[governance] Tracking GhostNet: Investigating a Cyber Espionage Network.

William Drake william.drake at graduateinstitute.ch
Sat Mar 28 17:36:29 EDT 2009


Rather interesting....

Begin forwarded message:

> From: Ronald Deibert <r.deibert at utoronto.ca>
> Date: March 28, 2009 5:49:15 PM GMT-03:00
> To: Ronald Deibert <r.deibert at utoronto.ca>
> Subject: Tracking GhostNet: Investigating a Cyber Espionage Network.
>
> Tracking GhostNet: Investigating a Cyber Espionage Network.
>
> The report has now been covered in an exclusive story by the New  
> York Times' John Markoff.  Download the New York Times story here
> http://www.nytimes.com/2009/03/29/technology/29spy.html
>
> Researchers at the Information Warfare Monitor uncovered a suspected  
> cyber espionage network of over 1,295 infected hosts in 103  
> countries.  This finding comes at the close of a 10-month  
> investigation of alleged Chinese cyber spying against Tibetan  
> institutions that consisted of fieldwork, technical scouting, and  
> laboratory analysis.
>
> Close to 30% of the infected hosts are considered high-value and  
> include computers located at ministries of foreign affairs,  
> embassies, international organizations, news media, and NGOs.  The  
> investigation was able to conclude that  Tibetan computer systems  
> were compromised by multiple infections that gave attackers  
> unprecedented access to potentially sensitive information,   
> including  documents from the private office of the Dalai Lama.
>
> Who is ultimately in control of the GhostNet system? While our  
> analysis reveals that numerous politically sensitive and high value  
> computer systems were compromised in ways that circumstantially  
> point to China as the culprit, we do not know the exact motivation  
> or the identity of the attacker(s), or how to accurately  
> characterize this network of infections as a whole.  One of the  
> characteristics of cyber-attacks of the sort we document here is the  
> ease by which attribution can be obscured.
>
> Regardless of who or what is ultimately in control of GhostNet, it  
> is the capabilities of exploitation, and the strategic intelligence  
> that can be harvested from it, which matters most. Indeed, although  
> the Achilles’ heel of the GhostNet system allowed us to monitor and  
> document its far-reaching network of infiltration, we can safely  
> hypothesize that it is neither the first nor the only one of its kind.
>
> As Information Warfare Monitor principal investigators Ron Deibert  
> and Rafal Rohozinski say in the foreword to the report, “This report  
> serves as a wake-up call.  At the very least, a large percentage of  
> high-value targets compromised by this network demonstrate the  
> relative ease with which a technically unsophisticated approach can  
> quickly be harnessed to create a very effective spynet…These are  
> major disruptive capabilities that the professional information  
> security community, as well as policymakers, need to come to terms  
> with rapidly.”
>
> Download the full report on 29 March 2009 at
> http://www.infowar-monitor.net/ghostnet/
>
>
> Ronald J. Deibert
> Director, The Citizen Lab
> Munk Centre for International Studies
> University of Toronto
> r.deibert at utoronto.ca
> http://deibert.citizenlab.org/
>
>
>

***********************************************************
William J. Drake
Senior Associate
Centre for International Governance
Graduate Institute of International and
   Development Studies
Geneva, Switzerland
william.drake at graduateinstitute.ch
New book: Governing Global Electronic Networks,
http://tinyurl.com/5mh9jj
***********************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20090328/016a9386/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance


More information about the Governance mailing list