Tracking GhostNet: Investigating a Cyber ... - Nart Villeneuve
Tracking GhostNet: Investigating a Cyber ... - Nart Villeneuve
Tracking GhostNet: Investigating a Cyber ... - Nart Villeneuve
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
JR02-2009 <strong>Tracking</strong> <strong>GhostNet</strong> - FOREWORD<br />
March 29, 2009<br />
Foreword<br />
<strong>Cyber</strong> espionage is an issue whose time has come. In this second report from the Information Warfare<br />
Monitor, we lay out the findings of a 10-month investigation of alleged Chinese cyber spying against<br />
Tibetan institutions.<br />
The investigation, consisting of fieldwork, technical scouting, and laboratory analysis, discovered a lot more.<br />
The investigation ultimately uncovered a network of over 1,295 infected hosts in 103 countries.<br />
Up to 30% of the infected hosts are considered high-value targets and include computers located<br />
at ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The<br />
Tibetan computer systems we manually investigated, and from which our investigations began,<br />
were conclusively compromised by multiple infections that gave attackers unprecedented access to<br />
potentially sensitive information.<br />
But the study clearly raises more questions than it answers.<br />
From the evidence at hand, it is not clear whether the attacker(s) really knew what they had<br />
penetrated, or if the information was ever exploited for commercial or intelligence value.<br />
Some may conclude that what we lay out here points definitively to China as the culprit. Certainly<br />
Chinese cyber-espionage is a major global concern. Chinese authorities have made it clear that they<br />
consider cyberspace a strategic domain, one which helps redress the military imbalance between<br />
China and the rest of the world (particularly the United States). They have correctly identified<br />
cyberspace as the strategic fulcrum upon which U.S. military and economic dominance depends.<br />
But attributing all Chinese malware to deliberate or targeted intelligence gathering operations by<br />
the Chinese state is wrong and misleading. Numbers can tell a different story. China is presently<br />
the world’s largest Internet population. The sheer number of young digital natives online can more<br />
than account for the increase in Chinese malware. With more creative people using computers, it’s<br />
expected that China (and Chinese individuals) will account for a larger proportion of cybercrime.<br />
Likewise, the threshold for engaging in cyber espionage is falling. <strong>Cyber</strong>crime kits are now available<br />
online, and their use is clearly on the rise, in some cases by organized crime and other private actors.<br />
Socially engineered malware is the most common and potent; it introduces Trojans onto a system,<br />
and then exploits social contacts and files to propagate infections further.<br />
Furthermore, the Internet was never built with security in mind. As institutions ranging from<br />
governments through to businesses and individuals depend on 24-hour Internet connectivity, the<br />
opportunities for exploiting these systems increases.