It's compromised over 1,000 machines in 103 countries, with targets including the Dalai Lama and government departments. It's called GhostNet, it's a spy network, and it wouldn't exist if government departments and other public bodies used Linux.
The scale of GhostNet is staggering, but at heart it's no more complicated than a script kiddie attack.
Somebody receives an email with an official looking document, they open the file, and a Trojan sneaks onto their system.
While the level of research is impressive - the emails appear to come from senior members of staff, the file names fit the organisation's style and the supposed documents sound like the sort of thing bosses would send - at heart GhostNet is based on the same old Windows security problem.
Public sector organisations tend to be a good bit behind the rest of us when it comes to operating systems, so while Windows Vista (and soon, Windows 7) offer much better security than previous versions of Windows, the security changes are irrelevant: the compromised computers will almost certainly be running XP, or perhaps even Windows 2000.
Upgrading to a more modern Windows would certainly improve things, but the cost of all those Windows licences - and in many cases, of the hardware upgrades required to bring PCs up to scratch for basic Vista operation - is a tough sell in these credit crunched times.
The answer, then, is obvious. Public sector organisations should run Linux. It wouldn't eradicate GhostNet-style systems altogether, because if there's a shadowy group determined to access secret data then you can be sure it'll hire the best computer brains in order to do it, but Linux would definitely make the spooks' life much more difficult.
Compromising old Windows boxes is like stealing candy from a baby. Compromising Linux boxes is more like stealing candy from a baby that's locked away in a subterranean vault with armed robot guards, packs of savage Rottweilers and lots of Indiana Jones-style traps. On the moon.
According to the authors of The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement, which is one of the reports detailing the "murky realm" of GhostNet, "What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course."
You wouldn't send an army into battle with rubber rifles - and yet in information warfare, that's essentially what we're doing. These organisations have our data, spend our money and are being targeted to undermine our national security. It's about time they took steps to protect it.
-------------------------------------------------------------------------------------------------------
Like this article? Then check out GhostNet, spying on a government near you
Sign up for the free weekly TechRadar newsletter
Get tech news delivered straight to your inbox. Register for the free TechRadar newsletter and stay on top of the week's biggest stories and product releases. Sign up at http://www.techradar.com/register
Your comments (2) Click to add a new comment
robl
April 1st 2009
2. I would disagree with the expressed opinion most strongly. Indeed I would argue contrary to it. It is entirely possible that the reason Ghostnet has been so successful is NOT down to Windows but entirely down to Linux, adn other similar non-Wondows based operating systems. You see, there's a bug in OpenSSL that allows a hacker to take control of and compromise your system. This is extremely important since OpenSSL is responsible for networking security. This bug affects version 1, 2 and 3 of oSSL and therefore all operating systems that use it. That means Linux, Unix, BSD, FreeBSD and Apple OS-X are all at risk. Furthermore this bug has not been fixed since it was discovered and, in the words of the authors of oSSL, it won't be fixed because too many other things would break. The bug was discovered in 2005 so hackers have had 4 years to get into and compromise your systems and you neither know nor, up until now, have cared, and you still want to blame someone else. Of course you use Linux in your firewall don't you because it's "more secure than Windows". Isn't it nice to know you've allowed hackers carte blanche access to your network? No wonder the Ghostnet guys could get in every where.
Alert a moderator
danderson00
April 1st 2009
1. Switching to Linux does NOT necessarily give you security like this article describes. I'm not going to enter into the debate between open and closed source software, but there are as many security flaws found in Linux as there are in any version of Windows. Social engineering also doesn't require any particular OS.
Windows can be made as secure as any Linux distro, it is the responsibility of network administrators to ensure software running in their networks is as secure as possible.
Incompetent network administrators should take the blame for GhostNet, rather than engaging in malicious Microsoft bashing. I can almost guarantee if these government departments were running Linux, GhostNet would still exist in some form or another.
Blame the people, not the software.
Alert a moderator
Tell us what you think
You need to Log in or register to post comments