• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
Technical Report 
Number 746
Computer Laboratory
UCAM-CL-TR-746ISSN 1476-2986
The snooping dragon:social-malware surveillanceof the Tibetan movement
Shishir Nagaraja, Ross Anderson
March 2009
15 JJ Thomson AvenueCambridge CB3 0FDUnited Kingdomphone +44 1223 763500
http://www.cl.cam.ac.uk/ 
 
c
2009 Shishir Nagaraja, Ross AndersonThis material is based in part upon work supported by theU.S. Department of Homeland Security under Grant AwardNumber 2006-CS-001-000001, under the auspices of theInstitute for Information Infrastructure Protection (I3P)research program. The I3P is managed by DartmouthCollege. The views and conclusions contained in thisdocument are those of the authors and should not beinterpreted as necessarily representing the official policies,either expressed or implied, of the U.S. Department of Homeland Security, the I3P, or Dartmouth College.Technical reports published by the University of CambridgeComputer Laboratory are freely available via the Internet:
http://www.cl.cam.ac.uk/techreports/ 
ISSN 1476-2986
 
The snooping dragon: social-malwaresurveillance of the Tibetan movement
Shishir NagarajaInformation Trust InstituteUniversity of Illinois at Urbana-Champaign
sn275@iti.uiuc.edu
Ross AndersonCambridge UniversityComputer Laboratory
Ross.Anderson@cl.cam.ac.uk
Abstract
In this note we document a case of malware-based electronic surveillance of apolitical organisation by the agents of a nation state. While malware attacks are notnew, two aspects of this case make it worth serious study. First, it was a targetedsurveillance attack designed to collect actionable intelligence for use by the policeand security services of a repressive state, with potentially fatal consequences forthose exposed. Second, the modus operandi combined social phishing with high-grade malware. This combination of well-written malware with well-designed emaillures, which we call
social malware
, is devastatingly effective. Few organisationsoutside the defence and intelligence sector could withstand such an attack, and al-though this particular case involved the agents of a major power, the attack could infact have been mounted by a capable motivated individual. This report is thereforeof importance not just to companies who may attract the attention of governmentagencies, but to all organisations. As social-malware attacks spread, they are boundto target people such as accounts-payable and payroll staff who use computers tomake payments. Prevention will be hard. The traditional defence against socialmalware in government agencies involves expensive and intrusive measures thatrange from mandatory access controls to tiresome operational security procedures.These will not be sustainable in the economy as a whole. Evolving practical low-costdefences against social-malware attacks will be a real challenge.
3
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...