China GhostNet and the Snooping Dragon
p2pnet news view Security | Freedom | P2P:- Claims of a massive Chinese global computer spy system called GhostNet are “exaggerated” and comprise an attempt to paint the country as a “threat,” says China Daily.
China has been accused of, “using malicious software to infiltrate and take control of almost 1,300 computers in 103 countries, including those used in several foreign ministries, embassies and the private office of the exiled Tibetan politician,” says the story.
But, “This is purely another political issue that the West is trying to exaggerate,” it quotes Song Xiaojun, a Beijing-based strategy and military analyst as saying, going on: “As China grows, some in the West are trying every opportunity to manufacture fears over China’s threat.”
The investigation, undertaken by Information Warfare Monitor (IWM) Canada’s Secdev Group and the Munk Centre for International Studies at the University of Toronto, revealed GhostNet, said to have compromised, “Nato and foreign ministries, embassies, banks and news organisations across the world, as well as computers used by the Dalai Lama and Tibetan exiles,” says Times Online, going on»»»
Chinese hackers are thought to have targeted Western networks repeatedly. Computers at the Foreign and Commonwealth Office and other Whitehall departments were attacked from China in 2007. In the same year, Jonathan Evans, the MI5 Director-General, alerted 300 British businesses that they were under Chinese cyber-attack.
British intelligence chiefs have warned recently that China may have gained the capability effectively to shut down Britain by crippling its telecoms and utilities. Equipment installed by Huawei, the Chinese telecoms giant, in BT’s new communications network could be used to halt critical services such as power, food and water supplies, they said.
Psiphon freedom-of-choice software
At the bottom of every p2pnet story is, “Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.” It’s been there for years and links to Psiphon freedom-of-choice software that, “gives citizens worldwide access to an open Internet,” as the site states, going on the application was developed as a human rights software project by the Citizen Lab at the Munk Centre for International Studies.”
It’s also been shortlisted for the prestigious Freedom of Expression award in the The Economist New Media category, with the awards to be presented on April 21 in London.
But that’s far from the Munk Centre’s only contribution to online freedom, as this latest revelation makes clear.
States China Daily:
“The researchers, who were commissioned by the Dalai Lama to examine its computers for signs of bugging, said they had found the foreign ministries of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan had been targeted.
” ‘Cyber security has been a global issue, but this time those who see China as an emerging threat again have picked the subject as a new weapon,’ Zhu Feng, a professor with the school of international studies at Peking University, said.
A ‘targeted surveillance attack designed to collect actionable intelligence’
The title of the Information Warfare Monitor report is The snooping dragon: social-malware surveillance of the Tibetan movement .
By Shishir Nagaraja of the Information Trust Institute University of Illinois at Urbana-Champaign, and Ross Anderson of the Cambridge University Computer Laboratory, it says in its introduction [our paragraph breaks] »»»
In this note we document a case of malware-based electronic surveillance of a political organisation by the agents of a nation state. While malware attacks are not new, two aspects of this case make it worth serious study.
First, it was a targeted surveillance attack designed to collect actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed.
Second, the modus operandi combined social phishing with high- grade malware.
This combination of well-written malware with well-designed email lures, which we call social malware, is devastatingly e ffective.
Few organisations outside the defence and intelligence sector could withstand such an attack, and al- though this particular case involved the agents of a major power, the attack could in fact have been mounted by a capable motivated individual.
This report is therefore of importance not just to companies who may attract the attention of government agencies, but to all organisations. As social-malware attacks spread, they are bound to target people such as accounts-payable and payroll sta who use computers to make payments.
Prevention will be hard. The traditional defence against social malware in government agencies involves expensive and intrusive measures that range from mandatory access controls to tiresome operational security procedures. These will not be sustainable in the economy as a whole.
Evolving practical low-cost defences against social-malware attacks will be a real challenge.
In conclusions, “we described how agents of the Chinese government compromised the computing infrastructure of the Office of His Holiness the Dalai Lama,” say Nagaraja and Ross, adding »»»
They used social phishing to install rootkits on a number of machines and then downloaded sensitive data. People in Tibet may have died as a result. The compromise was detected and dealt with, but its implications are sobering. It shows how diffcult it is to defend sensitive information against an opponent who uses social engineering techniques to install malware.
We have described this social malware attack here and considered its consequences. Although the attack we describe in this case study came from a major government, the techniques their agents used are available even to private individuals and are quite shockingly effective. In fact, neither of the two authors is confident that we could keep secrets on a network-connected machine that we used for our daily work in the face of determined interest from a capable motivated opponent. The necessary restrictions on online activity would not be consistent with effective academic work. Organisations that maintain sensitive information on network-attached computers and that may have such opponents had better think long and hard.
The implications are serious already for people and groups who may become the target of hostile state surveillance. In the medium term we predict that social malware will be used for fraud, and the typical company has really no defence against it. We expect that many crooks will get rich before effective countermeasures are widely deployed.
Stay tuned.
China Daily – Analysts dismiss ‘cyber spy’ claims, March 30, 2009
Times Online – Chinese hackers ‘using ghost network to control embassy computers’, March 30, 2009
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
