![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
rfmcdonaldSteve Kupferman at Torontoist provides a decent summary of the recent discovery by Toronto-based researchers of the GhostNet computer espionage network.
The GhostNet Wikipedia article makes the rather impressive scope of the network, which seemed to target computers connected to Tibetan groups and the Indian government (bot not exclusively!), clear.
The New York Times broke a story on Sunday that has since stirred up some local interest (and some national interest as well): Toronto researchers Greg Walton and Nart Villeneuve of the U of T Munk Centre for International Studies' Citizen Lab were, along with Ottawa-based consultancy SecDev, instrumental in ferreting out some very shady spy activity happening on at least 1,295 computers around the world, approximately 30% of which were owned and operated by so-called "high-value" targets, including journalists, embassies—even the Dalai Lama. A lot of the data necessary for the investigation was gathered abroad, but the brunt of the analysis happened right here, in Toronto, under the aegis of U of T.
[. . .]
"For technical people, it's called spear-fishing," said Villeneuve, referring to the infiltration technique used by the spies. Spear-fishing consists of a crafty combination of social engineering and Trojan horse infection. Someone constructs a plausible email and sends it directly to a target user, with a word document or .pdf attachment. The attachment opens as expected when the user clicks on it, but at the same time it surreptitiously runs a small piece of code which opens a "back-door" in the victim computer, enabling the electronic assailant (please enjoy our many different ways of avoiding the politically charged epithet "hacker") to download additional malicious code onto its hard drive at any time they choose. The attacker can then steal files, log keystrokes, and even use whatever webcams and microphones happen to be connected to the infected machine. Whoever was behind these attacks (circumstantial evidence points to the Chinese government, but Citizen Lab and SecDev refuse to make accusations) must have repeated these steps dozens, if not hundreds of times. "We've entered the age of do-it-yourself signals intelligence," said Diebert/
The GhostNet Wikipedia article makes the rather impressive scope of the network, which seemed to target computers connected to Tibetan groups and the Indian government (bot not exclusively!), clear.
Compromised systems were discovered in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan and the office of the Prime Minister of Laos. The foreign ministries of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan were also targeted. No evidence was found that U.S. or U.K. government offices were infiltrated, although a NATO computer was monitored for half a day and the computers of the Indian embassy in Washington, D.C., were infiltrated.
[. . .]
The researchers from the Infowar Monitor stated they could not conclude that the Chinese government was responsible for the spy network, while a report from researchers at the University of Cambridge says they believe that the Chinese government is behind the intrusions. Researchers have also noted the possibility that GhostNet was an operation run by private citizens in China for profit or for patriotic reasons, or created by intelligence agencies from other countries such as Russia or the United States.[2] The Chinese government has stated that China "strictly forbids any cyber crime".
[. . .]
Despite the lack of evidence to pinpoint Chinese government in the operation of GhostNet, researchers have found actions taken by government officials from the People's Republic of China that corresponded with the information obtained via the 'GhostNet'. One such incident involved a diplomat who was pressured by Beijing after receiving an email invitation to a visit with the Dalai Lama from his representatives. Another incident was about a Tibetan woman who was interrogated by Chinese intelligence officers and was shown transcripts of her online conversations. Liu Weimin, the spokesman of the Chinese embassy in London, has denied the involvement of Chinese government, stating that there is no evidence that his government was involved. He has called the accusation part of a "propaganda campaign" and "just some video footage pieced together from different sources to attack China".
