A Year's Further Research On an Espionage Network

← Back to Stories (view on slashdot.org)

A Year's Further Research On an Espionage Network

Posted by kdawson on Tuesday April 6, 2010 @06:02AM from the ghostnet's-successor dept.

Mortimer.CA writes "Last year researchers discovered a giant electronic spying operation they dubbed GhostNet. Now, after a further year's worth of research, Infowar Monitor has released a new report. The report (Scribbed PDF) documents a complex ecosystem of cyber espionage that systematically targeted and compromised computer systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries. While the servers are in China, the report's authors say that there is 'no evidence in this report of the involvement of the People's Republic of China or any other government in the shadow network.' Furthermore, the 'intruders even stole documents related to the travel of NATO forces in Afghanistan, illustrating that even though the Indian government was the primary target of the attacks, one gap in computer security can leave many nations exposed.'"

61 comments

Scumbags by Gunningthegreen · 2010-04-06 06:06 · Score: 0, Troll

Just the sort of things these scumbags ingage in... http://www.cbc.ca/canada/story/2010/04/06/cyber-espionage-research.html

--
...
1. Re:Scumbags by sopssa · 2010-04-06 06:44 · Score: 0, Redundant
  
  What scumbags? The article directly says theres no links to any government, Chinese or other.
  But I think there might be more to it. If it were Chinese super hackers, either working alone or the government, wouldn't you think it would be kind of stupid to leave all the traces pointing to China? After all we are on the Internet and it wouldn't be too hard to locate your servers elsewhere in the world. That makes me suspect Chinese have nothing to do with it, but its either some other nation using Chinese as a gateway and making them get the heat, or it's someone trying to make Chinese image bad. That's what politics are, playing dirty. When you make Chinese look like bad guys you can get more support for yourself.
2. Re:Scumbags by maxume · 2010-04-06 06:53 · Score: 1
  
  It's the Chinese. They left traces pointing to China so you would suspect that it was someone else.
  
  --
  Nerd rage is the funniest rage.
3. Re:Scumbags by Anonymous Coward · 2010-04-06 06:54 · Score: 0
  
  It could be US. They want ACTA and more strict world power. This is a good way to justify their actions. Just like Iraq war.
4. Re:Scumbags by Anonymous Coward · 2010-04-06 06:54 · Score: 2, Interesting
  
  >That makes me suspect Chinese have nothing to do with it, but its either some other nation using Chinese as a gateway and making them get the heat, or it's someone trying to make Chinese image bad.
  I wouldn't say chinese aren't involved instead I think the articles confirms what's widely known in the hacking world but seems to be distorted in press everytime a hacking ring is traced to china.
  These hackers whomever they are is motivated by profit. Instead of stealing bank information they're stealing strategic information (missile placements, defense protocol, etc.) and then selling it for profit to whomever wants it, be it the chinese government or maybe india's archrival pakistan or corporations with businesses in india.
  There's a tendency to see china as some kind of monolithic entity, meaning if a chinese person did something then "China" must of done it, but peel away the generalizations and as the article states there's different groups with different goals at work.
5. Re:Scumbags by sopssa · 2010-04-06 06:57 · Score: 0
  
  It's the Chinese. They left traces pointing to China so you would suspect that it was someone else.
  Yeah because that will definitely work outside movies too.
two words by j00r0m4nc3r · 2010-04-06 06:17 · Score: 3, Insightful

Plausible. Deniability.
Ooooh! The Dalai Lama! by oldspewey · 2010-04-06 06:17 · Score: 4, Interesting

I continue to get a kick out of the Chinese government's fixation on the Dalai Lama. If the whole thing didn't involve the theft of a nation and the brutal repression of the Tibetan people, the situation would be hilarious in a Monthy Python sort of way.

