It's compromised over 1,000 machines in 103 countries, with targets including the Dalai Lama and government departments. It's called GhostNet, it's a spy network, and it wouldn't exist if government departments and other public bodies used Linux.
The scale of GhostNet is staggering, but at heart it's no more complicated than a script kiddie attack.
Somebody receives an email with an official looking document, they open the file, and a Trojan sneaks onto their system.
While the level of research is impressive - the emails appear to come from senior members of staff, the file names fit the organisation's style and the supposed documents sound like the sort of thing bosses would send - at heart GhostNet is based on the same old Windows security problem.
Public sector organisations tend to be a good bit behind the rest of us when it comes to operating systems, so while Windows Vista (and soon, Windows 7) offer much better security than previous versions of Windows, the security changes are irrelevant: the compromised computers will almost certainly be running XP, or perhaps even Windows 2000.
Upgrading to a more modern Windows would certainly improve things, but the cost of all those Windows licences - and in many cases, of the hardware upgrades required to bring PCs up to scratch for basic Vista operation - is a tough sell in these credit crunched times.
The answer, then, is obvious. Public sector organisations should run Linux. It wouldn't eradicate GhostNet-style systems altogether, because if there's a shadowy group determined to access secret data then you can be sure it'll hire the best computer brains in order to do it, but Linux would definitely make the spooks' life much more difficult.
Compromising old Windows boxes is like stealing candy from a baby. Compromising Linux boxes is more like stealing candy from a baby that's locked away in a subterranean vault with armed robot guards, packs of savage Rottweilers and lots of Indiana Jones-style traps. On the moon.
According to the authors of The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement, which is one of the reports detailing the "murky realm" of GhostNet, "What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course."
You wouldn't send an army into battle with rubber rifles - and yet in information warfare, that's essentially what we're doing. These organisations have our data, spend our money and are being targeted to undermine our national security. It's about time they took steps to protect it.
-------------------------------------------------------------------------------------------------------
