[Infowarrior] - Report: Tracking GhostNet (PDF)
Richard Forno
rforno at infowarrior.org
Sun Mar 29 05:08:09 UTC 2009
Tracking GhostNet: Investigating a Cyber Espionage Network
http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network
Description
This report documents the GhostNet - a suspected cyber espionage
network of over 1,295 infected computers in 103 countries, 30% of
which are high-value targets, including ministries of foreign affairs,
embassies, international organizations, news media, and NGOs.
The capabilities of GhostNet are far-reaching. The report reveals that
Tibetan computer systems were compromised giving attackers access to
potentially sensitive information, including documents from the
private office of the Dalai Lama. The report presents evidence showing
that numerous computer systems were compromised in ways that
circumstantially point to China as the culprit. But the report is
careful not to draw conclusions about the exact motivation or the
identity of the attacker(s), or how to accurately characterize this
network of infections as a whole. The report argues that attribution
can be obscured.
The report concludes that who is in control of GhostNet is less
important than the opportunity for generating strategic intelligence
that it represents. The report underscores the growing capabilities of
computer network exploitation, the ease by which cyberspace can be
used as a vector for new do-it-yourself form of signals intelligence.
It ends with warning to policy makers that information security
requires serious attention.
http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network
More information about the Infowarrior
mailing list