Forgot your password?
typodupeerror
Security Government News

Vast Electronic Spying Operation Discovered 303

Posted by kdawson
from the whaling-for-political-advantage dept.
homesalad writes "Researchers in Toronto have discovered a huge international electronic spying operation that they are calling 'GhostNet.' So far it has infiltrated government and corporate offices in 103 countries, including the office of the Dalai Lama (who originally went to the researchers for help analyzing a suspected infiltration). The operation appears to be based in China, and the information gained has been used to interfere with the actions of the Dalai Lama and to thwart individuals seeking to help Tibetan exiles. The researchers found no evidence of infiltration of US government computers, although machines at the Indian embassy were compromised. Here is the researchers' summary; a full report, 'Tracking "GhostNet": Investigating a Cyber Espionage Network' will be issued this weekend." A separate academic group in the UK that helped with the research is issuing its own report, expected to be available on March 29. Here is the abstract. They seem to be putting more stress on the "social malware" nature of the attack and ways to mitigate such techniques.
This discussion has been archived. No new comments can be posted.

Vast Electronic Spying Operation Discovered

Comments Filter:
  • Really? (Score:2, Insightful)

    by Anonymous Coward

    The U.S. and other governments have been doing things like this for years...

    • Re:Really? (Score:5, Insightful)

      by morgan_greywolf (835522) on Saturday March 28, 2009 @04:20PM (#27372579) Homepage Journal

      This doesn't sound like Echelon or Carnivore, but more like spyware being installed on computers.

    • Re: (Score:3, Insightful)

      by MrMista_B (891430)

      Does that make it good, just, or laudable?

      Evil is evil, no matter who does it.

    • by h00manist (800926) on Saturday March 28, 2009 @08:13PM (#27374405) Journal
      How can you be sure your computer is 100% secure, and not infiltrated? Even in a fresh-installed, never-connected OS (any OS), how to be sure all executables on the CD don't have some hidden code in them, even when first released, that was somehow slipped in? What OS do they use in embassies, military, etc? What security measures, products, procedures?
      • Re: (Score:2, Insightful)

        by Snospar (638389)

        This might earn me a "whoosh" but I trust those Debian guys to check the code before they build it into securely signed binary packages for me and other joes to consume. Before it reaches me the software has already had "many eyes" looking at it.

        For which I am extremely grateful!

        • by grcumb (781340) on Saturday March 28, 2009 @09:15PM (#27374949) Homepage Journal

          ...I trust those Debian guys to check the code before they build it into securely signed binary packages for me and other joes to consume. Before it reaches me the software has already had "many eyes" looking at it.

          The funny thing is that even when 'many eyes' fail (for example, the recent Debian SSL debacle), people still assume that the process works, including the bad guys.

          I wrote more about this issue in an article titled 'Trust Works All Ways [imagicity.com]'.

          I'm no security professional, so I could be wrong here, but I've seen no indication that there was any systematic exploitation of that gaping security hole during the 18 months it was present. Yes, the reason is laxity, and that's a flaw in the process. But the fascinating part is that it appears everyone - white hat to black - has faith in the process.

  • by transporter_ii (986545) on Saturday March 28, 2009 @03:59PM (#27372429) Homepage

    Infection happens two ways. In one method, a userâ(TM)s clicking on a document attached to an e-mail message lets the system covertly install software deep in the target operating system. Alternatively, a user clicks on a Web link in an e-mail message and is taken directly to a âoepoisonedâ Web site.

    Unless I missed it, I don't see Windows mentioned...but I'm going to go out on a limb here and figure the targeted OS is Windows.

    Transporter_ii

    • I don't know. It surprised me that the Dalai Lama even used computers. But if he did, they'd probably are Macs. He just seems like that kind of guy

      • Re: (Score:3, Funny)

        by heritage727 (693099)
        His real problem is that none of his emails have attachments.
      • Re: (Score:3, Interesting)

        by gilgongo (57446)

        It surprised me that the Dalai Lama even used computers.

        Dude - the Dali Llama is on Twitter [twitter.com]. He's also one of the most wired religious leaders in the world, and appears to have a Blackberry (if his Twitter updates and anecdotal reports of emails are to be believed).

    • by Kjella (173770)

      Unless I missed it, I don't see Windows mentioned...but I'm going to go out on a limb here and figure the targeted OS is Windows.

      If it's a targeted attack you'd target whatever the target is using. Even if what you said was true, it's not proof of anything except that the Dalai Lama doesn't use Mac or Linux.

      • by transporter_ii (986545) on Saturday March 28, 2009 @05:21PM (#27373097) Homepage

        I wonder how much Microsoft's Malicious Software reporting tool would be to help in targeting specific systems?

        Botnet fighters have another tool in their arsenal, thanks to Microsoft. The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows.

        See: http://www.infoworld.com/article/08/04/29/Microsoft-botnet-hunting-tool-helps-bust-hackers_1.html [infoworld.com]

        Microsoft had not previously talked about its botnet tool, but it turns out that it was used by police in Canada to make a high-profile bust earlier this year.

        Someone care to expand on the above??? I've googled some but came up with nothing so far.

         

      •   The Mac OS and Linux/BSD are much harder malware targets, for many reasons. Lack of an easy way to insert and run an executable file being one.

          This has been discussed on this site MANY MANY times.

        SB

    • There's Ballmer saying that Linux is Communism, when it turns out that in fact Windows is Communism (actually Socialism with Chinese characteristics).

      On Monday, tell your boss that if you don't switch to Linux ASAP then the pseudo-communists have won.

  • Commenters ? (Score:4, Interesting)

    by Anonymous Coward on Saturday March 28, 2009 @04:09PM (#27372499)

    Im wondering how many posts here are submitted on behalf of the Chinese Government?
    They can join and influence our conversations but we can never join theirs..

