Document Actions
'Spooked by GhostNet,' April 16, 2009, #190
Spooked by GhostNet
By Dr Dave McIntyre, Director Integrative Center for Homeland Security, 16 April 2009
For years some computer experts have warned that individual cyber spooks are ready to make the jump from hacking and crime, to impacting international relations. But evidence that individuals have this much power has been illusive. Until now. I will tell you more if you will give me Just a Minute for Homeland Security.
I’m Dave McIntyre, Director of the Integrative Center for Homeland Security at Texas A&M.
Information Warfare Monitor is an electronic publication associated with Canadian information technology firms, and the Citizen Lab -- a group from the University of Toronto that monitors the exercise of political power in cyberspace.[1] [2] In September and October of 2008 they conducted field research in the offices of the Dali Lama and other Tibetan groups based in India, New York City, London, Paris, Brussels and Geneva. They were looking for evidence of an organized attempt to infiltrate these related computers for political purposes – stealing identities, identifying dissidents, and generally attempting to undermine the Tibetan government in exile. What they found was a sophisticated intelligence gathering and influence network different from anything seen before. At least 1,295 computers in 103 countries were being targeted. Protected identities were stolen. In some cases, cameras and microphones were turned on remotely, effectively spying on their owners. New computers were identified for attack based social networking with others. Acquaintances of the targets became targets themselves. Researchers dubbed this lattice work of related victims GhostNet. [3]
For the next five months they analyzed their discovery, to include who was directing four control servers and six command servers. Attacks targeted specific computers used by the Tibetan groups, planted hostile programs on them, and harvested information. At one point the Canadian researchers even designed a target computer of their own, disguised it as a Tibetan resource, and attracted an attack. They were able to watch as attackers took the bait, implanted hostile programs, extracted files and collected information. Then they traced the hostile activity back to its origins – in China.
Researchers have been careful to stipulate that they have no evidence that GhostNet was designed and run by the Chinese government. First they note that much of the knowhow and technology required to construct this project are widely available on the internet. Second, GhostNet could have been constructed by someone wanting to look like the Chinese, to deflect blame. Third, the perpetrators could have been private citizens, working on their own agenda.
But this should not make us feel any better. At least we know how to deal with a hostile government. The fact that an elaborate cyber-espionage system like GhostNet can be created by individuals, should spook the entire international community.
This is Dave McIntyre, Director of the Integrative Center for Homeland Security at Texas A&M, inviting you to join us again next week on Just a Minute . . . for Homeland Security.
[1] For information on Information Warfare Monitor see http://www.infowar-monitor.net/ .
[2] For information on Citizen Lab see http://www.citizenlab.org/ .
[3] Ron Deibert (Director Citizen Lab) and Rafal Rohozinski (DEO SecDev Group), Tracking GhostNet: Investigating a Cyber Espionage Network, Toronto, Canada: Munk Centre for International Studies, University of Toronto, march 29, 2009. http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network .