Vast Web Espionage Network Discovered
By using botnets, politically motivated attackers can enjoy relative impunity.
More
than 1,200 computers worldwide have reportedly been infected by what appears to
be a politically motivated spy system. Researchers from the Munk Centre for International Studies at the University of
Toronto discovered the sprawling “Ghostnet” after being asked to analyze
computers belonging to the office of the Dalai Lama. According to Nart Villeneuve, a PhD student and
one of the researchers involved:
Close
to 30 [percent] of the infected hosts are considered high-value and include
computers located at ministries of foreign affairs, embassies,
international organizations, news media, and NGOs.
The investigation was able to conclude that Tibetan computer systems
were compromised by multiple infections that gave attackers
unprecedented access to potentially sensitive information, including
documents from the private office of the Dalai Lama.
Although
some have attributed the
spying to the Chinese government, the Toronto researchers say they can’t
definitely pin the system to any particular group, even if it seems likely that
it’s being run by people based in China.
This story is only available to subscribers.
Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.
Subscribe now
Already a subscriber?
Sign in
That
sort of uncertainty is the way of the future. In a recent story about politically motivated denial
of service attacks, I wrote:
A big problem with these politically motivated attacks, according to Jose Nazario, manager of security research for Arbor Networks, is that it’s particularly hard to pinpoint who is really responsible. While it’s easy to determine which botnet
is the source of an attack, it’s far harder to determine who might be
paying for the attack. This is a big worry for governments looking for
redress or retaliation.
The
Internet–amazing, distributed technology that it is–offers plausible
deniability for those who would take advantage of its darker side. The
University of Toronto researchers noted that lack of clarity surrounding
international law also makes it hard to pursue the investigation to a
satisfying conclusion. Whether used for denial-of-service attacks or spying,
the relative legal immunity these botnets enjoy will make them a tempting tool
for unscrupulous organizations for a long time to come. Villeneuve concludes:
Regardless of who or what is ultimately in control of GhostNet,
it is the capabilities of exploitation, and the strategic intelligence
that can be harvested from it, which matters most. Indeed, although the
Achilles’ heel of the GhostNet
system allowed us to monitor and document its far-reaching network of
infiltration, we can safely hypothesize that it is neither the first
nor the only one of its kind.