GhostNet: Difference between revisions
No edit summary |
No edit summary |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
{{Header_Message}} | {{Header_Message}} | ||
==Case Summary== | |||
GhostNet is the name given to a large-scale cyber espionage operation discovered in March 2009. The operation’s command and control infrastructure was based mainly in the People's Republic of China and had infiltrated high-value political, economic and media locations in 103 countries. At least 1,295 computer systems were compromised, including systems belonging to embassies, foreign ministries, government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City. | |||
The trojan was primarily delivered through carefully social engineered e-mails and upon installation it connected back to a control server to receive commands. The infected computer would then execute commands specified by the control server. Although the activity was mostly based in China, the Chinese government denied all involvement in this operation and conclusive links between the Chinese government and GhostNet were not discovered. | |||
==Recommended Literature== | |||
* [http://en.wikipedia.org/wiki/GhostNet Wikipedia entry] | |||
* John Markoff, [http://www.nytimes.com/2009/03/29/technology/29spy.html?_r=1&adxnnl=1&adxnnlx=1344535526-2wJ7Kus8PyKDSGO9NlesZQ Vast Spy System Loots Computers in 103 Countries], NY Times, Mar 28, 2009 | |||
* Shishir Nagaraja & Ross Anderson, [http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf The snooping dragon: social-malware surveillance of the Tibetan movement], University of Cambridge Computer Laboratory Technical Report, March 2009 | |||
* [https://www.f-secure.com/weblog/archives/ghostnet.pdf Tracking GhostNet: Investigating a Cyber Espionage Network], Information Warfare Monitor, Mar 29, 2009 | |||
[[Category:Case Studies]] | |||
Latest revision as of 15:26, 9 August 2012
| This page is currently under construction. Check back for updates soon. |
Case Summary
GhostNet is the name given to a large-scale cyber espionage operation discovered in March 2009. The operation’s command and control infrastructure was based mainly in the People's Republic of China and had infiltrated high-value political, economic and media locations in 103 countries. At least 1,295 computer systems were compromised, including systems belonging to embassies, foreign ministries, government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City.
The trojan was primarily delivered through carefully social engineered e-mails and upon installation it connected back to a control server to receive commands. The infected computer would then execute commands specified by the control server. Although the activity was mostly based in China, the Chinese government denied all involvement in this operation and conclusive links between the Chinese government and GhostNet were not discovered.
Recommended Literature
- Wikipedia entry
- John Markoff, Vast Spy System Loots Computers in 103 Countries, NY Times, Mar 28, 2009
- Shishir Nagaraja & Ross Anderson, The snooping dragon: social-malware surveillance of the Tibetan movement, University of Cambridge Computer Laboratory Technical Report, March 2009
- Tracking GhostNet: Investigating a Cyber Espionage Network, Information Warfare Monitor, Mar 29, 2009