Talk:GhostNet: Difference between revisions
Line 84: | Line 84: | ||
: And the [http://www.nytimes.com/2009/03/29/technology/29spy.html NYT article] got the name from the title of the [http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network#document_metadata University of Toronto paper]. [[User:Nigholith|Nigholith]] ([[User talk:Nigholith|talk]]) 22:19, 29 March 2009 (UTC) |
: And the [http://www.nytimes.com/2009/03/29/technology/29spy.html NYT article] got the name from the title of the [http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network#document_metadata University of Toronto paper]. [[User:Nigholith|Nigholith]] ([[User talk:Nigholith|talk]]) 22:19, 29 March 2009 (UTC) |
||
::Ah, actually they named it for a common Remote Administration Trojan called Gh0st RAT that was used in this. [[Special:Contributions/86.44.33.122|86.44.33.122]] ([[User talk:86.44.33.122|talk]]) 18:40, 30 March 2009 (UTC) |
|||
== Spanish version == |
== Spanish version == |
Revision as of 18:40, 30 March 2009
This is the talk page for discussing improvements to the GhostNet article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
Computer Security: Computing Unassessed | ||||||||||||||||||
|
Internet Unassessed | ||||||||||
|
A news item involving GhostNet was featured on Wikipedia's Main Page in the In the news section on 29 March 2009. |
infiltrated computers with malware
Why no mention that these 'computers' are almost always desktop machines running Microsoft Windows emacsuser (talk) 14:09, 29 March 2009 (UTC)
- Because window is the most popular OS? --85.108.82.254 (talk) 14:31, 29 March 2009 (UTC)
- For the same reason it's not mentioned that they use electricity. 67.240.138.106 (talk) 17:44, 29 March 2009 (UTC)
audio and video
this sounds very sensationalist:
"The network possesses "Big Brother-style" capabilities, allowing it to turn on the camera and audio-recording functions of infected computers for in-room monitoring."
If you infiltrate a computer, you can do anything you want with it, don't you? Open CD-Drive, print, and, yet yes, switch on cam and mike. To stress this fact for GhostNet sounds very much like disinformation to me.
Jasy jatere (talk) 10:47, 29 March 2009 (UTC)
- Well maybe the phrase "Big Brother" is sensationalist, but the fact that the PC can be used for covert audiovisual surveillance is important to note. —Preceding unsigned comment added by 86.42.185.96 (talk) 13:29, 29 March 2009 (UTC)
- this is surely an interesting feature, which was first widely noted in the coverage of GhostNet. But in my view, this seems to be a change in reporting, not a fundamental difference between GhostNet and other mal/spyware. Jasy jatere (talk) 17:41, 29 March 2009 (UTC)
- Jasy, you are correct, but I believe that no existing malware networks have implemented such functionality. For zombie networks being used for spam generation and the like, bugging the room the PC is in is irreleveant. For an infiltration network being used to gather intelligence, bugging the room the PC is in is extraordinarily valuable. As such, the fact this functionality is present provides information about the nature and use of the network. Toby Douglass (talk) 22:16, 29 March 2009 (UTC)
US computers
presumably no evidence of infiltration was found for any countries not on the list of 103, why is the US mentioned? Nickmuddle (talk) 11:48, 29 March 2009 (UTC)
- Probably because most readers are American and they'll need that bit of extra reassurance... --candle•wicke 13:21, 29 March 2009 (UTC)
- Because it was taken from the New York Times article, verbatim. Also, many readers will probably be interested in knowing if American computers were affected, given the gravity of Sino-American relations. It's not a US-centric Wiki Cabal, jeez. ZeaLitY [ DREAM - REFLECT ] 13:52, 29 March 2009 (UTC)
- If it's taken verbatim from the NYT article then likely it's a copyvio. Incidentally, the version Nick was referring to was this [1] where it was taken from Reuters Nil Einne (talk) 14:00, 29 March 2009 (UTC)
- Because it was taken from the New York Times article, verbatim. Also, many readers will probably be interested in knowing if American computers were affected, given the gravity of Sino-American relations. It's not a US-centric Wiki Cabal, jeez. ZeaLitY [ DREAM - REFLECT ] 13:52, 29 March 2009 (UTC)
- No evidence was found that U.S. or U.K. government offices were infiltrated ===>> Proof of USA and UK spying operation! M Haoran (talk) 14:47, 29 March 2009 (UTC)
- M Haoran - you are a brand new user and your only contributions to the Wiki have been to this article and its discussion where in the space of about ten minutes you attempted, mainly by large deletions, to place a purely pro-Chinese view onto this article. Personally speaking, I cannot help but wonder if you are employed by whoever is responsible for Ghostnet. Toby Douglass (talk) 22:08, 29 March 2009 (UTC)
