GhostNet. The University of Toronto published today a great research paper on targeted attacks. We've talked about targeted attacks for years. These cases usually go like this: 1. You receive a spoofed e-mail with an attachment2. The e-mail appears to come from someone you know3. The contents make sense and talk about real things (and in your language)4. But the real news is that Greg Walton & co actually managed to get an inside view of some of the servers used in these spying attacks. Click the image above to read John Markoff's article. The release of the paper was synchronized with the New York Times article. For a reason or another, infowar-monitor.net has been down all day. More resources: Here's a video that we posted earlier about targeted attacks: And here are selected blog posts on the topic: Tracking GhostNet: Investigating a Cyber Espionage Network. China’s GhostNet | DarkGovernment. Researchers in Toronto have released a document that describes what may be the first real evidence of a government-operated cyber-espionage network in action.
In a ten-month investigation, the team documented the operation of what they dubbed GhostNet, and its various worldwide infection. The existence and operation of massive, coordinated, government-affiliated online espionage networks is typically the province of television or the silver screen, rather than the subject of research. In the real world, even a direct link between online and offline action (Russia’s invasion of Georgia and the simultaneous online attacks against that country are a good example) is not enough to automatically prove that the government behind the one is automatically behind the other. This is almost like we’ll undoubtedly see more of this type of crowd sourced aggression in the future. Its various payloads appear to have been delivered using standard social engineering and/or spear phishing techniques. "GhostNet" : vaste réseau de cyberespionnage basé en Chine. C’est la plus grande opération de cyberespionnage jamais découverte : une étude canadienne révèle que des ordinateurs basés en Chine ont pénétré et volé des documents dans des centaines d’ordinateurs de services gouvernementaux ou privés à travers le monde.
Y compris, précise le New York Times qui a rendu publique cette étude, les machines des partisans du dalaï lama, le chef spirituel tibétain en exil en Inde ! Selon ce rapport publié par le Munk Centre for International Studies de l’Université de Toronto, tous les ordinateurs ayant participé à cette vaste opération de cyberespionnage sont basés en Chine, mais cela n’implique « pas nécessairement » la responsabilité du gouvernement chinois : il pourrait s’agir d’une « initiative privée » ou de « hackers patriotiques ». Voire même, c’est techniquement possible mais politiquement peu probable, d’un service étranger utilisant des oridnateurs basés en Chine. Sur la piste de GhostNet. GhostNet & Creating a Culture of User Security | OpenConcept Consulting Inc.
Americas | Major cyber spy network uncovered. An electronic spy network, based mainly in China, has infiltrated computers from government offices around the world, Canadian researchers say. They said the network had infiltrated 1,295 computers in 103 countries. They included computers belonging to foreign ministries and embassies and those linked with the Dalai Lama - Tibet's spiritual leader. There is no conclusive evidence China's government was behind it, researchers say. Beijing also denied involvement. The report, Tracking GhostNet: Investigating a Cyber Espionage Network, comes after a 10-month investigation by the Information Warfare Monitor (IWM), which comprises researchers from Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies.
They were acting on a request from the Tibetan spiritual leader's office to check whether the computers of his Tibetan exile network had been infiltrated. Compromised.