--
If libertarians are so opposed to effective government, why don't they all move to Somalia?
1. Re:Ooooh! The Dalai Lama! by Anonymous Coward · 2010-04-06 06:23 · Score: 0
  
  You mean like the whole "I think she's a witch!" thing?
2. Re:Ooooh! The Dalai Lama! by megamerican · 2010-04-06 06:24 · Score: 1
  
  I continue to get a kick out of the Chinese government's fixation on the Dalai Lama. If the whole thing didn't involve the theft of a nation and the brutal repression of the Tibetan people, the situation would be hilarious in a Monthy Python sort of way.
  Or whoever is behind the attack is going after the Dalai Lama to implicate the Chinese Government.
  
  --
  If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
3. Re:Ooooh! The Dalai Lama! by blair1q · 2010-04-06 06:33 · Score: 3, Insightful
  
  Or the Chinese government is going after the Dalai Lama in a crudely obsessive way to make you think it's someone going after the Dalai Lama to implicate the Chinese government.
4. Re:Ooooh! The Dalai Lama! by PolygamousRanchKid+ · 2010-04-06 06:36 · Score: 1
  
  . . . the theft of a nation . . .
  . . . is the easy bit.
  Fencing a nation is a bitch: http://en.wikipedia.org/wiki/Fence_(criminal)
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
5. Re:Ooooh! The Dalai Lama! by Anonymous Coward · 2010-04-06 06:39 · Score: 0, Funny
  
  Well considering it's public record the the Dalia Lama has been on the CIA payroll working to start a war between India and China during the 20th century I think it makes sense for China to keep an eye on him.
6. Re:Ooooh! The Dalai Lama! by Anonymous Coward · 2010-04-06 06:42 · Score: 0
  
  Making things up is fun. My 4-year-old has a pretty crazy imagination.
7. Re:Ooooh! The Dalai Lama! by sopssa · 2010-04-06 06:46 · Score: 1, Interesting
  
  Or someone is going after Dalai Lama in a crudely obsessive way to make you think it's Chinese doing it in a crudely obsessive way so you would think it's the Chinese who are trying to hide it by doing it in a crudely obsessive way.
8. Re:Ooooh! The Dalai Lama! by Anonymous Coward · 2010-04-06 06:47 · Score: 0
  
  Knowing nothing about Asian history is apparently also fun, in an ignorance is bliss sort of way...
  http://www.nytimes.com/1998/10/02/world/world-news-briefs-dalai-lama-group-says-it-got-money-from-cia.html?pagewanted=1
9. Re:Ooooh! The Dalai Lama! by NeutronCowboy · 2010-04-06 07:01 · Score: 0, Troll
  
  And yet the article says nothing about the intention being to start a war between China and India. Making things up is indeed fun. As for the CIA supporting the Dalai Lama... heck, in this case I'm all for it.
  
  --
  Those who can, do. Those who can't, sue.
10. Re:Ooooh! The Dalai Lama! by An+ominous+Cow+art · 2010-04-06 07:26 · Score: 1
  
  Fencing a nation is a bitch: http://en.wikipedia.org/wiki/Fence_(criminal)
  
  It certainly is: http://en.wikipedia.org/wiki/Fencing
11. Re:Ooooh! The Dalai Lama! by sopssa · 2010-04-06 07:26 · Score: 2, Informative
  
  And yet the article says nothing about the intention being to start a war between China and India. Making things up is indeed fun. As for the CIA supporting the Dalai Lama... heck, in this case I'm all for it.
  
  And it states:
  
  The money allocated for the resistance movement was spent on training volunteers and paying for guerrilla operations against the Chinese, the Tibetan government-in-exile said in a statement.
  Just like with Osama bin Laden, Iraq and Middle-East. USA has a long history of supporting guerrilla and when it doesn't fit them anymore, they call them terrorists. I would imagine Dalai Lama and Tibet will be the next such thing.
12. Re:Ooooh! The Dalai Lama! by Anonymous Coward · 2010-04-06 07:45 · Score: 0
  
  Or someone is going after Dalai Lama in a crudely obsessive way to make you think it's Chinese doing it in a crudely obsessive way so you would think it's the Chinese who are trying to hide it by doing it in a crudely obsessive way.
  Or the Dalai Lama hacked his own computer via proxy from China to drum up sympathy for himself.
13. Re:Ooooh! The Dalai Lama! by biryokumaru · 2010-04-06 08:05 · Score: 1
  
  That Dalai Lama, he's such a whiner.
  
