(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for March 30th, 2009

Ghost Net: Aka Subseven or any other trojan backdoor program

with one comment

LONDON, England (CNN) — Nearly 1,300 computers in more than 100 countries have been attacked and have become part of an computer espionage network apparently based in China, security experts alleged in two reports Sunday.

The network was discovered after computers at the Dalai Lama's office were hacked, researchers say.

Computers — including machines at NATO, governments and embassies — are infected with software that lets attackers gain complete control of them, according to the reports. One was issued by the University of Toronto’s Munk Centre for International Studies in conjunction with the Ottawa, Canada-based think tank The SecDev Group; the second came from the University of Cambridge Computer Laboratory.

Researchers have dubbed the network GhostNet. The network can not only search a computer but see and hear the people using it, according to the Canadian report.

“GhostNet is capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and web cameras,” the report says.

The discovery of GhostNet grew out of suspicions that the office of the Dalai Lama had been hacked.

The network was discovered after computers at the Dalai Lama’s office were hacked, researchers say.

The Rest

Ok, well, there is nothing really new here except that this is a nation state (Our Chinese Overlords) using a back door to perform a massive and orchestrated intel harvesting operation… And perhaps got caught. Of course, this in tandem with the efforts of the likes that wrote “Conficker” then we have something interesting to talk about.

I would like to get a copy of this “Ghost Net” to pick apart…

Until then Tracking Ghost Net is the paper the article mentions

Written by Krypt3ia

2009/03/30 at 01:28