Jump to content

GhostNet

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 86.44.33.122 (talk) at 06:20, 30 March 2009 (agreed but the new order was needlessly confusing.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

GhostNet is the name given to an electronic spying operation allegedly based mainly in the People's Republic of China, and which has allegedly infiltrated at least 1,295 computers in 103 countries, including many belonging to banks, foreign embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India, Brussels, London, and New York City.[1][2]

'GhostNet' was discovered by researchers at the University of Toronto's Munk Centre for International Studies in collaboration with the University of Cambridge's Computer Laboratory after a 10-month investigation, and its workings were reported by The New York Times on March 29, 2009.[1][3] Investigators focused initially on allegations of Chinese cyber-espionage against the Tibetan exile community where email correspondence and other data were stolen,[4] but this led to a much wider network of compromised machines.

The system disseminates malware to selected recipients via computer code attached to stolen emails and addresses, thereby expanding the network by allowing more computers to be infected. Once infected, a computer can be controlled or inspected by its hackers.[1]

Compromised systems were discovered in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan. The foreign ministries of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan were also targeted.[5][6] No evidence was found that U.S. or U.K. government offices were infiltrated, although a NATO computer was monitored for half a day and the computers of the Indian embassy in Washington, D.C. were infiltrated.[6][7][8]

The researchers could not conclude that the Chinese government was responsible for the spy network, and noted alternative possibilities such as an operation run by private citizens in China for profit or for patriotic reasons, or intelligence agencies from another country.[1] The Chinese government has denied any involvement, stating that China "strictly forbids any cyber crime".[5][4] An independent report from researchers at Cambridge University says they believe that the Chinese government is indeed behind the attacks.[9]

References

  1. ^ a b c d "Vast Spy System Loots Computers in 103 Countries". New York Times. March 28, 2009. Retrieved March 29, 2009.
  2. ^ CTV.ca: News Video
  3. ^ "Researchers: Cyber spies break into govt computers". Associated Press. March 29, 2009. Retrieved March 29, 2009.
  4. ^ a b China-based spies target Thailand. Bangkok Post, March 30, 2009. Retrieved on March 30, 2009
  5. ^ a b "Major cyber spy network uncovered". BBC News. March 29, 2009. Retrieved March 29, 2009.
  6. ^ a b "Canadians find vast computer spy network: report". Reuters. March 28, 2009. Retrieved March 29, 2009.
  7. ^ "Spying operation by China infiltrated computers: Report". The Hindu. March 29, 2009. Retrieved March 29, 2009.
  8. ^ "'World's biggest cyber spy network' snoops on classified documents in 103 countries". The Times. March 29, 2009. Retrieved March 29, 2009.
  9. ^ Nagaraja, Shishir (March 2009). "The snooping dragon: social-malware surveillance of the Tibetan movement" (PDF). Computer Laboratory, University of Cambridge. {{cite web}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)

See also