  --
  When you're afraid to download music illegally in your own home, then the terrorists have won!
14. Re:Ooooh! The Dalai Lama! by Arancaytar · 2010-04-06 08:32 · Score: 1
  
  ... to think they want you to think that is what they want you think.
15. Re:Ooooh! The Dalai Lama! by RockDoctor · 2010-04-06 15:11 · Score: 1
  
  I continue to get a kick out of the Chinese government's fixation on the Dalai Lama. If the whole thing didn't involve the theft of a nation and the brutal repression of the Tibetan people, the situation would be hilarious in a Monthy Python sort of way.
  s/Chinese/British
  s/Dalai Lama/Mahatma Ghandi/
  s/Tibet/India/
  Now do you see why the Chinese are worried?
  BTW, there's one fewer 'h' in Monty Python than you think. Or one more 'l', depending on which joke you're trying to make.
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
16. Re:Ooooh! The Dalai Lama! by speaker4thedead · 2010-04-06 17:04 · Score: 1
  
  Or someone is going after Dalai Lama in a crudely obsessive way to make you think it's Chinese doing it in a crudely obsessive way so you would think it's the Chinese who are trying to hide it by doing it in a crudely obsessive way.
  You have a truly dizzying intellect.
  
  --
  "My religion is to live --and die-- without regret." -- Milarepa
17. Re:Ooooh! The Dalai Lama! by Anonymous Coward · 2010-04-07 01:15 · Score: 0
  
  The CIA did support the Dalai Lama
  http://www.amazon.com/Orphans-Cold-War-Struggle-Survival/dp/1891620185
The dangers of permissivity by Anonymous Coward · 2010-04-06 06:22 · Score: 0, Funny

Over the last ten years, as the laws got stricter in some countries, it's fairly easy to observe the shift of malicious cyberbehavior to others, not unlike pressing down on parts of a balloon and watching the rest expand. It's also interesting to note that the centers of gravity with regard to this type of activity, whether spam, malware, or apparently even spying, appear to coincide with areas that have a lowered regard of copyright and other intellectual property.

I suspect the strongest thing we can do for computer security is to create and approve a framework of laws that engender respect for intellectual property of all stripes, from corporate data, to music, movies, and video games. While many of us are leery of the DMCA, I think we can eventually all agree that a rising tide lifts all boats, and that empowering users to take control over how their information is shared is ultimately a good thing; especially if it creates an environment in which cybercrime can no longer flourish into our computers.
Research 2.0 by Jazz-Masta · 2010-04-06 06:22 · Score: 4, Interesting

The team describes its findings in a report called Shadows in the Cloud: An investigation into Cyber Espionage 2.0
Even "researchers" have caught the marketing bug. "Cloud" "Cyber" "2.0"
Full report here:
http://www.scribd.com/doc/29435784/SHADOWS-IN-THE-CLOUD-Investigating-Cyber-Espionage-2-0
Major discovery by Drunkulus · 2010-04-06 06:28 · Score: 3, Funny

We also discovered a gigantic copyright infringement network, which is codenamed "scribd."
Let me refer all of you to this... by GPLDAN · 2010-04-06 06:31 · Score: 5, Informative

The best bit of journalism in the last year on this subject:

http://www.nytimes.com/2010/02/02/business/global/02hacker.html?emc=eta1

Now - read the story of Maija the not-so-l33t hacker and pay special attention to how the story explains how the Chinese special intelligence services work. The whole thing is outsourced, loose affiliation. The blackwater-ization of hacking, where for the government is most interested in a plausible denial.

