Espionage network GhostNet, first identified about a year ago, is much
larger and more sophisticated than previously assumed. This is according
to a study entitled "Shadows in the Cloud", released today (Tuesday) by
the Munk Centre for International Studies, the Information Warfare
Monitor, the SecDev Group and the Shadowserver Foundation. GhostNet is
essentially a botnet for distributing and controlling spyware.
In March 2009, whilst investigating a computer system belonging to the
Tibetan government-in-
Munk Centre for International Studies discovered the largest
computer-controlled espionage network ever seen. The network, which they
dubbed GhostNet, was controlled almost exclusively by computers located
in China and had infiltrated 1,295 computers in 103 countries over a two
year period.
According to the new study, the espionage attack was primarily directed
against India, the Tibetan government-in-
On following the trail of evidence, the researchers came across Indian
government documents marked as 'secret' and 'confidential' which were
concerned with subjects including the security situation in Indian
states and India's relationships with other countries. 1,500 e-mails
from the Dalai Lama's office were intercepted between January and
November 2009.
According to the study, the attackers used cloud technologies and social
networks, such as Twitter, Google Groups and blogs, to communicate with
the botnet and spy bots to make their infrastructure as reliable as
possible. The attackers' traces are reported to lead to Chengdu province
in Southwest China. The Chinese government immediately rejected any
suggestion that it may have been involved. Chinese Foreign Ministry
spokeswoman Jiang Yu told the Peking press that China denied any
involvement in cyber-crimes and was taking action against hackers. She
added that attacks of this type are an international problem. (dpa)
Source:
http://www.h-online.com/security/news/item/GhostNet-2-0-espionage-network-uses-cloud-services-970795.html