    • Re: (Score:3, Funny)

      by sakdoctor (1087155)

      I'm not afraid of the Chinese Government. I just got mod points.

      • Re: (Score:2, Funny)

        by Anaerin (905998)

        And yet, you burned them posting in the very thread they'll be needed most. You fool. You damn crazy fool.

      • Re: (Score:2, Offtopic)

        by psnyder (1326089)
        If you type "I am extremely" into Google, the bottom suggestion from their auto-complete will be: "I am extremely terrified of chinese people" with 303,000 results.

        Slashdot may need to give out more mod points.
    • Re: (Score:3, Interesting)

      Look at the comments under any YouTube video on Chinese suppression of Tibet and you'll see the Chinese government in action: especially lies about Tibet always having been part of China. The funny thing is, the Chinese aren't physically adapted to living under diminished oxygen conditions, so they can only stay there for a few years and then have to be replaced by other Chinese. In the long run they can't win.

      • Look at the comments under any YouTube video on Chinese suppression of Tibet and you'll see the Chinese government in action: especially lies about Tibet always having been part of China. The funny thing is, the Chinese aren't physically adapted to living under diminished oxygen conditions, so they can only stay there for a few years and then have to be replaced by other Chinese. In the long run they can't win.

        If I got sent to Tibet for some reason I would want to go home eventually too, but it wouldn't be because of the altitude.

      • Re: (Score:2, Funny)

        by maxume (22995)

        Yeah, that's what I think when I look at China -- "they are going to run out of people sometime soon".

      • by dangitman (862676)

        Look at the comments under any YouTube video...

        My eyes! The goggles, they do nothing!

  • by PineHall (206441) on Saturday March 28, 2009 @04:13PM (#27372527)

    "What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course," the Cambridge researchers, Shishir Nagaraja and Ross Anderson, wrote in their report, "The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement."

    I would guess that the Russian crooks are doing it today with very targeted attacks. We just have not discovered it, or if discovered the financial institutions attacked have covered it up.

  • Is infrastructure in place to punish those responsible for such invasions?

    What could the affected countries do against China to discourage them from doing this again? I don't think its act-of-war level but I think its at least sue-for-billions-and-billions-and-billions worthy.

    • by pxlmusic (1147117)

      are you kidding me? the only "punishment" that might occur is through military action.

      and that would be a bad idea.

    • Re: (Score:3, Insightful)

      by obarthelemy (160321)

      laws allowing to retaliate against China would, I think, be unfair in the same laws do not apply vs other governements including our own... warantless illegal wiretapping anyone ?

      China is simply following on the US's footsteps.

    • Researcher: Let me see your network.
    • Obi-Wan: [with a small wave of his hand] You don't need to see his network.
    • Researcher: We don't need to see his network.
    • Obi-Wan: These aren't the systems you're looking for.
    • Researcher: These aren't the systems we're looking for.
    • Obi-Wan: He can go about his business.
    • Researcher: You can go about your business.
    • Obi-Wan: Move along.
    • Researcher: Move along... move along.

    "GhostNet" What a wacky idea.
    ALL HAIL THE HYPNOTOAD!

  • The Dalai Lama has (or needs) an office? WTF?
    • Re: (Score:2, Funny)

      by HatofPig (904660)
      Do you assume he arranges all of his international trips and conferences sitting cross-legged on the side of a mountain?
    • Re: (Score:2, Insightful)

      by maxume (22995)

      The Pope has a whole country.

  • Skype Monitoring (Score:5, Interesting)

    by Anonymous Coward on Saturday March 28, 2009 @04:47PM (#27372773)
    It is definitely not only China that employs some monitoring techniques on its citizens' Skype accounts. Last year during Myanmar's Saffron Revolution, my Burmese roommate organized information sessions and candle light vigils on our small, liberal arts school's campus, taking care to remain anonymous or using my name as a proxy for his actions. The only Burmese contact he had at the time was Skyping with his ex-girlfriend, a student at a nearby liberal arts school who organized protests of greater scope on her campus. After about 3 days he mysteriously received a call from his mother who sounded scared (remember, most non-satellite phone lines were all but taken down during the protests) assuring him that she was OK but he needed to stop everything he was planning on campus. My roommate had no choice but to stop his involvement in the protests.
    • by SuperBanana (662181) on Saturday March 28, 2009 @06:55PM (#27373929)

      The only Burmese contact he had at the time was Skyping with his ex-girlfriend, a student at a nearby liberal arts school who organized protests of greater scope on her campus

      Did it occur to you that maybe, just maybe, your roommate was sold out by his "burmese contact"? Skype sniffers can't tell the Burmese government that the other person was the ex-girlfriend of a...I don't know what the fuck is going on in that set of connections, but dude, it's far more likely the guy in Burma is on the take...or someone in his apartment is.

      Or maybe you all wildly misinterpreted his mother's "don't make waves" urgings.

  • In case they try to compromise the Intersect.

  • by 1s44c (552956)

    Why is it that companies allow the bad guys to p0wn their computers? Sure windows is a pile of horse-crap but it's possible to implement good firewalls and application proxies and to run the proper applications on proper OS's.

    Perhaps if we get rid of all the 'professional manager' types and fake idiots types in IT things will improve.

  • A lie!

    the researchers found no evidence of infiltration of US government computers...

    Whatever.

    • by DragonTHC (208439)

      there are a few things we don't yet know.

      It might be us who ran that spy net. It could also be the chinese, the russians or even the pakistanis.

  • Then set up another more secure network, but keep using the compromised version to disseminate false notices, making the Chinese Gov't respond to false information...

Memory fault -- brain fried

Working...