Chinese GhostNet Sleuth Network Compromises Hundreds Of PCs Worldwide

Computers in more than 100 countries worldwide have been infiltrated and compromised by a huge sleuthing computer network, nicknamed Ghostnet, that originates from China.

A 10-month investigation carried out by Canadian-based Information Warfare Monitor (IWM) found out that nearly 1300 computers were infected with most of them found in South East Asia.

In a report called "Tracking Ghostnet", the authors say that although the servers were physically located in China, there was no conclusive evidence that the Chinese government was behind this extensive hack.

But the fact that unlike other similar schemes, Ghostnet was not after any financial gains and it seems that political motives were root cause of the attack.

IWM says that the network was used to penetrate "ministries of foreign affairs, embassies, international organisations, news media, and NGOs" and one of the prime candidates for the attack, the Dalai Lama's office computer network, was the first to be officially identified as being compromised.

Greg Walton of IWM said in the report that they "uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama".

Ghost Net used a Trojan malware called gh0st RAT to infiltrate computers via an email attachment and allowed attackers to gain complete control of the computer, effectively establishing a stealth "remote desktop connection" with the victim PC

This allowed them to packet sniff on content being sent but also do key-logging as well as listening and watching their victims using webcams and other peripherals.

The Dalai Lama's computer networks were not the only one targeted during the attack. Systems in foreign countries like Iran, Bangladesh, Indonesia, Philippines, Brunei, Barbados, Bhutan, India, South Korea, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan were also affected.

You can follow ITProPortal.com on Twitter @ http://www.twitter.com/itproportal.