GhostNet 2.0 espionage network uses cloud services
Espionage network GhostNet, first identified about a year ago, is much larger and more sophisticated than previously assumed. This is according to a study entitled "Shadows in the Cloud", released today (Tuesday) by the Munk Centre for International Studies, the Information Warfare Monitor, the SecDev Group and the Shadowserver Foundation. GhostNet is essentially a botnet for distributing and controlling spyware.
In March 2009, whilst investigating a computer system belonging to the Tibetan government-in-exile in India, researchers at the Toronto-based Munk Centre for International Studies discovered the largest computer-controlled espionage network ever seen. The network, which they dubbed GhostNet, was controlled almost exclusively by computers located in China and had infiltrated 1,295 computers in 103 countries over a two year period.
According to the new study, the espionage attack was primarily directed against India, the Tibetan government-in-exile and the United Nations. On following the trail of evidence, the researchers came across Indian government documents marked as 'secret' and 'confidential' which were concerned with subjects including the security situation in Indian states and India's relationships with other countries. 1,500 e-mails from the Dalai Lama's office were intercepted between January and November 2009.
According to the study, the attackers used cloud technologies and social networks, such as Twitter, Google Groups and blogs, to communicate with the botnet and spy bots to make their infrastructure as reliable as possible. The attackers' traces are reported to lead to Chengdu province in Southwest China. The Chinese government immediately rejected any suggestion that it may have been involved. Chinese Foreign Ministry spokeswoman Jiang Yu told the Peking press that China denied any involvement in cyber-crimes and was taking action against hackers. She added that attacks of this type are an international problem. (dpa)
- Dispatches from the botnet front, a report from The H.
- Bot network uses Twitter, a report from The H.
- Infiltrated Chinese software spies on Tibetan government in exile's computers, a report from The H.