GhostNet

GhostNet is an electronic espionage virus , believed to have been introduced from China , that at the time of its discovery had infiltrated at least 1,295 computers in 103 countries. Computers from banks, embassies, foreign ministries and other government agencies and at least one of NATO , as well as computers from the Dalai Lama's Tibetan exile centers in India , Brussels , London and New York City were infected.

Exposure

GhostNet was discovered by researchers at the Munk Center for International Studies at the University of Toronto in collaboration with the Cambridge University Computer Laboratory after 10 months of research, and its mode of operation was described in The New York Times on March 29, 2009. The starting point of the investigation were allegations made by the Tibetan community in exile regarding Chinese cyber espionage against them; The related research revealed that many more devices had been infected or targeted.

The computer virus is able to activate the built-in webcam and the sound recording functions of infected computers for the purpose of room surveillance. The virus also enables an attacker to send malware to certain other recipients by e-mail via the infected computer, which means that the network expands by infecting computers in the communication area of the infected computer.

Affected

Chopped systems were in embassies of Germany, India, South Korea , Indonesia , Romania , Cyprus , Malta , Thailand , Taiwan , Portugal and Pakistan as well as in the foreign ministries of the Philippines , of Iran and of Bangladesh , Latvia , Indonesia, Brunei , Barbados and Bhutan discovered .

So far, however, no evidence has been found that government offices in the United States or Great Britain were also infiltrated, although a NATO computer had been infiltrated for half a day and the computers at the Indian embassy in Washington, DC had been infiltrated.

There are no official indications that public bodies or authorities of the People's Republic of China are or were involved in this espionage network. The Chinese government has renounced all responsibility. Investigators believe that the espionage activity could either be a profit-making operation by private individuals based in China or it came from so-called " patriotic hackers ". However, there is even the possibility that intelligence services from completely different countries are the originators of the attack.

"Best practices"

For Marc Henauer, who heads the operational situation center at the Swiss Reporting and Analysis Center for Information Assurance MELANI , the discovery of the GhostNet is no surprise. Internet espionage from the “Northeast Asian region” has been a problem for years. Even if no fundamentally new technical procedures were used in this latest attack, one must remain vigilant, he is quoted in a newspaper report.

Gh0stRat

Gh0stRat or GhostRat is a Trojan horse for Windows that Chinese GhostNet operators used to hack into some of the most sensitive computer networks in the world . It is a cyber espionage program . The term “advice” is an abbreviation for the English term Remote Administration Tool , which is often associated with Trojan horses.

GhostNet tries to slip malware into selected recipients via infected computers using a file attachment in order to infect other computers. According to Infowar Monitor (IWM), computers infected in this way download the Gh0stRat Trojan, which allows attackers to have comprehensive real-time control of the computer. Such computers can be controlled and observed by their hackers, up to and including the possibility of switching on connected cameras and microphones and thus spying on the location in the focus of the infected device.

Quotes

"Ghostnet sounds like something John le Carré would invent."

- Yevgeny Mozorov : The Fog of Cyberwar, April 2009

Individual evidence

↑ ^a ^b ^c ^d Vast Spy System Loots Computers in 103 Countries , The New York Times . March 28, 2009. Retrieved March 29, 2009.
↑ Charmaine Noronha: Researchers: Cyber spies break into govt computers , Associated Press . March 29, 2009.
↑ ^a ^b Major cyber spy network uncovered , BBC News . March 29, 2009.
↑ ^a ^b Canadians find vast computer spy network: report , Reuters . March 28, 2009. Retrieved March 29, 2009.
↑ Spying operation by China infiltrated computers: Report , The Hindu . March 29, 2009. Archived from the original on April 1, 2009. Retrieved on March 29, 2009.
↑ 'World's biggest cyber spy network' snoops on classified documents in 103 countries , The Times . March 29, 2009.
↑ The spy who came out of the data line: Hacker attacks from China use proven techniques. In: Neue Zürcher Zeitung . from April 1, 2009
↑ Cyberspies' code a click away - Simple Google search quickly finds link to software for Ghost Rat program used to target governments . In: Toronto Star . Toronto, Ontario, Canada March 31, 2009 ( online [accessed April 4, 2009]).
^ Vast Spy System Loots Computers in 103 Countries , The New York Times. March 28, 2009. Retrieved March 29, 2009.
↑ Chinese hackers 'using ghost network to control embassy computers' , The Times . March 29, 2009.
↑ The Fog of Cyberwar: NATO military strategists are waking up to the threat from online attacks. ( Memento of May 2, 2009 in the Internet Archive ) In: Newsweek . of April 27, 2009)

Web links

Reports on GhostNet by relevance - German
New reports on GhostNet - German
Jeremy Kirk: GhostNet cyber espionage probe still has loose ends (IT-World, June 18, 2009)
Worms in the diplomatic service: The background to the global espionage network "Ghostnet" ( Deutschlandfunk , April 4, 2009, Peter Welchering in conversation with Manfred Kloiber )
Ghostnet: Cold War 2.0 (gulli: news, April 6, 2009)
The snooping dragon: social-malware surveillance of the Tibetan movement (Cambridge University, March 28, 2009)
Tracking GhostNet Investigating a Cyber Espionage Network (University of Toronto, March 29, 2009)
Shadows in the Cloud: An investigation into cyber espionage 2.0 (Information Warfare Monitor, April 5, 2010)

Gh0stRat

[NY-TIMES-1] Vast Spy System Loots Computers in 103 Countries , The New York Times . March 28, 2009. Retrieved March 29, 2009.

[2] Charmaine Noronha: Researchers: Cyber spies break into govt computers , Associated Press . March 29, 2009.

[bbc-3] Major cyber spy network uncovered , BBC News . March 29, 2009.

[Reuters-4] Canadians find vast computer spy network: report , Reuters . March 28, 2009. Retrieved March 29, 2009.

[5] Spying operation by China infiltrated computers: Report , The Hindu . March 29, 2009. Archived from the original on April 1, 2009. Retrieved on March 29, 2009.

[nato-6] 'World's biggest cyber spy network' snoops on classified documents in 103 countries , The Times . March 29, 2009.

[7] The spy who came out of the data line: Hacker attacks from China use proven techniques. In: Neue Zürcher Zeitung . from April 1, 2009

[8] Cyberspies' code a click away - Simple Google search quickly finds link to software for Ghost Rat program used to target governments . In: Toronto Star . Toronto, Ontario, Canada March 31, 2009 ( online [accessed April 4, 2009]).

[9] Vast Spy System Loots Computers in 103 Countries , The New York Times. March 28, 2009. Retrieved March 29, 2009.

[10] Chinese hackers 'using ghost network to control embassy computers' , The Times . March 29, 2009.

[11] The Fog of Cyberwar: NATO military strategists are waking up to the threat from online attacks. ( Memento of May 2, 2009 in the Internet Archive ) In: Newsweek . of April 27, 2009)