Then tell me again how the Chinese intelligence services aren't funding and running Ghostnet.
The way I see it, these hackers probably get treated as well as Bobby Kotick treats his people. Do thy bidding and get hookers sent over for lunch, maybe two if you find a 0-day.
1. Re:Let me refer all of you to this... by osu-neko · 2010-04-06 07:25 · Score: 3, Insightful
  
  Then tell me again how the Chinese intelligence services aren't funding and running Ghostnet.
  Now now, let's not be hasty, there's no evidence in this report of the involvement of the People's Republic of China. It could be anyone on the long list of organizations who happen to hate the Dalai Lama, Chinese dissidents, etc. ;)
  
  --
  "Convictions are more dangerous enemies of truth than lies."
2. Re:Let me refer all of you to this... by Anonymous Coward · 2010-04-06 07:50 · Score: 0
  
  Yeah, I have been driving over the speed limit for years. Now tell me again how Mr. Obama, Bush and Clinton aren't funding me to drive over the speed limit.
Microsoft to Blame by MyLongNickName · 2010-04-06 06:32 · Score: 0, Flamebait

From wikipedia "Its command and control infrastructure is based mainly in the People's Republic of China and has infiltrated high-value political, economic and media locations[3] in 103 countries. Computer systems belonging to embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City were compromised. Although the activity is mostly based in China, there is no conclusive evidence that the Chinese government is involved in its operation.[4]"
Anyone want to take a bet on the percentage of compromised Windows systems versus Linux system versus Macs?

--
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Now you are part of the GhostNet by Anonymous Coward · 2010-04-06 06:37 · Score: 0

Because you downloaded the linked pdf and got pwnz0r3dz0mg!!1!!!!1
and there is never a case of US involvement? by kubitus · 2010-04-06 06:40 · Score: 2, Interesting

Echelon is too costly.
so build into all US produced ( or at least with US label ) network devices a small Trojan Boot Loader hidden with dirty programming.
and activate these TBL's with instructions hidden in serachengine answers- according to the serial No of who bought which.
And you end up with a fifth colon paid by the very IT user.
( A French Diplomat made a slip of tounge when asked if they did not fear Argentine to use Exocet missiles against themselves: we can switch it off - analogue a US Diplomat may slipof tongue: we can switch it ON )
1. Re:and there is never a case of US involvement? by russotto · 2010-04-06 06:52 · Score: 4, Insightful
  
  so build into all US produced ( or at least with US label ) network devices a small Trojan Boot Loader hidden with dirty programming.
  It's plausible, but it's a works-once kind of thing. As soon as you make any major use of it, it's going to be found out, and everyone else is going to go looking for it. So you have to save it for when it's really valuable, but doing that means you risk it being found anyway and never using it.
  It['s
  
  And you end up with a fifth colon paid by the very IT user.
  What happened to colons two through four?
2. Re:and there is never a case of US involvement? by Arthur+Grumbine · 2010-04-06 06:52 · Score: 1
  
  And you end up with a fifth colon...
  :-)
  :-P
  :-0
  :-D
  >:-( <-----The Fifth Colon. Fear his anger.
  
  --
  Now that I think about it, I'm pretty sure everything I just said is completely wrong.
3. Re:and there is never a case of US involvement? by mooingyak · 2010-04-06 08:04 · Score: 1
  
  The Fifth Colon was a great movie.
  
  --
  William of Ockham had no beard. The most likely explanation is that it was chewed off by squirrels every morning.
4. Re:and there is never a case of US involvement? by kubitus · 2010-04-06 08:08 · Score: 1
  
  a prominent US-based IT security company estimated the effort to detect a TBL at 5 to 6 man-years plus a constructed event rousing the interest so that the TBL would be woken up from dormancy to be detected during the activation phase.
  to find TBL instructions and reporting home inside search engine requests was considered as fairly difficult.
5. Re:and there is never a case of US involvement? by lennier · 2010-04-06 13:36 · Score: 1
  
  And you end up with a fifth colon paid by the very IT user.
  Is that sort of like tearing someone a new one, only four times worse?
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
Tibet is part of China by wiredog · 2010-04-06 06:42 · Score: 2, Informative

and always has been, and don't try to tell the Chinese differently.

