Sounds like the stuff of fiction doesn’t it? Covert networks and unknown organisations, spying on hundreds of government offices, embassies, news/media organisations and personal computers around the world. But apparently its true. Unlike in the movies though this was discovered by a group of researchers based in a basement office at the University of Toronto.
Self confessed computer geeks Ronald Deibert and Nart Villeneuve were asked by the office of the Dalai Lama, the exiled Tibetan leader, to examine its computers for signs of malicious software, or Malware. Using a combination of fieldwork, technical scouting, and laboratory analysis, during a ten month investigation, they not only found evidence of Maleware, but discovered a far reaching network, spanning 1,295 infected computers in 103 countries, 30% of which could be described as high-value targets.
The Canadian researchers have been practicing what some term ‘Hacktivism’ from the Citizen Lab, part of Munk Center for International Studies at Toronto University for some time. Citizen Lab has a reputation for using technology to combat corporate and governmental attempts to control cyberspace, and say that the Malware found is remarkable both for its sweep and for its Big Brother-style capacities. What they’re referring to is, that it is not been merely “Phishing” for random information, but has the ability to turned on the camera and audio-recording functions of an infected computer enabling them to see and hear what is going on in a room. The researchers were able to manipulate the code and infect a machine in their office, allowing them to monitor the commands given to the infected computers, to see the names of documents retrieved by the spies.
A 53 page report into Ghost.net was published on-line under the ‘Information Warfare Monitor’ banner yesterday (29/03/09). The report is careful not to make any claims, as to who is behind the operation and in fact is quick to say that the investigation has raised more questions than answers.
Two computer researchers at Cambridge University, Shishir Nagaraja and Ross Anderson, also worked with the Tibetans, and released released their report “The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement” yesterday (29/04/09). The British report went much further in its accusations against the Chinese, and warned that other hackers could adopt the tactics used in the Malware operation.
While it has long since been assumed that various governments are running these kind of operations, this is by far the largest yet to be discovered, and its still currently active infecting around 14 new computers a day.
John Markoff of the New York times reports that a spokesman for the Chinese Consulate in New York dismissed the idea that China was involved. “These are old stories and they are nonsense,” the spokesman, Wenqi Gao, said. “The Chinese government is opposed to and strictly forbids any cybercrime.”
Like with any other piece of Maleware, machines can be infected when users either click on an email attachment or a website which installs code onto the client device, allowing commands to be sent to the machine remotely, temporarily taking control of it. As an IT manager, i am only too familiar with Maleware and have some idea of just how hard it can be to spot and remove, But i think i must watch to much TV, in that i assumed that embassies and such high profile organisations as NATO, and the office of the Dalai Lama would be running enough anti maleware and network intrusion software to prevent this type of attack.