CATEGORIES
home News

‘GhostNet’ Spies on Governments & Dalai Lama

by Jennifer JohnsonSunday, March 29, 2009, 05:49 PM EDT

After a 10-month cyber espionage investigation, researchers have found 1,295 computers in 103 countries with software that is capable of stealing information from high-profile targets such as the Dalai Lama and government agencies around the world. In the report published today by Information Warfare Monitor, a Toronto-based organization, we learn the affected computers include embassies belonging to Germany, India, Romania, and Thailand as well as the ministries of foreign affairs for Barbados, Iran, and Latvia.

The infected computers acted as an illicit information-gathering network. Researchers observed sensitive documents being stolen from a computer network operated by the Dalai Lama’s organization. The attacks have been traced back to computers in China, but the analysts were cautious to link the spying to the Chinese government, especially since China has one fifth of the world’s Internet users. It’s very conceivable some of those users could be hackers that have goals that align with the Chinese political positions.

Researchers at Cambridge University also published a report today. This report suspected the Chinese government or a group that has close ties to the Chinese government is responsible for the attack on the computer in the Dalai Lama’s office. The Chinese government has repeatedly denied past allegations that it sponsors cyber attacks.

The Information Warfare Monitor dubbed the vast spy network ‘GhostNet’ after the gh0st RAT (Remote Access Tool) malware at the heart of it. The malicious software provided almost complete control over a victim’s computer. With the software, the attackers were able to search for and steal sensitive files, capture passwords, and use a computer’s Web cam. According to the report, victims and organizations are almost certainly oblivious to the compromised situation.

Mikko Hypponen, director of antivirus research at F-Secure, says the operation could have started as early as 2004, which is when security researchers noticed many of the targeted institutions were being sent bogus email messages with attached executable files. Hypponen has been tracking the attacks for years and says GhostNet’s tactics have evolved considerably from the early days.

Tags:  Malware, security, Spyware, security breach
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment