Vast Electronic Spying Operation Discovered

homesalad writes "Researchers in Toronto have discovered a huge international electronic spying operation that they are calling 'GhostNet.' So far it has infiltrated government and corporate offices in 103 countries, including the office of the Dalai Lama (who originally went to the researchers for help analyzing a suspected infiltration). The operation appears to be based in China, and the information gained has been used to interfere with the actions of the Dalai Lama and to thwart individuals seeking to help Tibetan exiles. The researchers found no evidence of infiltration of US government computers, although machines at the Indian embassy were compromised. Here is the researchers' summary; a full report, 'Tracking "GhostNet": Investigating a Cyber Espionage Network' will be issued this weekend." A separate academic group in the UK that helped with the research is issuing its own report, expected to be available on March 29. Here is the abstract. They seem to be putting more stress on the "social malware" nature of the attack and ways to mitigate such techniques.

Target operating system?

[transporter_ii]

Infection happens two ways. In one method, a userâ(TM)s clicking on a document attached to an e-mail message lets the system covertly install software deep in the target operating system. Alternatively, a user clicks on a Web link in an e-mail message and is taken directly to a âoepoisonedâ Web site.

Unless I missed it, I don't see Windows mentioned...but I'm going to go out on a limb here and figure the targeted OS is Windows.

Transporter_ii

Commenters ?

[Anonymous Coward]

Im wondering how many posts here are submitted on behalf of the Chinese Government?
They can join and influence our conversations but we can never join theirs..

Russian Crooks are already there

[PineHall]

"What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course," the Cambridge researchers, Shishir Nagaraja and Ross Anderson, wrote in their report, "The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement."

I would guess that the Russian crooks are doing it today with very targeted attacks. We just have not discovered it, or if discovered the financial institutions attacked have covered it up.

China Is A Nice Distraction: +1, Helpful

[Anonymous Coward]

More likely the operation is run out of the office of the world's most dangerous person [whitehouse.org].

I hope this helps the Chinese authorities.

Yours In Communism,
Kilgore Trout

Re:From TFA

[chill]

the abstract mentions that the attack was done using malwares. Firstly, I expected Chinese hackers (read govt.) smarter than this.

Considering how effective it was, why use a different technique? I mean if they get something really super-hot, they would save it for more critical times. Until every copy of Windows is patched, firewalled, run thru Tor, buried in peat and recycled as firelighters, why bother?

Skype Monitoring

[Anonymous Coward]

It is definitely not only China that employs some monitoring techniques on its citizens' Skype accounts. Last year during Myanmar's Saffron Revolution, my Burmese roommate organized information sessions and candle light vigils on our small, liberal arts school's campus, taking care to remain anonymous or using my name as a proxy for his actions. The only Burmese contact he had at the time was Skyping with his ex-girlfriend, a student at a nearby liberal arts school who organized protests of greater scope on her campus. After about 3 days he mysteriously received a call from his mother who sounded scared (remember, most non-satellite phone lines were all but taken down during the protests) assuring him that she was OK but he needed to stop everything he was planning on campus. My roommate had no choice but to stop his involvement in the protests.

Re:Commenters ?

[Steve Franklin]

Look at the comments under any YouTube video on Chinese suppression of Tibet and you'll see the Chinese government in action: especially lies about Tibet always having been part of China. The funny thing is, the Chinese aren't physically adapted to living under diminished oxygen conditions, so they can only stay there for a few years and then have to be replaced by other Chinese. In the long run they can't win.

Re:Bankrupt them

[Runaway1956]

Uhhhh - the Chinese are smarter than that. They know they can't come over here and take what they want using military power. That is the very reason they are attacking us asymmetrically. Google around for Assasin's Mace. China has been at war with the US for years already, and the US is to stupid to know it, let alone defend itself. But, Sun Tzu was more akin to the Communist Chinese than to any Americans, so they understand him better than we do.

Re:Sanctions overdue

[u38cg]

Hi. This is reality calling, ding-dong. If you increase tariffs against China, you will (a) immediately increase the prices of all goods, (b) you will seriously increase your tax rates, because your government will no longer be able to fund its debt by selling its Treasuries to China (because China will have no more greenbacks coming in). You won't have a domestic industry to take up the slack, because you will have destroyed domestic demand. Seriously, buy a copy of the Wealth of Nations, for the love of God. Oh, not to mention the risk of provoking a war with China; and if you think that's going to be an easy fight, I have more bad news for you.

Re:Sanctions overdue

[Anonymous Coward]

Nobody "demands" it. They just want whatever is cheapest. If China were sanctioned and therefore no longer the cheap answer then nobody would think twice about having to pay more to get stuff from somewhere else. They might buying less or whatever based on the amount of money they have available but I seriously doubt anyone would care that they could no longer get cheap low-quality crap from China.

Re:From TFA

[lgw]

The most secure US government network I've seen (datacenter for a Three Letter Agency) used a mix of NetWare servers and a mainframe. While client machines can be compromised, I suspect someone was thinking along these lines when it came to the servers. Linux and Mac aren't particularly obscure or uncommon, but the US governemtn probably has the address of every programmer who ever worked on the NetWare kernel. I don't know what OS the mainframe was running, but there are several where, like NetWare, the total number of humans worldwide with kernel hacking knowledge is "dozens".

Target the OS with the back door?

[transporter_ii]

I wonder how much Microsoft's Malicious Software reporting tool would be to help in targeting specific systems?

Botnet fighters have another tool in their arsenal, thanks to Microsoft. The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows.

See: http://www.infoworld.com/article/08/04/29/Microsoft-botnet-hunting-tool-helps-bust-hackers_1.html [infoworld.com]

Microsoft had not previously talked about its botnet tool, but it turns out that it was used by police in Canada to make a high-profile bust earlier this year.

Someone care to expand on the above??? I've googled some but came up with nothing so far.

 

Re:Target operating system?

[gilgongo]

It surprised me that the Dalai Lama even used computers.

Dude - the Dali Llama is on Twitter [twitter.com]. He's also one of the most wired religious leaders in the world, and appears to have a Blackberry (if his Twitter updates and anecdotal reports of emails are to be believed).

Re:From TFA

[TerranFury]

If Chinese people do it, it's spying. If westerners do it (such as via twitter, or even wikileaks) it's just social media.

Nah, it's more than twitter; GP made it sound like the "informers" are more innocent than they actually are. It sounds like he's talking about cases like that of Chi Mak [csmonitor.com] (which is sort of an archetypal case). Yes, he wasn't particularly professional, but he did know damn well that he was passing along secrets he wasn't supposed to:

At one point, Chiu said to her husband that the "things" his brother was asking him to take "are certainly against the law," states an FBI affidavit.

Re:Sanctions overdue

[Gr8Apes]

The simple reality is that we have to start increasing the price of imported goods to reflects the realities of producing goods in this country. That is, of course, if you'd like to keep some manufacturing in the country.

Note that it's not labor costs that make up most of the difference, but rather pollution countermeasures. For example, China dumps water untreated back into rivers. Here it needs to be filtered and cleaned. That costs a lot more money than whatever the labor difference is.

If this thought process still doesn't convince you, start thinking about how rubber kickballs can be manufactured in China and shipped, inflated, across the Pacific, be unpacked from their shipping containers here and repacked into trucks at least once before getting to stores and still be cheaper than domestically made kickballs. (Go to any nationwide toy store and you won't see a single US made rubber/plastic anything anymore)

Re:Sanctions overdue

[MichaelSmith]

China and India have both made a career out of using their population as robots. Both have legal and cultural systems in place to keep the status quo. India have been doing this for five hundred years. The population bomb is the wildcard here. With India the lack of control over population growth may lead to starvation within a generation. With China central population controls are tied to controls over population movement.

Both of these things could break down. In fact, looking at the population issue, it is hard to see it not breaking down.

Re:Sanctions overdue

[DarkOx]

I am with you mostly but have you tried looking for this Chinease goods demanding consumer in um China? I susupect given how nationalistic that societ is you will find them there at least.

Re:Sanctions overdue

[Anonymous Coward]

Yeah BC was pretty good on domestic policy but foreign policy, he didn't get it, to the point of doing us real damage.

Re:Sanctions overdue

[ThatsNotPudding]

You mean the guys that could totally kill what's left of our economy just by calling their stock brokers? And don't give me the theory of 'oh, they need us as much as we need them' If they'll roll tanks over student demonstrators, they won't be too threatened by some unemployed factory workers - especially if they buy them off with good unemployment wages from their overflowing coffers.

Is anyone's computer 100% secured?

[h00manist]

How can you be sure your computer is 100% secure, and not infiltrated? Even in a fresh-installed, never-connected OS (any OS), how to be sure all executables on the CD don't have some hidden code in them, even when first released, that was somehow slipped in? What OS do they use in embassies, military, etc? What security measures, products, procedures?

Re:Sanctions overdue

[ScrewMaster]

But apart from that you're happy with wiping out your country's economy and permanenty damaging its economic prospects? Look, protectionism on the face of it seems like a good idea. In practice it's the worst idea possible.

No. I see you're one of those people who sees protectionism in black and white: free trade good!, protectionism bad! As always, it's not that simple and I think you probably know that. There is a difference between a limited degree of protectionism whose only purpose is to keep domestic manufacturing from disappearing entirely, and punitive tariffs.

Suppose we have a foreign nation who is deliberately subsidizing their manufacturing in order to sell goods at below our domestic manufacturer's costs. In addition, they're doing this with the express purpose of wiping out our own manufacturing base. Let's further suppose that our government failed to enforce the laws already on the books designed to prevent this very activity ... would you consider that a reasonable example of "free trade"? Good business? Or would you consider that a hostile, destructive action? No, I'm not talking about China, I'm talking about Japan. They went after our domestic suppliers of basic electronic components, rapidly put them out of business, and then walked the supply chain until they'd wiped out manufacturers of virtually all commercial electronics. Fortunately, Japan is a small nation, but at that they did substantial damage.

Moving forward a couple decades, we see that China has taken a page from Japan's book, but is going after everything at the same time. All of it, from Christmas tree bulbs to avionics. Everything that we used to make they now make for us, and here's the danger in all this: we can't make it for ourselves anymore. It's an incredible onslaught, unprecedented in the history of Mankind, and the reality is that unless our government does something, we will become so dependent upon China that they'll be able to walk in and take us over without firing a shot. Do you realize that Americans no longer even make their own clothing? No? I have news for you: the giant textile mills back east are lying fallow, huge empty buildings with broken windows, the machines that used to put the shirts on our backs sold off to China for pennies on the dollar. And that's only one of many industries that were deliberately destroyed by China, which (in case you've forgotten) is a hostile totalitarian state. Maybe you think that's a good thing ... I don't. The Founders didn't either: they wanted us to be free and independent. The two are inextricably interlinked. If you believe otherwise you're ignoring history.