Jump to content

GhostNet: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
no mention of banks in source
mNo edit summary
Line 1: Line 1:
{{Current|date=March 2009}}
{{Current|date=March 2009}}
{{dablink|For the fishing net, see [[Ghost net]].}}
{{dablink|For the fishing net, see [[Ghost net]].}}
'''GhostNet''' is the name given to a recently-discovered, large-scale [[Computer surveillance|electronic spying operation]], based mainly in the [[People's Republic of China]], which has infiltrated at least 1,295 computers in 103 countries. Computer systems belonging to [[embassy|embassies]], foreign ministries, and other government offices, as well as the [[14th Dalai Lama|Dalai Lama]]'s [[Tibet]]an exile centers in [[India]], [[Brussels]], [[London]], and [[New York City]].<ref name="NY-TIMES">{{cite news| title=Vast Spy System Loots Computers in 103 Countries | url=http://www.nytimes.com/2009/03/29/technology/29spy.html | publisher = [[New York Times]] | date=March 28, 2009 | accessdate=March 29, 2009}}</ref>
'''GhostNet''' is the name given to a recently-discovered, large-scale [[Computer surveillance|electronic spying operation]], based mainly in the [[People's Republic of China]], which has infiltrated at least 1,295 computers in 103 countries. Computer systems belonging to [[embassy|embassies]], foreign ministries and other government offices, as well as the [[14th Dalai Lama|Dalai Lama]]'s [[Tibet]]an exile centers in [[India]], [[Brussels]], [[London]] and [[New York City]].<ref name="NY-TIMES">{{cite news| title=Vast Spy System Loots Computers in 103 Countries | url=http://www.nytimes.com/2009/03/29/technology/29spy.html | publisher = [[New York Times]] | date=March 28, 2009 | accessdate=March 29, 2009}}</ref>


==Discovery==
==Discovery==
[[File:JohnW GrahamLibrary,TrinityCollege2.jpg|thumb|GhostNet was discovered and named by researchers from the [[Munk Centre for International Studies]] ''(pictured)''.]]
[[File:JohnW GrahamLibrary,TrinityCollege2.jpg|thumb|GhostNet was discovered and named by researchers from the [[Munk Centre for International Studies]] ''(pictured)''.]]
The 'GhostNet' was discovered and named by researchers at the [[University of Toronto]]'s [[Munk Centre for International Studies]] and the [[University of Cambridge]]'s [[University of Cambridge Computer Laboratory|Computer Laboratory]], after a 10-month investigation. The discovery of the 'GhostNet', and details of its operations, were reported by ''[[The New York Times]]'' on March 29, 2009.<ref name="NY-TIMES"/><ref>{{cite news| title=Researchers: Cyber spies break into govt computers | url=http://www.google.com/hostednews/ap/article/ALeqM5jQLLlzAwWMnd6PID1d_id1LYOwfwD977GQ0G0 | publisher=[[Associated Press]] | date=March 29, 2009 | accessdate=March 29, 2009}}</ref> Investigators focused initially on allegations of Chinese cyber-espionage against the Tibetan exile community, such as instances where email correspondence and other data were stolen.<ref name=bp>[http://www.bangkokpost.com/news/world/138995/china-based-spies-target-us China-based spies target Thailand]. [[Bangkok Post]], March 30, 2009. Retrieved on March 30, 2009</ref> This led to the discovery of a much wider network of compromised machines.
The 'GhostNet' was discovered and named by researchers at the [[University of Toronto]]'s [[Munk Centre for International Studies]] and the [[University of Cambridge]]'s [[University of Cambridge Computer Laboratory|Computer Laboratory]], after a 10-month investigation. The discovery of the 'GhostNet', and details of its operations, were reported by ''[[The New York Times]]'' on March 29, 2009.<ref name="NY-TIMES"/><ref>{{cite news| title=Researchers: Cyber spies break into govt computers | url=http://www.google.com/hostednews/ap/article/ALeqM5jQLLlzAwWMnd6PID1d_id1LYOwfwD977GQ0G0 | publisher=[[Associated Press]] | date=March 29, 2009 | accessdate=March 29, 2009}}</ref> Investigators focused initially on allegations of Chinese cyber-espionage against the Tibetan exile community, such as instances where email correspondence and other data were stolen.<ref name=bp>[http://www.bangkokpost.com/news/world/138995/china-based-spies-target-us China-based spies target Thailand]. [[Bangkok Post]], March 30, 2009. Retrieved on March 30, 2009.</ref> This led to the discovery of a much wider network of compromised machines.


