Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
512Activity
0 of .
Results for:
No results containing your search query
P. 1
Tracking GhostNet: Investigating a Cyber Espionage Network

Tracking GhostNet: Investigating a Cyber Espionage Network

Ratings:

4.98

(163)
|Views: 88,645 |Likes:
Published by The SecDev Group
This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.

The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.
This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.

The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.

More info:

Categories:Types, School Work
Published by: The SecDev Group on Mar 28, 2009
Copyright:Attribution No Derivatives

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF or read online from Scribd
See more
See less

08/02/2014

pdf

 
 JR02-2009
Inormation Warare Monitor 
Tracking
GhostNet 
:
http://www.inowar-monitor.net/ghostnethttp://www.tracking-ghost.net
t
Investigating a
Cyber Espionage
Network
March 29, 2009
 
March 29, 2009
Foreword
Cyber espionage is an issue whose time has come. In this second report rom the Inormation WarareMonitor, we lay out the ndings o a 10-month investigation o alleged Chinese cyber spying againstTibetan institutions.The investigation, consisting o eldwork, technical scouting, and laboratory analysis, discovered a lot more.The investigation ultimately uncovered a network o over 1,295 inected hosts in 103 countries.Up to 30% o the inected hosts are considered high-value targets and include computers locatedat ministries o oreign aairs, embassies, international organizations, news media, and NGOs. TheTibetan computer systems we manually investigated, and rom which our investigations began,were conclusively compromised by multiple inections that gave attackers unprecedented access topotentially sensitive inormation.But the study clearly raises more questions than it answers.From the evidence at hand, it is not clear whether the attacker(s) really knew what they hadpenetrated, or i the inormation was ever exploited or commercial or intelligence value.Some may conclude that what we lay out here points denitively to China as the culprit. CertainlyChinese cyber-espionage is a major global concern. Chinese authorities have made it clear that theyconsider cyberspace a strategic domain, one which helps redress the military imbalance betweenChina and the rest o the world (particularly the United States). They have correctly identiedcyberspace as the strategic ulcrum upon which U.S. military and economic dominance depends.But attributing all Chinese malware to deliberate or targeted intelligence gathering operations bythe Chinese state is wrong and misleading. Numbers can tell a dierent story. China is presentlythe world’s largest Internet population. The sheer number o young digital natives online can morethan account or the increase in Chinese malware. With more creative people using computers, it’sexpected that China (and Chinese individuals) will account or a larger proportion o cybercrime.Likewise, the threshold or engaging in cyber espionage is alling. Cybercrime kits are now availableonline, and their use is clearly on the rise, in some cases by organized crime and other private actors.Socially engineered malware is the most common and potent; it introduces Trojans onto a system,and then exploits social contacts and les to propagate inections urther.Furthermore, the Internet was never built with security in mind. As institutions ranging romgovernments through to businesses and individuals depend on 24-hour Internet connectivity, theopportunities or exploiting these systems increases.
 JR02-2009 Tracking
GhostNet 
- FOREWORD
 
Ron Deibert, Director, the Citizen Lab,Munk Centre or International Studies,University o Toronto. JR02-2009 Tracking
GhostNet 
- FOREWORDRaal Rohozinski, Principal and CEO,The SecDev Group,Ottawa, Canada.
This report serves as a wake-up call. At the very least, a large percentage o high-value targetscompromised by this network demonstrate the relative ease with which a technically unsophisticatedapproach can quickly be harnessed to create a very eective spynet…These are major disruptivecapabilities that the proessional inormation security community, as well as policymakers, need tocome to terms with rapidly.These are major disruptive capabilities that the proessional inormation security community, as wellas policymakers, need to come to terms with rapidly.

Activity (512)

You've already reviewed this. Edit your review.
Gary A. Mort liked this
Bella added this note
i like it
cigarettelovers added this note
Good read
Bella liked this
Laila Smith added this note
Really amazing article
cigarettelovers liked this
Laila Smith liked this
Mohssine Ait liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->