- Firstly please WP:AGF. If M Haoran's actions are bad, explain to him why, there's no need to make accusations of sinister motives without any evidence of that. Especially, don't prescribe silly motives without evidence. There are a lot of people with pro-Chinese views on the internet, just as there are many with pro-Tibetian, pro American et al. To presume that every person who is pro Chinese works for the Chinese intelligence, is as dumb as presuming everyone who is pro-Tibetian works for the Dalai Lama or everyone who is pro-American works for the CIA. Many people with biased POVs of all types join wikipedia and start off poorly, some of them can be convinced to act properly, some of them still can't set aside their POVs and therefore fail to obey WP:NPOV etc and may eventually be banned. Some of them just never come back. We have no way of knowing which one M Haoran is going to be, but we should still respect him/her and WP:AGF that he/she is hear to improve wikipedia until he/she proves they're not worthy of respect Nil Einne (talk) 00:15, 30 March 2009 (UTC)
- I have to agree with Nil Einne, the chances that M Haoran is employed by the people responsible for Ghostnet is infinitesimal. Let's try and and keep this from becoming the trainwreck of a talk page that is on the Beijing olympics. ƒingersonRoids 01:18, 30 March 2009 (UTC)
- I accept your points, both of you, about not jumping to conclusions. However, FingersOnRoids, on what basis do you assert that the chances of Haoran (or other accounts here) working directly or indirectly with or for or alongside Ghostnet are infinitesimal? Toby Douglass (talk) 06:17, 30 March 2009 (UTC)
- I have to agree with Nil Einne, the chances that M Haoran is employed by the people responsible for Ghostnet is infinitesimal. Let's try and and keep this from becoming the trainwreck of a talk page that is on the Beijing olympics. ƒingersonRoids 01:18, 30 March 2009 (UTC)
- If M Haoran is somehow affiliated to the said "GhostNet", it only proves the fact that the "GhostNet" consists of a bunch of childish pranksters.Isnaciz (talk) 07:35, 30 March 2009 (UTC)
- Firstly please WP:AGF. If M Haoran's actions are bad, explain to him why, there's no need to make accusations of sinister motives without any evidence of that. Especially, don't prescribe silly motives without evidence. There are a lot of people with pro-Chinese views on the internet, just as there are many with pro-Tibetian, pro American et al. To presume that every person who is pro Chinese works for the Chinese intelligence, is as dumb as presuming everyone who is pro-Tibetian works for the Dalai Lama or everyone who is pro-American works for the CIA. Many people with biased POVs of all types join wikipedia and start off poorly, some of them can be convinced to act properly, some of them still can't set aside their POVs and therefore fail to obey WP:NPOV etc and may eventually be banned. Some of them just never come back. We have no way of knowing which one M Haoran is going to be, but we should still respect him/her and WP:AGF that he/she is hear to improve wikipedia until he/she proves they're not worthy of respect Nil Einne (talk) 00:15, 30 March 2009 (UTC)
- M Haoran - you are a brand new user and your only contributions to the Wiki have been to this article and its discussion where in the space of about ten minutes you attempted, mainly by large deletions, to place a purely pro-Chinese view onto this article. Personally speaking, I cannot help but wonder if you are employed by whoever is responsible for Ghostnet. Toby Douglass (talk) 22:08, 29 March 2009 (UTC)
Wikipedia is not a forum. If you want to chat about conspiracy theories and secret agents, please do so on your individual talk pages (or on another site). Thank you. APK thinks he's ready for his closeup 09:36, 30 March 2009 (UTC)
connection with conficker possible?
Is it possible that this ghostnet is responsible for the conficker virus? 75.166.97.83 (talk) 17:37, 29 March 2009 (UTC)
- Anything is possible but you must be very careful with how you consider such questions. The human mind has a specific bias towards associating events of similar magnitude, regardless of the evidence or lack of evidence for a connection. The very fact two events are of a similar magnitude causes us to assume correlation. Toby Douglass (talk) 22:10, 29 March 2009 (UTC)
- No, it is not very likely. There are so many malware programmers. Conficker didn't really try to hide itself - I mean as it would be needed for surveillance (of course it tried to hide from Anti-virus software). The goals or at least the targets are also completely different. Conficker tries to infect as many systems as possible (which makes detection more likely) and therefore is suitable for spam, ddos, etc. GhostNet infects fewer, chosen systems and its goal is to steal data - we are not talking about things like website accounts or credit card numbers. --85.127.117.205 (talk) 16:57, 30 March 2009 (UTC)
How can you say the government is not involved?
