Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

GhostNet

From Wikipedia, the free encyclopedia
Electronic spy operation
For the fishing net, seeGhost net.

GhostNet (simplified Chinese:幽灵网;traditional Chinese:幽靈網;pinyin:YōuLíngWǎng) is the name given by researchers at theInformation Warfare Monitor to a large-scalecyber spying[1][2] operation discovered in March 2009. The operation is likely associated with anadvanced persistent threat, or a network actor that spies undetected.[3] Its command and control infrastructure is based mainly in thePeople's Republic of China and GhostNet has infiltrated high-value political, economic and media locations[4] in 103 countries. Computer systems belonging toembassies, foreign ministries and other government offices, and theDalai Lama'sTibetan exile centers in India, London and New York City were compromised.

Discovery

[edit]

GhostNet was discovered and named following a 10-month investigation by theInfowar Monitor (IWM), carried out after IWM researchers approached theDalai Lama's representative in Geneva[5] suspecting that their computer network had been infiltrated.[6] The IWM is composed of researchers from The SecDev Group and Canadian consultancy and theCitizen Lab,Munk School of Global Affairs at theUniversity of Toronto; the research findings were published in theInfowar Monitor, an affiliated publication.[7] Researchers from theUniversity of Cambridge'sComputer Laboratory, supported by theInstitute for Information Infrastructure Protection,[8] also contributed to the investigation at one of the three locations inDharamshala, where the Tibetan government-in-exile is located. The discovery of the 'GhostNet', and details of its operations, were reported byThe New York Times on March 29, 2009.[7][9] Investigators focused initially on allegations of Chinese cyber-espionage against theTibetan exile community, such as instances where email correspondence and other data were extracted.[10]

Compromised systems were discovered in theembassies ofIndia,South Korea,Indonesia,Romania,Cyprus,Malta,Thailand,Taiwan,Portugal,Germany andPakistan and the office of the Prime Minister ofLaos. Theforeign ministries ofIran,Bangladesh,Latvia,Indonesia,Philippines,Brunei,Barbados andBhutan were also targeted.[1][11] No evidence was found thatU.S. orU.K. government offices were infiltrated, although aNATO computer was monitored for half a day and the computers of theIndian embassy inWashington, D.C., were infiltrated.[4][11][12]

Since its discovery, GhostNet has attacked other government networks, for example Canadian official financial departments in early 2011, forcing them off-line. Governments commonly do not admit such attacks, which must be verified by official but anonymous sources.[13]

Technical functionality

[edit]

Emails are sent to target organizations that contain contextually relevant information. These emails contain malicious attachments, that when opened, enable aTrojan horse to access the system.[citation needed] This Trojan connects back to a control server, usually located in China, to receive commands. The infected computer will then execute the command specified by the control server. Occasionally, the command specified by the control server will cause the infected computer to download and install a Trojan known asGh0st Rat that allows attackers to gain complete, real-time control of computers runningMicrosoft Windows.[4] Such a computer can be controlled or inspected by attackers, and the software even has the ability to turn on camera and audio-recording functions of infected computers, enabling attackers to perform surveillance.[7]

Origin

[edit]

The researchers from the IWM stated they could not conclude that the Chinese government was responsible for the spy network.[14] However, a report from researchers at theUniversity of Cambridge says they believe that the Chinese government is behind the intrusions they analyzed at the Office of the Dalai Lama.[15]

Researchers have also noted the possibility that GhostNet was an operation run by private citizens in China for profit or for patriotic reasons, or created by intelligence agencies from other countries such as Russia or the United States.[7] The Chinese government has stated that China "strictly forbids any cyber crime."[1][10]

The "Ghostnet Report" documents several unrelated infections at Tibetan-related organizations in addition to the Ghostnet infections. By using the email addresses provided by the IWM report, Scott J. Henderson had managed to trace one of the operators of one of the infections (non-Ghostnet) toChengdu. He identifies the hacker as a 27-year-old man who had attended theUniversity of Electronic Science and Technology of China, and currently connected with the Chinese hackerunderground.[16]

Despite the lack of evidence to pinpoint the Chinese government as responsible for intrusions against Tibetan-related targets, researchers at Cambridge have found actions taken by Chinese government officials that corresponded with the information obtained via computer intrusions. One such incident involved a diplomat who was pressured by Beijing after receiving an email invitation to a visit with theDalai Lama from his representatives.[15]

