Friday, April 3, 2009

World's biggest cyber spy network

A cyber spy network operated from China hacked into classified documents on government and private computers in 103 countries, internet researchers have revealed.The spy system, which investigators dubbed GhostNet, compromised 1,295 machines at Nato and foreign affairs ministries, embassies, banks and news organisations across the world, as well as computers used by the Dalai Lama and Tibetan exiles.The work of Information Warfare Monitor (IWM) investigators focused initially on allegations of Chinese cyber espionage against the Tibetan exile community but led to a much wider network of compromised machines.IWM said that, while its analysis pointed to China as the main source of the network, it had not been able conclusively to identify the hackers. The IWM is composed of researchers from an Ottawa-based think tank, SecDev Group, and the University of Toronto's Munk Centre for International Studies.The researchers found that more than 1,295 computers had been affected at the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan. They also discovered hacked systems in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.The remote spying operation is thought to be the most extensive yet uncovered in the political world and is estimated to be invading more than a dozen new computers a week. Other infected computers were found at Deloitte & Touche in New York.The IWM report said: "GhostNet represents a network of compromised computers resident in high-value political, economic, and media locations spread across numerous countries worldwide. At the time of writing, these organisations are almost certainly oblivious to the compromised situation in which they find themselves. The computers of diplomats, military attachés, private assistants, secretaries to Prime Ministers, journalists and others are under the concealed control of unknown assailant(s)."It added: "In Dharamsala [the headquarters of the Tibetan government in exile] and elsewhere, we have witnessed machines being profiled and sensitive documents being removed. At our laboratory, we have analysed our own infected 'honey pot' computer and discovered that the capabilities of GhostNet are potent and wide-ranging."Almost certainly, documents are being removed without the targets’ knowledge, keystrokes logged, web cameras are being silently triggered, and audio inputs surreptitiously activated."Once the hackers infiltrated the systems, they gained control using malware – software they had installed on the compromised computers – and sent and received data from them, the researchers said. The investigation concluded that Tibetan computer systems were compromised by multiple infections that gave attackers unprecedented access to potentially sensitive information, including documents from the private office of the Dalai Lama.The investigators went to India, Europe and North America to collect evidence about the infected systems used by Tibetan exiles. It was in the second stage of the inquiry, when they were analysing the data, that they uncovered the network of compromised computers.The IWM report said in its summary: "The GhostNet system directs infected computers to download a Trojan known as Ghost Rat that allows attackers to gain complete, real-time control. These instances of Ghost Rat are consistently controlled from commercial internet access accounts located on the island of Hainan, in the People’s Republic of China."

http://www.timesonline.co.uk/tol/new...cle5996253.ece

No comments:

Post a Comment