Vast global spy network discovered!

Sounds like the stuff of fiction doesn’t it? Covert networks and unknown organisations, spying on hundreds of government offices, embassies, news/media organisations and personal computers around the world. But apparently its true. Unlike in the movies though this was discovered by a group of researchers based in a basement office at the University of Toronto.

Self confessed  computer geeks Ronald Deibert and Nart Villeneuve were asked by the office of the Dalai Lama, the exiled Tibetan leader, to examine its computers for signs of malicious software, or Malware. Using a combination of fieldwork, technical scouting, and laboratory analysis, during a ten month investigation, they not only found evidence of Maleware, but  discovered a far reaching network, spanning 1,295 infected computers in 103 countries, 30% of which could be described as high-value targets.

The Canadian researchers have been practicing what some term ‘Hacktivism’ from the Citizen Lab,  part of  Munk Center for International Studies at Toronto University for some time. Citizen Lab has a reputation for using technology to combat corporate and governmental attempts to control cyberspace, and say that the Malware found is remarkable both for its sweep and for its Big Brother-style capacities. What they’re referring to is, that it  is not been merely “Phishing” for random information, but has the ability to turned on the camera and audio-recording functions of an infected computer enabling them to see and hear what is going on in a room. The researchers were able to manipulate the code and infect a machine in their office, allowing them to monitor the commands given to the infected computers,  to see the names of documents retrieved by the spies.

A 53 page report into Ghost.net was published on-line under the ‘Information Warfare Monitor’ banner yesterday (29/03/09). The report is careful not to make any claims, as to who is behind the operation and in fact  is quick to say that the investigation has raised more questions than answers.

Two computer researchers at Cambridge University, Shishir Nagaraja and Ross Anderson, also worked with the Tibetans, and released released their report “The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement” yesterday (29/04/09). The British report went much further in its accusations against the Chinese, and warned that other hackers could adopt the tactics used in the Malware operation.

While it has long since been assumed that various governments are running these kind of operations, this is by far the largest yet to be discovered, and its still currently active infecting around 14 new computers a day.

John Markoff of the New York times reports that a spokesman for the Chinese Consulate in New York dismissed the idea that China was involved. “These are old stories and they are nonsense,” the spokesman, Wenqi Gao, said. “The Chinese government is opposed to and strictly forbids any cybercrime.”

Like with any other piece of Maleware, machines can be infected when users either click on an email attachment or a website which installs code onto the client device, allowing commands to be sent to the machine remotely, temporarily taking control of it. As an IT manager, i am only too familiar with Maleware and have some idea of just how hard it can be to spot and remove, But i think i must watch to much TV, in that i assumed that embassies and such high profile organisations as NATO, and the office of the Dalai Lama would be running enough anti maleware and network intrusion software to prevent this type of attack.

Sources: Tracking Ghost net Report, Snooping dragon ReportThe New York Times, The Toronto Star

Related:FBI Honeytrap Darkmarket.ws is sprung, FBI protect us from terrorism by watching Warcraft?

Vast global spy network discovered!

Viruses target social networks

Last week i fell victim to a virus. More correctly i fell victim to  a piece of maleware / spyware. Being as i a work in IT it didn’t cause to much of a problem, but it did make me take another look at the whole spyware problem.

The first think that surprised me wass that my current anti virus/maleware software had not picked it up. I’m a bit of a security control freak and actually run online, gateway , server and desktop Av, none of which detected or matched the patterns in this virus. The virus managed to set up its own proxy server on my machine, bypass my own proxy server, disable my local Av software and  run a number of exe files that mimicked the windows alert modules telling me the system had detected a problem and offering to install software to help. In fact even when i ran deep scans with trend, and spybot search and destroy, 2 leading titles in anti maleware they reported that my system was running normally with to viruses found. It was obvious that i did have a problem, in that there were around 160 exe files running and a new windows explorer window appearing every couple of minutes. It didn’t take long to do a quick google search on the individual exe files and find something that could remove it.

The second thing that surprised me, how easily i almost fell for providing my credit card details on a machine i knew to be affected. After 2 days of working on my laptop, while the very time consuming deep scans ran on my workstation,  I was so pleased to have found something that promised to kill the virus for once and for all that i very almost, went ahead and payed the $30 for an online license.

The third thing worth mentioning is how i fell for getting the virus in the first place. I guess it was a cross between a social engineering attach and a straightforward maleware attack. I in short i got a message on facebook inviting me to view a movie clip from a friend, this then took me to what looked like that persons you tube account, but where you would expect to see the movie playing there was a message saying that my version of flash player was out of date and to click to continue, the usual warning popped up before installing. All of which i clicked through, as it look so similar to a genuine flash updater. Next think you know i’ve restarted and all sorts of pop ups are saying a virus has been detected and linking to software products to purchase to remove this.

When you think about it, this is genius. The latest generation of internet users are very into social networks, but are much less tech savvy when it comes to security, and protecting themselves. They are so used to clicking ‘yes’,  ‘install’, ‘accept’, ‘i agree’, without reading anything of what they are actually agreeing to that they are easy targets when it comes to installing harmful stuff, like maleware and viruses. I myself am a classic example, busy day in the office and a box pops asking me to agree to an update to software i trust from a person i know and i say yes without a second thought.

It would seem that i am nt the only one thought, cnet this week reported on the koobface virus currently hitting facebbok users, and there are no end of others popping up everyday.

Viruses target social networks