[Air-L] Tracking GhostNet: Investigating a Cyber Espionage Network re Tibet

Elaine Yuan eyuan at uic.edu
Mon Mar 30 12:43:55 PDT 2009


a science of communication or a political fiction? sometimes it  
depends on whose voice is louder.

On Mar 28, 2009, at 3:59 PM, Barry Wellman wrote:

> fyi. Ron Deibert is a highly regarded colleague and friend. Runs
> CitizensLab at the University of Toronto.
> Barry Wellman
> _______________________________________________________________________
>  S.D. Clark Professor of Sociology, FRSC               NetLab Director
>  Department of Sociology                         University of Toronto
>  725 Spadina Avenue, Room 388                   Toronto Canada M5S 2J4
>  http://www.chass.utoronto.ca/~wellman             fax:+1-416-978-3963
>  twitter: barrywellman                  secondlife: wikiwarrior swords
>  Updating history:      http://chass.utoronto.ca/oldnew/cybertimes.php
> _______________________________________________________________________
> ---------- Forwarded message ----------
> Date: Sat, 28 Mar 2009 16:49:15 -0400
> From: Ronald Deibert <r.deibert at utoronto.ca>
> To: Ronald Deibert <r.deibert at utoronto.ca>
> Subject: Tracking GhostNet: Investigating a Cyber Espionage Network.
> Tracking GhostNet: Investigating a Cyber Espionage Network.
> The report has now been covered in an exclusive story by the New York
> Times' John Markoff.  Download the New York Times story here
> http://www.nytimes.com/2009/03/29/technology/29spy.html
> Researchers at the Information Warfare Monitor uncovered a suspected
> cyber espionage network of over 1,295 infected hosts in 103
> countries.  This finding comes at the close of a 10-month
> investigation of alleged Chinese cyber spying against Tibetan
> institutions that consisted of fieldwork, technical scouting, and
> laboratory analysis.
> Close to 30% of the infected hosts are considered high-value and
> include computers located at ministries of foreign affairs, embassies,
> international organizations, news media, and NGOs.  The investigation
> was able to conclude that  Tibetan computer systems were compromised
> by multiple infections that gave attackers unprecedented access to
> potentially sensitive information,  including  documents from the
> private office of the Dalai Lama.
> Who is ultimately in control of the GhostNet system? While our
> analysis reveals that numerous politically sensitive and high value
> computer systems were compromised in ways that circumstantially point
> to China as the culprit, we do not know the exact motivation or the
> identity of the attacker(s), or how to accurately characterize this
> network of infections as a whole.  One of the characteristics of  
> cyber-
> attacks of the sort we document here is the ease by which attribution
> can be obscured.
> Regardless of who or what is ultimately in control of GhostNet, it is
> the capabilities of exploitation, and the strategic intelligence that
> can be harvested from it, which matters most. Indeed, although the
> Achilles’ heel of the GhostNet system allowed us to monitor and
> document its far-reaching network of infiltration, we can safely
> hypothesize that it is neither the first nor the only one of its kind.
> As Information Warfare Monitor principal investigators Ron Deibert and
> Rafal Rohozinski say in the foreword to the report, “This report
> serves as a wake-up call.  At the very least, a large percentage of
> high-value targets compromised by this network demonstrate the
> relative ease with which a technically unsophisticated approach can
> quickly be harnessed to create a very effective spynet…These are major
> disruptive capabilities that the professional information security
> community, as well as policymakers, need to come to terms with  
> rapidly.”
> Download the full report on 29 March 2009 at
> http://www.infowar-monitor.net/ghostnet/
> Ronald J. Deibert
> Director, The Citizen Lab
> Munk Centre for International Studies
> University of Toronto
> r.deibert at utoronto.ca
> http://deibert.citizenlab.org/
> _______________________________________________
> The Air-L at listserv.aoir.org mailing list
> is provided by the Association of Internet Researchers http://aoir.org
> Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
> Join the Association of Internet Researchers:
> http://www.aoir.org/

More information about the Air-L mailing list