Robert X. Cringely, InfoWorld
Mar 30, 2009 3:51 pm
By now you've probably read about GhostNet, the vast spy network
that was uncovered after the office of the Dalai Lama asked researchers
at the University of Toronto to examine their computers for malware.
The researchers not only found nasties there, they uncovered an entire
network that connected almost 1,300 computers in 103 countries --
mostly government organizations, but also some machines at private
companies, offices of NATO, and the Associated Press. (You can read their 53-page report here at Scribd.)
All
of them had been infected with the Gh0st RAT (remote access tool) that
turned their hard drives into an all-you-eat data buffet and their
computers into RC toys. Per the New York Times:
The malware is remarkable both for its sweep -- in computer jargon, it
has not been merely "phishing" for random consumers' information, but
"whaling" for particular important targets -- and for its Big
Brother-style capacities. It can, for example, turn on the camera and
audio-recording functions of an infected computer, enabling monitors to
see and hear what goes on in a room. The investigators say they do not
know if this facet has been employed.
Well, that explains those
"Tibetan Monks Gone Wild" videos I've been seeing advertised. Talk
about raw, uncensored, and out of control. Hello Dalai!
As to the
culprits, the Toronto researchers are somewhat circumspect. Chinese
hackers? Probably. Spies working for the Chinese government? Maybe. It
could also be freelance "patriotic hackers," or even Russian or CIA
spooks trying to make the Chinese government look worse than it already
does, say the researchers.
Security wonks at the University of
Cambridge, on the other hand, aren't pulling any punches. In a report
titled The Snooping Dragon: social-malware surveillance of the Tibetan
movement, U.K. researchers Shishir Nagaraja and Ross Anderson accuse
the Chinese government of running the spy show.
[A]gents of the
Chinese government compromised the computing infrastructure of the
Office of His Holiness the Dalai Lama. They used social phishing to
install rootkits on a number of machines and then downloaded sensitive
data.... What Chinese spooks did in 2008, Russian crooks will do in
2010 and even low-budget criminals from less developed countries will
follow in due course.
(Look for the movie Snooping Dragon, Nosy Tiger coming to a multiplex near you.)
The
U.S. government is not on the list of those infiltrated by GhostNet,
but that hardly means we're in the clear. Defense officials have
claimed China has attacked the DoD's IT infrastructure on several occasions (China denies this, natch). The country has been accused of breaking into White House computer systems and the Obama and McCain Web sites to have a look 'round the joint. Just this week Senator Bill Nelson (D-Florida) claimed Chinese hackers compromised the machines in his office.
Whatever
it is we're doing, the Chinese appear to be deeply interested. That, or
maybe they're just still really ticked off about that Guns-N-Roses' Chinese Democracy
album. So I'm betting the Cambridge guys are on the right track. And
they're saying nobody in government or business should be feeling very
cozy about their IT security right now.
No-one should think that
it could not happen to them, just because their company is in New York
or London rather than an Indian hill station! The Tibetan sys admins
were just as capable as one finds in the USA or Britain. Indeed, they
were probably more aware of the Chinese threat and as a result more
alert than a typical company security team. ... All in all, the
Tibetans' performance has been more effective than we would have
expected from a randomly-chosen Western organisation.
Are you
spooked by Chinese spooks? E-mail me: cringe@infoworld.com. Just be
careful what you say about the Dalai Lama -- you never know who might
be listening.