--

Best Slashdot Co
1. Re:Tibet is part of China by deaddeng · 2010-04-06 14:08 · Score: 3, Insightful
  
  As Americans, we should show our condemnation for China's illegal occupation of Tibet by returning California, Texas, and New Mexico to Mexico, and Hawaii to its indigenous people. I think we should keep the rest, which we either bought from the French or stole fair and square.
  
  --
  --- .085 as cool; proving that a little knowledge is dangerous
I think by daoshi · 2010-04-06 06:51 · Score: 1

I think you just discovered a big botnet. Countless machines are being used a camouflage to blur out the real man behind the operations.
Probably, it's just a free game with an open door. Anyone who figured out this botnet's protocol would be able to use it for free.
mirror? by Anonymous Coward · 2010-04-06 07:10 · Score: 0

Where is the non-Scribbed PDF?
1. Re:mirror? by Anonymous Coward · 2010-04-06 14:03 · Score: 0
  
  h++p://www.nartv.org/mirror/shadows-in-the-cloud.pdf
  + = t
Not connected to the government by dave562 · 2010-04-06 07:21 · Score: 1

Does anyone really believe that the Chinese (or any other government) would be stupid enough to do this from their own servers? One of the key tenents of espianoge is to cover your tracks. The closest something like this will ever get to the Chinese government is if the CIA or some other intelligence service happens to catch someone handing off a USB drive filled with whatever digital loot was acquired from the botnet. The government itself does not need to directly sponsor this sort of activity. It would be political suicide to do so. It is much too easy to obfuscate the process by farming it out.
1. Re:Not connected to the government by Jeng · 2010-04-06 07:47 · Score: 1
  
  The Chinese may be rationalizing their distance in a way that may not make sense to us, it only has to make sense to them to do it.
  
  --
  Don't know something? Look it up. Still don't know? Then ask.
Re:Blah blah blah Western hypocrisy by Jeng · 2010-04-06 07:23 · Score: 1

Of course every country out there spies, but most don't try to take over innocent civilians computers in a bid to do so.
It is mentioned on Slashdot not because of the action, but the method.
Well if the US or Russia does take over civilians computers, they are at least better at hiding it than the Chinese.
That is one thing about the Chinese government, they don't tend to be subtle.

--
Don't know something? Look it up. Still don't know? Then ask.
Isn't it ironic? by ka9dgx · 2010-04-06 07:29 · Score: 1, Troll

I find it quite ironic that they publish their report as a PDF, one of the biggest sources of vulnerabilities known to man. Why not something a bit more open and standard, like HTML?
Re:Blah blah blah Western hypocrisy by Jeremy+Erwin · 2010-04-06 08:24 · Score: 1

That is one thing about the Chinese government, they don't tend to be subtle.
Not necessarily Perhaps you're transposing the awkward and unsubtle dialect of Chinglish to other aspects of Chinese culture.
Why not China? by MaWeiTao · 2010-04-06 09:20 · Score: 1

Why couldn't this be China. Perhaps they don't have the resources of the US or Europe to find more discrete methods of espionage. Perhaps they just don't care who knows. Clearly it doesn't matter all that much if the evidence points to them because so many people are reluctant to accuse China anyway.
I'd say the ones doing the work are probably sloppy. Skilled, but not thorough enough to cover their tracks. And the higher ups are probably feeling rather cocky and couldn't care less since on the international stage they seem to be getting their way anyway.
the nerve by Anonymous Coward · 2010-04-06 09:42 · Score: 0, Troll

The Indian government called, they want their curry recipe back.
Re:first post... by Anonymous Coward · 2010-04-06 10:38 · Score: 0

That's usually an excuse used by an extrovert suffering from feelings of inadequacy.
Troll? by ka9dgx · 2010-04-10 11:17 · Score: 1

How was that a troll? PDFs suck, we all hate having to deal with them.... yet they offer no other way to view the report.