How can you say the Chinese government is not involved when it was the Chinese government that acted on the stolen information, in the case of the Dalai Lama's emails??? Haiduc (talk) 17:40, 29 March 2009 (UTC)
- The Wiki community isn't stating the Chinese government is not involved. We're simply reiterating what the New York Times and The BBC are speculating, and quoting the Chinese response. It's more than possible that the Chinese government is behind this program; but it's far from definite; and untill that information is conclusive, it's best to represent all sides without assumptions. 92.13.134.192 (talk) 17:55, 29 March 2009 (UTC)
- The article reports merely what is written elsewhere. We do not offer opinions. Personally speaking, I concur. Unless they were perhaps selling that information to the Chinese Government, I can see no reason why a non-Government infiltration network would spend any time working on computers run by the Tibetien Government-in-exile. Toby Douglass (talk) 22:12, 29 March 2009 (UTC)
- Just want to point out that within Mainland China, given the amount of public outrage against 2008 Tibet protests, it is entirely plausiable that a private group of Chinese nationalistic zealots could've done this. Jim101 (talk) 04:32, 30 March 2009 (UTC)
- If you read the report provided in the external links, the Cambridge group do believe the Chinese government is to blame. I think there is ample evidence to suggest the Chinese government is responsible: the fact that it occurred in their country, the fact that they used the information to their advantage, and the fact that they have a sincere motive to profit from it – the monitoring of pro-Tibetan autonomy movements.Laneb2005 (talk) 18:22, 29 March 2009 (UTC)
- Indeed, it points to the likelihood; added with the fact that the majority of targeted systems are the property of Asian states, that China has direct or indirect interest in. However, since no conclusive evidence could be drawn by the teams investigating the breach, and the Chinese government have denied the operation; other eastern governments, civilians, corporations, or even foreign intelligence services trying to embarrass China; shouldn't be ruled out, for now. Nigholith (talk) 18:43, 29 March 2009 (UTC) (DY:92.13.134.192)
- Seconded. We do not know the truth. To assume it is an error. Toby Douglass (talk) 22:13, 29 March 2009 (UTC)
- Thirded. If you read the paper, the 'attack' itself is quite primitive (read: scriptkiddies could have done it). There is no attempt to hide that servers in china made connections and downloaded files. There is then later use of some proxies that the authors say is 'unexplained' (ie. it could have been anyone from anywhere).--Dacium (talk) 01:09, 30 March 2009 (UTC)
- As Jim101 pointed out, there are many Chinese zealots who could probably have done this. Indeed I believe there have been past incidents of such Chinese zealots hacking in the name of patriotism. Another possibility is that a third government carried out the operation in an attempt to implicate China and turn world opinion against her. This is not at all unlikely - the CIA, for example, has carried out similar operations many times in history. 202.40.139.168 (talk) 06:23, 30 March 2009 (UTC)
Although evidence shows that servers in China were collecting some of the sensitive data, the analysts were cautious about linking the spying to the Chinese government. Rather, China has a fifth of the world's Internet users, which may include hackers that have goals aligning with official Chinese political positions.
"Attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading," the report said.
Ohconfucius (talk) 06:31, 30 March 2009 (UTC)
- One reason that I find this isn't likely to have a third party/government did this to implicate China is the lack of Japan as a target of hacking attempt. There is no reason to not target Japan especially if it's a politically motivated action against China. This is also another reason that I don't believe this is a work of zealots. They "always" target Japan whether there is a reason or not. That's like an Islamic clergy specifically excluding US when criticizing about "lack of moral standards in Western countries".--Revth (talk) 09:46, 30 March 2009 (UTC)
- Excellent point. Also note that US/UK were not infiltrated. However, this is now find interesting in another way - whether I was the Chinese Government or not, if I were running GhostNet, I would want to infiltrate all these countries. They are all high value targets. It is curious therefore that such infiltration has not been uncovered. Either it was not found, or it was not done. Perhaps the people running GhostNet started on targets assumed to be more vulnerable? Toby Douglass (talk) 09:59, 30 March 2009 (UTC)
- Incorrect data. The US, UK and Japan were infiltrated. Just not very much in the UK and Japan. Lots in Taiwan. [2] Toby Douglass (talk) 11:41, 30 March 2009 (UTC)
- Lacking Japan in its attack target doesn't mean it is not the work of private Chinese hackers. When NATO bombed Chinese embassy in Belgrade, Chinese hackers formed the Honker Union and attacked US government sites in return, without touching Japanese sites. And given Chinese outrage to the whole Tibet thing, it shouldn't be a suprise that a similar hacker group could've formed and targeted Tibetan-in-exiles specificly without paying much attention to Japan either. Jim101 (talk) 17:55, 30 March 2009 (UTC)
A more reasonable question...