Compromised systems were discovered in the [[Embassy|embassies]] of [[India]], [[South Korea]], [[Indonesia]], [[Romania]], [[Cyprus]], [[Malta]], [[Thailand]], [[Republic_of_china|Taiwan]], [[Portugal]], [[Germany]] and [[Pakistan]]. The [[Foreign ministry|foreign ministries]] of [[Iran]], [[Bangladesh]], [[Latvia]], [[Indonesia]], [[Philippines]], [[Brunei]], [[Barbados]] and [[Bhutan]] were also targeted.<ref name=bbc>{{cite news| title=Major cyber spy network uncovered | url=http://news.bbc.co.uk/1/hi/world/americas/7970471.stm | publisher=[[BBC News]] | date=March 29, 2009 | accessdate=March 29, 2009}}</ref><ref name=Reuters>{{cite news| title=Canadians find vast computer spy network: report | url=http://www.reuters.com/article/newsOne/idUSTRE52R2HQ20090328 | publisher=[[Reuters]] | date=March 28, 2009 | accessdate=March 29, 2009}}</ref> No evidence was found that [[U.S.]] or [[U.K.]] government offices were infiltrated, although a [[NATO]] computer was monitored for half a day and the computers of the [[Embassy of India in Washington, D.C.|Indian embassy]] in [[Washington, D.C.]] were infiltrated.<ref name=Reuters/><ref>{{cite news| title=Spying operation by China infiltrated computers: Report | url=http://www.thehindubusinessline.com/blnus/10291335.htm | publisher=[[The Hindu]] | date=March 29, 2009 | accessdate=March 29, 2009}}</ref><ref name="nato">{{cite news| title='World's biggest cyber spy network' snoops on classified documents in 103 countries | url=http://www.timesonline.co.uk/tol/news/uk/crime/article5996253.ece | publisher=[[The Times]] | date=March 29, 2009 | accessdate=March 29, 2009}}</ref>
Compromised systems were discovered in the [[Embassy|embassies]] of [[India]], [[South Korea]], [[Indonesia]], [[Romania]], [[Cyprus]], [[Malta]], [[Thailand]], [[Republic_of_china|Taiwan]], [[Portugal]], [[Germany]] and [[Pakistan]]. The [[Foreign ministry|foreign ministries]] of [[Iran]], [[Bangladesh]], [[Latvia]], [[Indonesia]], [[Philippines]], [[Brunei]], [[Barbados]] and [[Bhutan]] were also targeted.<ref name=bbc>{{cite news| title=Major cyber spy network uncovered | url=http://news.bbc.co.uk/1/hi/world/americas/7970471.stm | publisher=[[BBC News]] | date=March 29, 2009 | accessdate=March 29, 2009}}</ref><ref name=Reuters>{{cite news| title=Canadians find vast computer spy network: report | url=http://www.reuters.com/article/newsOne/idUSTRE52R2HQ20090328 | publisher=[[Reuters]] | date=March 28, 2009 | accessdate=March 29, 2009}}</ref> No evidence was found that [[U.S.]] or [[U.K.]] government offices were infiltrated, although a [[NATO]] computer was monitored for half a day and the computers of the [[Embassy of India in Washington, D.C.|Indian embassy]] in [[Washington, D.C.]], were infiltrated.<ref name=Reuters/><ref>{{cite news| title=Spying operation by China infiltrated computers: Report | url=http://www.thehindubusinessline.com/blnus/10291335.htm | publisher=[[The Hindu]] | date=March 29, 2009 | accessdate=March 29, 2009}}</ref><ref name="nato">{{cite news| title='World's biggest cyber spy network' snoops on classified documents in 103 countries | url=http://www.timesonline.co.uk/tol/news/uk/crime/article5996253.ece | publisher=[[The Times]] | date=March 29, 2009 | accessdate=March 29, 2009}}</ref>


==Possible Chinese government involvement==
==Possible Chinese government involvement==
Researchers believe they have found evidence of actions taken by government officials from the People's Republic of China as a result of information obtained via the 'GhostNet'. After a diplomat received an email invitation to a visit with the [[Dalai Lama]] from his representatives, Beijing officials made a call to the diplomat discouraging the visit. A woman on her way to Tibet was stopped by Chinese intelligence officers and shown transcripts of her online conversations.<ref>[http://www.thestar.com/article/610071 U of T team tracks China-based cyber spies] [[Toronto Star]] [[March 29]], [[2009]]{{dead link|date=March 2009}}</ref>
Researchers believe they have found evidence of actions taken by government officials from the People's Republic of China as a result of information obtained via the 'GhostNet'. After a diplomat received an email invitation to a visit with the [[Dalai Lama]] from his representatives, Beijing officials made a call to the diplomat discouraging the visit. A woman on her way to Tibet was stopped by Chinese intelligence officers and shown transcripts of her online conversations.<ref>[http://www.thestar.com/article/610071 U of T team tracks China-based cyber spies] [[Toronto Star]] March 29, 2009{{dead link|date=March 2009}}</ref>


