Sunday, March 29, 2009

Cyber Espionage

News that Chinese hackers have infiltrated computers across the globe isn't going to do any favors for China's reputation abroad.

From InfoWorld:

Photo stolen from some religious right-wing hack blog

A 10-month cyberespionage investigation has found that 1,295 computers in 103 countries and belonging to international institutions have been spied on, with some circumstantial evidence suggesting China may be to blame.

The 53-page report, released on Sunday, provides some of the most compelling evidence and detail of the efforts of politically-motivated hackers while raising questions about their ties with government-sanctioned cyberspying operations.

It describes a network which researchers have called GhostNet, which primarily uses a malicious software program called gh0st RAT (Remote Access Tool) to steal sensitive documents, control Web cams and completely control infected computers.


Although evidence shows that servers in China were collecting some of the sensitive data, the analysts were cautious about linking the spying to the Chinese government. Rather, China has a fifth of the world's Internet users, which may include hackers that have goals aligning with official Chinese political positions.

"Attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading," the report said.

However, China has made a concerted effort since the 1990s to use cyberspace for military advantage "The Chinese focus on cyber capabilities as part of its strategy of national asymmetric warfare involves deliberately developing capabilities that circumvent U.S. superiority in command-and-control warfare," it said.

Read On
The servicemen specializing in PR techniques for the Chinese military would be a big help on damage-control for this story.

Although this story just broke and the details are a bit sketchy, it sounds like specific political motivations are probably what's behind this powerful spyware. Some things never change.

I'm not really sure what to think about this story. It's disturbing, no doubt. But I have to imagine that this is just a case of the Chinese being sloppy, acting recklessly, and getting caught.

The kind of software that China was, supposedly, sending out has to, I reckon, be employed by governments across the globe. The Chinese use it on the people and groups they think are its biggest threat. Whereas I have to imagine the US uses such techniques to combat terror and stuff it deems evil.

Nobody can say for sure who the US and its CIA and Department of Homeland Security watches. Especially during the Bush Administration and the paranoid times it ruled over, the country was probably watching a very wide array of groups and people (including its own citizens).

Saying that, the list of groups that this malicious Chinese spyware had infiltrated seem pretty innocuous:
The University of Toronto report classified close to 30 percent of the infected computers as being "high-value" targets. Those machines belong to the ministry of foreign affairs of Bangladesh, Barbados, Bhutan, Brunei, Indonesia, Iran, Latvia and the Philippines. Also infected were computers belonging to the embassies of Cyprus, Germany, India, Indonesia, Malta, Pakistan, Portugal, Romania, South Korea, Taiwan and Thailand.
This kind of "social malware" will surely get worse and more prevalent as we move forward. I'm not sure what one can really do to protect one's self. Probably nothing.


Brother Bastardfish said...

Horses for courses...

Bill said...

There are some simple rules about hacking. One of them is never to use the same server and same software to do the hacking for any length of time and for large number of targets. Any hacking scheme can be broken with time, so limit your exposure both by length of time and number of targets.

Unless you want to get caught to show your opponents that you have that capability.

But, anyway, hacking is not new, and is use by every nation to spy, infiltrate, and disable others. US, UK, Taiwan, Russia, China.. all use that too. And why not ? It is available, effective, and fruitful. Moreover, those get caught won't suffer anything except the need for a software change, may be a location change too. But VPN allows you to hack from a remote location...

Taylor O said...
This comment has been removed by a blog administrator.