Another incident involved a Tibetan woman who was interrogated by Chinese intelligence officers and was shown transcripts of her online conversations.[14][17] However, there are other possible explanations for this event. Drelwa usesQQ and other instant messengers to communicate with Chinese Internet users. In 2008, IWM found that TOM-Skype, the Chinese version of Skype, was logging and storing text messages exchanged between users. It is possible that the Chinese authorities acquired the chat transcripts through these means.[18]

IWM researchers have also found that when detected, GhostNet is consistently controlled from IP addresses located on the island ofHainan, China, and have pointed out that Hainan is home to the Lingshui signals intelligence facility and the Third Technical Department of the People's Liberation Army.[4] Furthermore, one of GhostNet's four control servers has been revealed to be agovernment server.[clarify][19]

See also

[edit]

References

[edit]
  1. ^abc"Major cyber spy network uncovered".BBC News. March 29, 2009.Archived from the original on March 30, 2009. RetrievedMarch 29, 2009.
  2. ^Glaister, Dan (March 30, 2009)."China Accused of Global Cyberspying".The Guardian Weekly. Vol. 180, no. 16. London. p. 5.Archived from the original on June 6, 2024. RetrievedApril 7, 2009.
  3. ^Sean Bodmer; Dr. Max Kilger; Gregory Carpenter; Jade Jones (2012).Reverse Deception: Organized Cyber Threat Counter-Exploitation. McGraw-Hill Osborne Media.ISBN 978-0071772495.
  4. ^abcdHarvey, Mike (March 29, 2009)."Chinese hackers 'using ghost network to control embassy computers'".The Times. London. Archived fromthe original on March 30, 2009. RetrievedMarch 29, 2009.
  5. ^"Tracking GhostNet: Investigating a Cyber Espionage Network".Archived from the original on July 3, 2017. RetrievedSeptember 9, 2017.
  6. ^"China denies spying allegations".BBC News. March 30, 2009.Archived from the original on March 31, 2009. RetrievedMarch 31, 2009.
  7. ^abcdMarkoff, John (March 28, 2009)."Vast Spy System Loots Computers in 103 Countries".New York Times.Archived from the original on April 1, 2009. RetrievedMarch 29, 2009.
  8. ^Shishir Nagaraja, Ross Anderson (March 2009)."The snooping dragon: social-malware surveillance of the Tibetan movement"(PDF).University of Cambridge. p. 2.Archived(PDF) from the original on April 20, 2009. RetrievedMarch 31, 2009.
  9. ^"Researchers: Cyber spies break into govt computers".Associated Press. March 29, 2009. Archived fromthe original on March 31, 2009. RetrievedMarch 29, 2009.
  10. ^abChina-based spies target Thailand.Bangkok Post, March 30, 2009. Retrieved on March 30, 2009.
  11. ^ab"Canadians find vast computer spy network: report".Reuters. March 28, 2009.Archived from the original on March 29, 2009. RetrievedMarch 29, 2009.
  12. ^"Spying operation by China infiltrated computers: Report".The Hindu. March 29, 2009. Archived fromthe original on April 1, 2009. RetrievedMarch 29, 2009.
  13. ^"Foreign hackers attack Canadian government".CBC News. February 17, 2011.Archived from the original on February 18, 2011. RetrievedFebruary 17, 2011.
  14. ^abTracking GhostNet: Investigating a Cyber Espionage NetworkArchived April 8, 2009, at theWayback Machine.Munk Centre for International Studies. March 29, 2009
  15. ^abNagaraja, Shishir; Anderson, Ross (March 2009)."The snooping dragon: social-malware surveillance of the Tibetan movement"(PDF). Computer Laboratory, University of Cambridge.Archived(PDF) from the original on April 20, 2009. RetrievedMarch 29, 2009.
  16. ^Henderson, Scott (April 2, 2009)."Hunting the GhostNet Hacker". The Dark Visitor. Archived fromthe original on April 6, 2009. RetrievedApril 2, 2009.
  17. ^U of T team tracks China-based cyber spiesToronto Star March 29, 2009Archived March 31, 2009, at theWayback Machine
  18. ^"BREACHING TRUST: An analysis of surveillance and security practices on China's TOM-Skype platform"(PDF).Archived(PDF) from the original on March 24, 2012. RetrievedJune 24, 2009.
  19. ^Meet the Canadians who busted GhostnetArchived December 9, 2011, at theWayback MachineThe Globe and MailMarch 29, 2009

External links

[edit]
Hacking in the 2000s
Incidents
2004
2005
2007
2008
2009
Groups
Individuals
Darknets
Hacking forums
Vulnerabilities
discovered
Malware
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
Retrieved from "https://en.wikipedia.org/w/index.php?title=GhostNet&oldid=1311672447"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2025 Movatter.jp