GhostNet
GhostNet is an electronic espionage virus, probably introduced from China, which had infiltrated the date of discovery of at least 1295 computers in 103 countries. Computer banks, embassies, foreign ministries and other government agencies and at least one of NATO, as well as computers of the Tibetan exile centers of the Dalai Lama in India, Brussels, London and New York City were infected.
- 7.1 Multimedia
- 7.2 Gh0stRat
Uncovering
Was GhostNet by researchers at the Munk Centre for International Studies uncovered the University of Toronto in collaboration with the Computer Laboratory at Cambridge University after 10 months of investigation, and its mode of action was described by the New York Times on March 29, 2009. The starting point of the investigation were allegations of the Tibetan exile community regarding Chinese cyber espionage against them; the relevant research revealed that many more devices infected or had been specifically targeted.
The virus is able to set the built-in camera and the Tonaufzeichnungsfunktionen infected computer for surveillance in operation. The system also enables its supervisor, malware to specific recipients of the payload ( " payload " ) to ship stolen emails and addresses, which allows the network to expand, in which more and more computers can be infected.
Affected
Chopped systems were discovered in embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan as well as in the foreign ministries of the Philippines, Iran and Bangladesh, Latvia, Indonesia, Brunei, Barbados and Bhutan.
However, no evidence was found that even government offices of the United States or Great Britain were infiltrated, although a NATO computer for half a day and computers of the Indian Embassy in Washington, DC had been infiltrated.
There are no official evidence that public bodies or authorities of the People 's Republic of China are involved in this espionage network or were. The Chinese government has rejected any responsibility. The investigators believe that the espionage either a for-profit operation of China-based private persons could be, or so-called " patriotic hackers " herrühre. However, there was even the possibility that intelligence services of other countries throughout are the authors of the attack.
" Best Practices "
For Marc Henauer, who heads the operational situation center at the Swiss Reporting and Analysis Centre for Information Assurance MELANI, is the discovery of GhostNet not surprising its cyber espionage from the " Northeast Asian region " is a problem for years. Even if no fundamentally new methods are technically been used in this latest attack, one must remain vigilant, he is quoted in a newspaper report.
Gh0stRat
Gh0stRat or GhostRat is a Trojan for the Windows, the Chinese GhostNet operators related thereto, to hack into some of the most sensitive computer networks in the world. There is a Cyber- Spying Program. The term " Council " is an abbreviation for the English term Remote Administration Tool, which is often associated with Trojan horses.
GhostNet tried to selected recipients foist malware via attachments to e-mails stolen addresses to infect other computers. Such infected computer load, according to Infowar Monitor ( IWM ), the Trojan Gh0stRat down, which allows the attacker to perform a comprehensive real-time control of the computer, such computers can be controlled and observed by their hacking, to the ability to turn on connected cameras and microphones and so on focus of the affected device to spy also the location.
Quotes
" GhostNet sounds like something that would have forged a John le Carré. "