GhostNet, spying on a government near you

GhostNet, targeted cyber-snooping
GhostNet, targeted cyber-snooping

A carefully constructed network of compromised computers have been acting as spying tools within government offices and major institutions across the world, with one report hinting that 'Chinese spooks' are to blame.

Two reports, one from Cambridge University and the other from Information Warfare Monitor at the University of Toronto, have outlined the extent of the so-called GhostNet, which is being run from Chinese servers, although the latter's co-author Ronald Deibert is keen to point out that: "this could well be the CIA or the Russians. It's a murky realm that we're lifting the lid on."

GhostNet has apparently infiltrated over 1000 computers in 103 countries, with a report from Cambridge called 'The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement' suggesting that Chinese 'spooks' are responsible for attacks on other governments and the offices of exiled Tibetan leader the Dalai Lama.

"What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course," says the report.

Although the Toronto paper, 'Tracking GhostNet', is more circumspect about who is responsible, the magnitude of the espionage is clear.

Targeted hacking

Rather than using the traditional blunt force numbers game that cybercriminals tend to favour, GhostNet was targeted at institutions that could provide crucial information.

Gaining entry into these institutions was apparently as easy as a social engineering email which downloaded a Trojan onto the machines when a link was clicked.

Once on the computer, the backdoor created would allow, for instance, the web cam or microphone of the PC to be switched on, as well as taking information directly from email or the PC itself.

GhostNet was uncovered when staff at the Dalai Lama's offices asked Toronto researchers to investigate, fearing a compromise in their IT systems.

"We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama," researcher Greg Walton told the Guardian.

Via The Guardian

Patrick Goss

Patrick Goss is the ex-Editor in Chief of TechRadar. Patrick was a passionate and experienced journalist, and he has been lucky enough to work on some of the finest online properties on the planet, building audiences everywhere and establishing himself at the forefront of digital content.  After a long stint as the boss at TechRadar, Patrick has now moved on to a role with Apple, where he is the Managing Editor for the App Store in the UK.