Do we have any sources that address the origin of the name "GhostNet"? Nyttend (talk) 21:42, 29 March 2009 (UTC)
- Per the NYT, it's simply what the Canadian researchers decided to call what they detected. 86.44.33.122 (talk) 22:00, 29 March 2009 (UTC)
- And the NYT article got the name from the title of the University of Toronto paper. Nigholith (talk) 22:19, 29 March 2009 (UTC)
- Ah, actually they named it for a common Remote Administration Trojan called Gh0st RAT that was used in this. 86.44.33.122 (talk) 18:40, 30 March 2009 (UTC)
Spanish version
Can someone move the Spanish version (es:Ghostnet) of this article to "GhostNet" instead of "Ghostnet"? I noticed the interlanguage link was added, but it goes to an empty page. I've never edited es:wiki, so I can't move it. Gracias. APK thinks he's ready for his closeup 01:31, 30 March 2009 (UTC)
Chinese government
Without support of Chinese government, Chinese spynet wouldn't have became like this GhostNet, the article should mention about Chinese government involvement and why they are doing this.--Korsentry 03:15, 30 March 2009 (UTC) —Preceding unsigned comment added by KoreanSentry (talk • contribs)
- Without support of Chinese government, Chinese spynet wouldn't have became like this GhostNet - Logical assumption, but no creditable source I find confirms this statement. It's one thing to say Chinese government knows the existance of GhostNet. It is a completely different level to say that they own and operate it. Where is the source of your claim that Chinese government owns and operates GhostNet besides the signs that Chinese Cyber-police let it slip under their nose?
- Currently, there are three parties the could've create GhostNet: Chinese government, private hackers/criminals, and thrid countries. If you want to explain in the article on who created the GhostNet and why, you should include the other two parties besides the Chinese government to maintain NPOV, unless there are conclusive evidences that Chinese government indeed created GhostNet. Jim101 (talk) 04:02, 30 March 2009 (UTC)
- Jim, those three parties covers everyone on the planet. Toby Douglass (talk) 06:21, 30 March 2009 (UTC)
- That is my point. To be honest, the more I read into the GhostNet, the more it doesn't make sense. If it is the work of the Chinese Intellegence, a lot of vital target is not probed (why attack NATO when US Pacific Command is more important?). If it is the work of private zealots, then it shouldn't be this big, with no knowledge of the government and based purely in China. It is pretty much given that the Chinese government knows more about GhostNet than they tell us, given their powerful cyber-police force. But given the utter confusion of this entire matter, with anti-Tibetan indenpences/anti-US sentiment running all time high in China, plus the Chinese is just as good at hiding incompetence as hiding secrets, I urge caution on the matter unless we want this article to degrade into an edit war. Jim101 (talk) 14:44, 30 March 2009 (UTC)
- This is beyond the scope of this article, but to be honest, this news of the existence of the so-called GhostNet leaves me with more questions than answers.
- I believe completely that anything that Chinese hackers are capable of, their American, Russian, and Western European counterparts can do just as well, or even better. Does that mean hackers or governments in these other countries are also cyber spying on foreign governments?
- Who funded this research to discover GhostNet?
- How the heck did they conduct the research on secure government networks to discover that they've been spied on? These foreign embassies would either have to grant access to the research group (highly unlikely) or well, the research group was, itself, spying on these networks.
- Hong Qi Gong (Talk - Contribs) 15:42, 30 March 2009 (UTC)
- This is beyond the scope of this article, but to be honest, this news of the existence of the so-called GhostNet leaves me with more questions than answers.