While a report from researchers at the [[University of Cambridge]] says they believe that the [[Government of the People's Republic of China|Chinese government]] is behind the attacks,<ref>{{cite web | url = http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf | title = The snooping dragon: social-malware surveillance of the Tibetan movement | first = Shishir | last = Nagaraja | coauthors = Ross Anderson | publisher = Computer Laboratory, University of Cambridge | date = March 2009 | format = PDF }}</ref> the researchers from the University of Toronto stated they could not conclude that the Chinese government was responsible for the spy network, and noted alternative possibilities such as an operation run by private citizens in China for profit or for patriotic reasons, or intelligence agencies from other countries such as [[Russia]] or the [[United States]].<ref name="NY-TIMES"/> The Chinese government has denied any involvement, stating that China "strictly forbids any cyber crime".<ref name=bbc/><ref name=bp/>
While a report from researchers at the [[University of Cambridge]] says they believe that the [[Government of the People's Republic of China|Chinese government]] is behind the attacks,<ref>{{cite web | url = http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf | title = The snooping dragon: social-malware surveillance of the Tibetan movement | first = Shishir | last = Nagaraja | coauthors = Ross Anderson | publisher = Computer Laboratory, University of Cambridge | date = March 2009 | format = PDF }}</ref> the researchers from the University of Toronto stated they could not conclude that the Chinese government was responsible for the spy network, and noted alternative possibilities such as an operation run by private citizens in China for profit or for patriotic reasons, or intelligence agencies from other countries such as [[Russia]] or the [[United States]].<ref name="NY-TIMES"/> The Chinese government has denied any involvement, stating that China "strictly forbids any cyber crime".<ref name=bbc/><ref name=bp/>

Revision as of 19:55, 30 March 2009

GhostNet is the name given to a recently-discovered, large-scale electronic spying operation, based mainly in the People's Republic of China, which has infiltrated at least 1,295 computers in 103 countries. Computer systems belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama's Tibetan exile centers in India, Brussels, London and New York City.[1]

Discovery

GhostNet was discovered and named by researchers from the Munk Centre for International Studies (pictured).

The 'GhostNet' was discovered and named by researchers at the University of Toronto's Munk Centre for International Studies and the University of Cambridge's Computer Laboratory, after a 10-month investigation. The discovery of the 'GhostNet', and details of its operations, were reported by The New York Times on March 29, 2009.[1][2] Investigators focused initially on allegations of Chinese cyber-espionage against the Tibetan exile community, such as instances where email correspondence and other data were stolen.[3] This led to the discovery of a much wider network of compromised machines.

Compromised systems were discovered in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan. The foreign ministries of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan were also targeted.[4][5] No evidence was found that U.S. or U.K. government offices were infiltrated, although a NATO computer was monitored for half a day and the computers of the Indian embassy in Washington, D.C., were infiltrated.[5][6][7]

Possible Chinese government involvement

Researchers believe they have found evidence of actions taken by government officials from the People's Republic of China as a result of information obtained via the 'GhostNet'. After a diplomat received an email invitation to a visit with the Dalai Lama from his representatives, Beijing officials made a call to the diplomat discouraging the visit. A woman on her way to Tibet was stopped by Chinese intelligence officers and shown transcripts of her online conversations.[8]

While a report from researchers at the University of Cambridge says they believe that the Chinese government is behind the attacks,[9] the researchers from the University of Toronto stated they could not conclude that the Chinese government was responsible for the spy network, and noted alternative possibilities such as an operation run by private citizens in China for profit or for patriotic reasons, or intelligence agencies from other countries such as Russia or the United States.[1] The Chinese government has denied any involvement, stating that China "strictly forbids any cyber crime".[4][3]

Technical functionality

The system disseminates malware to selected recipients via computer code attached to stolen emails and addresses, thereby expanding the network by allowing more computers to be infected. Once infected, a computer can be controlled or inspected by its hackers. The malware even has the ability to turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room.[1]

See also

References

  1. ^ a b c d "Vast Spy System Loots Computers in 103 Countries". New York Times. March 28, 2009. Retrieved March 29, 2009.
  2. ^ "Researchers: Cyber spies break into govt computers". Associated Press. March 29, 2009. Retrieved March 29, 2009.
  3. ^ a b China-based spies target Thailand. Bangkok Post, March 30, 2009. Retrieved on March 30, 2009.
  4. ^ a b "Major cyber spy network uncovered". BBC News. March 29, 2009. Retrieved March 29, 2009.
  5. ^ a b "Canadians find vast computer spy network: report". Reuters. March 28, 2009. Retrieved March 29, 2009.
  6. ^ "Spying operation by China infiltrated computers: Report". The Hindu. March 29, 2009. Retrieved March 29, 2009.
  7. ^ "'World's biggest cyber spy network' snoops on classified documents in 103 countries". The Times. March 29, 2009. Retrieved March 29, 2009.
  8. ^ U of T team tracks China-based cyber spies Toronto Star March 29, 2009[dead link]
  9. ^ Nagaraja, Shishir (March 2009). "The snooping dragon: social-malware surveillance of the Tibetan movement" (PDF). Computer Laboratory, University of Cambridge. {{cite web}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)