around and pay someone else $8 to print the book. That person turns around and pays someone else $6 for paper and ink. Etc., etc.

In exchange for your $10, you've made a whole series of people $2 richer, and you now own a book presumably worth $10 to you. That $10 just became $20 of national wealth, by the "magic" of economics. And no other countries were involved, no mining of gold or printing of money, just an input of domestic labor, capital, and resources to provide a product you value.

Economics is ultimately about everyone providing goods and services to everyone else. Money is just a mechanism for keeping score of who owes who what.

US Debt...

[Savage-Rabbit (308260)]

Perhaps, next time, you might not want to impose sanctions on the government that holds by far the largest share of the US debt:

http://en.wikipedia.org/wiki/File:Foreign_Holders_of_United_States_Treasury_Securities-percent_share.gif [wikipedia.org]

You impose sanctions, they call in that debt. And who else do you really think is going to loan you the money to pay that back?

The US/China relationship is not as much of a black-and-white situation as nationalistic extremists both in the USA and China would like it to be. If the Chinese 'call in' all of that debt at once in some way, shape or form, there is no way the USA could pay up. Effectively the US would have to default, i.e. welch on the debt. That would wipe out an awful lot of hard earned Chinese wealth. Some of the noises coming out of Beijing lately only confirm that the Chinese are getting nervous even at the mere suggestion of the possibility of a US default. Another thing to consider is that the Chinese are very dependent on exports to the USA and it's NATO allies who are likely to eventually follow the USA's lead, however grudgingly, in any major conflict of any kind with China. If the Chinese were to 'call in' this debt it would be self defeating exercise, as likely to harm the Chinese them selves as much as it would harm the USA. The economies of these countries are very intertwined.

Re:Really?

[morgan_greywolf (835522)]

This doesn't sound like Echelon or Carnivore, but more like spyware being installed on computers.

Is anyone's computer 100% secured?

[h00manist (800926)]

How can you be sure your computer is 100% secure, and not infiltrated? Even in a fresh-installed, never-connected OS (any OS), how to be sure all executables on the CD don't have some hidden code in them, even when first released, that was somehow slipped in? What OS do they use in embassies, military, etc? What security measures, products, procedures?

Re:Is anyone's computer 100% secured?

[grcumb (781340)]

...I trust those Debian guys to check the code before they build it into securely signed binary packages for me and other joes to consume. Before it reaches me the software has already had "many eyes" looking at it.

The funny thing is that even when 'many eyes' fail (for example, the recent Debian SSL debacle), people still assume that the process works, including the bad guys.

I wrote more about this issue in an article titled 'Trust Works All Ways [imagicity.com]'.

I'm no security professional, so I could be wrong here, but I've seen no indication that there was any systematic exploitation of that gaping security hole during the 18 months it was present. Yes, the reason is laxity, and that's a flaw in the process. But the fascinating part is that it appears everyone - white hat to black - has faith in the process.

Re:Bankrupt them

[artor3 (1344997)]

It would destroy their economy to do so... Reminds me of a quote about the definition of allies being two nations with hands so deep in each other's pockets that they cannot fight.

Re:Bankrupt them

[johnsonav (1098915)]

China does not have to get anything it owns to pwn you. They just have to stop buying your treasury bonds and you'll go down in a blink.

If China stops buying our treasury bonds, they won't be able to support their export economy. Sure, they could destroy us economically, but they would fare no better. It's economic MAD.

Re:Bankrupt them

[johnsonav (1098915)]

With their 3 million troops, 860 warships [...]

So they're going to pile ~3,500 troops per warship, cross the entire Pacific Ocean, and launch some kind of amphibious assault against the continental US? We had a hard enough time crossing the English Channel.

[...] 60 submarines, 400 nuclear missiles and 1400 fighter aircraft.

A submarine isn't capable of taking territory. Fighter jets can't make the 10,000 mile round trip. And nuclear missiles are a death sentence for us both.

Re:Bankrupt them

[Runaway1956 (1322357)]

Uhhhh - the Chinese are smarter than that. They know they can't come over here and take what they want using military power. That is the very reason they are attacking us asymmetrically. Google around for Assasin's Mace. China has been at war with the US for years already, and the US is to stupid to know it, let alone defend itself. But, Sun Tzu was more akin to the Communist Chinese than to any Americans, so they understand him better than we do.

Re:From TFA

[chill (34294)]

the abstract mentions that the attack was done using malwares. Firstly, I expected Chinese hackers (read govt.) smarter than this.

Considering how effective it was, why use a different technique? I mean if they get something really super-hot, they would save it for more critical times. Until every copy of Windows is patched, firewalled, run thru Tor, buried in peat and recycled as firelighters, why bother?

Re:From TFA

[chill (34294)]

Windows is much more prevalent and the low hanging fruit. I don't think Mac and Linux will be totally ignored, but the bulk of the effort will go where the bulk of the target are, and in a normal office environment that means Microsoft Windows, Office and Internet Explorer.

Re:From TFA

[lgw (121541)]

The most secure US government network I've seen (datacenter for a Three Letter Agency) used a mix of NetWare servers and a mainframe. While client machines can be compromised, I suspect someone was thinking along these lines when it came to the servers. Linux and Mac aren't particularly obscure or uncommon, but the US governemtn probably has the address of every programmer who ever worked on the NetWare kernel. I don't know what OS the mainframe was running, but there are several where, like NetWare, the total number of humans worldwide with kernel hacking knowledge is "dozens".

Re:From TFA

[gobbo (567674)]

the abstract mentions that the attack was done using malwares. Firstly, I expected Chinese hackers (read govt.) smarter than this.

The bulk of Chinese intel is heavily distributed. The world's largest families don't need to rely on 007 agents; they can aggregate huge quantities of data by getting observant volunteers from the chinese diaspora to send bits of info back home through regular channels, like aunt Ping or even uncle James. It's so distributed it doesn't look like spying, and it isn't really, in the traditional sense.

This has driven counterintelligence agencies in 'western' democracies and republics to distraction. There are hardly any spooks to catch, mainly just a giant global gossamer net of informers, and enormous compiling and analysis operations in China. The 'agents', who are barely agents if at all, have strong deniability and can always fall back on complaints of harassment due to ethnic targeting. (Google the issue, it's amusing.)

I think it's brilliant, even if wholly dependent on the chinese sense of family ties. A malware attack is a similar approach: it doesn't look like the work of spies, at first, and it's broadly distributed. So, it's plausible that it could be a chinese intel operation, just from the M.O.