Speaking of conspiracy theories - the report could also be an attempt to frame the Chinese government of cyber spying. Credible source? No I don't have any... Hong Qi Gong (Talk - Contribs) 11:25, 30 March 2009 (UTC)
- That is kinda the point. There are no suggestions that the CIA, Mossad, MI5 or whatever were behind it; there ARE suggestions from verifiable sources that the Chinese govt were (even if they turn out to be wrong). So we can report that, but we can't do WP:OR. SimonTrew (talk) 15:55, 30 March 2009 (UTC)
- I agree. As long as we can seperate suggestions from facts on the matter, it is worth pointing out that Chinese knows more about GhostNet than they tell us. Jim101 (talk) 16:23, 30 March 2009 (UTC)
Beside it is illogical to assume that the CIA, Mossad or MI5 were behind it because it would be ten times harder to set up and conduct such operations in China than in their own countries. Further if they wanted to use another country as a smokescreen, there are far better choices than China with its crazy bandwidth restrictions and monitoring. Skeletor 0 (talk) 16:06, 30 March 2009 (UTC)
- So essentially, this research group tells you that these attacks exist, and they are coming from China, and you believe it all on face value. Correct? Hong Qi Gong (Talk - Contribs) 17:05, 30 March 2009 (UTC)
Is there a way to remove "GhostNet?"
Is there a way to remove "GhostNet?" —Preceding unsigned comment added by 96.244.221.220 (talk) 04:45, 30 March 2009 (UTC)
That's funny, I just changed my IP address from the one the guy above has and yet when I looked up where he is, he's on the other side of the world from me. Ahh Windows thou art mysterious Skeletor 0 (talk) 16:42, 30 March 2009 (UTC)
- reinstall Windows or buy a new computer —Preceding unsigned comment added by 115.75.27.131 (talk) 05:13, 30 March 2009 (UTC)
- I imagine the anti-virus vendors will be updating their offerings soon enough. As it is, I'd just boot from a CD, figured out which files are involved and delete them. Toby Douglass (talk) 06:22, 30 March 2009 (UTC)
- If you read the Toronto report (linked on this page and in the article), you'll see that about a third of 30 or so widely available (and in some cases free) antivirus programs detect the trojan used here. The actual technological aspects of this are relatively unsophisticated. What is striking about it is what is called the "social engineering" aspect: targeting emails of those working in solidarity with tibetans-in-exile, procuring their emails from msg boards and websites, gaining control of those email accounts by having their owners open an attachment from an untrusted sender, or by simply brute-force cracking weak email passwords, and then using those accounts as trusted senders to spread the trojan via context-relevant attachments (like a genuine .doc file of some up-coming event, or translations of relevant literature, or what have you), each new account gained via this method becoming a potential new trusted sender to spread it further. All of which is well within the ability of teens all over the world, but quite sensibly they are more interested in porn and social networking sites and so on.
- By the way, as the Cambridge report points out, what you don't do if you are running an operation like this is act on info gained in such a way that makes obvious that such an operation exists. That's n00b. It's what the Chinese authorities did in the one case cited as circumstantial evidence of their involvement; on the contrary, to me it smacks of their acting on info passed to them from a third party. 86.44.33.122 (talk) 17:33, 30 March 2009 (UTC)
Which OS
Was it Windows, MacOS or Linux? —Preceding unsigned comment added by 80.135.197.245 (talk) 09:44, 30 March 2009 (UTC)
- Windows. Toby Douglass (talk) 11:39, 30 March 2009 (UTC)
- Is it worth specifying what versions of Windows etc? I don't think maybe this necessarily belongs in a "current affairs" article... SimonTrew (talk) 15:12, 30 March 2009 (UTC)
Discovery clarification
I think we should clarify that it was not members of University of Toronto's Munk Centre for International Studies and the University of Cambridge's Computer Laboratory, but the Information Warfare Monitor (IWM) that discovered GhostNet. IWM is a joint project between Toronto's Munk Centre for International Studies and an Ottawa-based think-tank called the SecDev Group. (SecDev provided the funding for the research by the way, Hong Qi Gong, and yes they were spying on the Chinese networks or else they would not have found GhostNet.)Skeletor 0 (talk) 16:21, 30 March 2009 (UTC)
- Clarify the discovery if you want, but saying X spy Y to find proof that Y spy X is off-topic. States spy on States, big deal. That is what citizens pay them to do. Heck, even Vatican has its own spy agency. Jim101 (talk) —Preceding undated comment added 16:29, 30 March 2009 (UTC).
I don't doubt it. But all I saying is that we should probably give credit to the right source. I don't care what this proves I just want wiki to be accurate. Skeletor 0 (talk) 16:33, 30 March 2009 (UTC)
- Unassessed Computer Security articles
- Unknown-importance Computer Security articles
- Unassessed Computing articles
- Unknown-importance Computing articles
- All Computing articles
- All Computer Security articles
- Unassessed Internet articles
- Unknown-importance Internet articles
- WikiProject Internet articles
- Wikipedia In the news articles