Chinese GhostNet Sleuth Network Compromises Hundreds Of PCs Worldwide

Computers in more than 100 countries worldwide have been infiltrated and compromised by a huge sleuthing computer network, nicknamed Ghostnet, that originates from China.

A 10-month investigation carried out by Canadian-based Information Warfare Monitor (IWM) found out that nearly 1300 computers were infected with most of them found in South East Asia.

In a report called "Tracking Ghostnet", the authors say that although the servers were physically located in China, there was no conclusive evidence that the Chinese government was behind this extensive hack.

But the fact that unlike other similar schemes, Ghostnet was not after any financial gains and it seems that political motives were root cause of the attack.

IWM says that the network was used to penetrate "ministries of foreign affairs, embassies, international organisations, news media, and NGOs" and one of the prime candidates for the attack, the Dalai Lama's office computer network, was the first to be officially identified as being compromised.

Greg Walton of IWM said in the report that they "uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama".

Ghost Net used a Trojan malware called gh0st RAT to infiltrate computers via an email attachment and allowed attackers to gain complete control of the computer, effectively establishing a stealth "remote desktop connection" with the victim PC

This allowed them to packet sniff on content being sent but also do key-logging as well as listening and watching their victims using webcams and other peripherals.

The Dalai Lama's computer networks were not the only one targeted during the attack. Systems in foreign countries like Iran, Bangladesh, Indonesia, Philippines, Brunei, Barbados, Bhutan, India, South Korea, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan were also affected.

You can follow ITProPortal.com on Twitter @ http://www.twitter.com/itproportal.

Our Comments

A second report published by two researchers of the University of Illinois and Cambridge University points the finger squarely at the Chinese government as the mother ship of all the snooping attacks. Unlike Russia, which prefers direct Cyber-attacks (as it was the case with Lithuania back in 2008), China appears to be more subtle, preferring to collect sensitive data.

Related Links

China analysts dismiss cyber-espionage claims

http://www.cnn.com/2009/TECH/03/30/ghostnet.cyber.espionage/

Remote spy system loots government computers

http://www.fudzilla.com/index.php?option=com_content&task=view&id=12875&Itemid=38

Online plot 'wakeup call'

http://www.torontosun.com/news/canada/2009/03/30/8934691-sun.html

Chinese hackers infiltrate Indian embassy data

http://www.siliconindia.com/shownews/Chinese_hackers_infiltrate_Indian_embassy_data-nid-54379.html

Major Cyber Spy Operation Unearthed

http://www.techtree.com/India/News/Major_Cyber_Spy_Operation_Unearthed/551-100553-582.html

Tracking ‘GhostNet’: Investigating a Cyber Espionage Network

http://www.scribd.com/doc/13759529/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network#document_metadata

Investigation points to China as source of attack

http://abclocal.go.com/wjrt/story?section=news/national_world&id=6735093

Massive Chinese spynet targeted Dalai Lama

http://government.zdnet.com/?p=4498

GhostNet?

http://www.pcformat.co.za/modules.php?name=News&file=article&sid=772

Major Chinese cyber spy network infiltrates governments worldwide

http://www.siliconrepublic.com/news/article/12610/cio/major-chinese-cyber-spy-network-infiltrates-governments-worldwide

Chinese Cyber-Spies Infiltrate Computers in 103 Countries

http://www.allgov.com/ViewNews/Chinese_Cyber_Spies_Infiltrate_Computers_in_103_Countries_90330

Global 'cyber spy' network revealed

http://english.aljazeera.net/news/americas/2009/03/20093303304496652.html