Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label GhostNet attack. Show all posts

GhostNet: Why is the Prominent Cyberattack Still a Mystery


Among the tools used in modern warfare, Cyberespionage has made a prominent name. Cyberespionage can be used to propagate misinformation, disrupt infrastructure, and spy on notable people including politicians, government officials, and business executives. In order to prepare for physical or cyber threats, nations also engage in espionage.

While many countries actively engage in some form of warfare, the U.S. has a certain stance that China, in regard to cyberespionage, poses a significant threat. According to the United States cyber defense agency CISA, "China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks."

CISA further notes that cyberattacks based in China may also have an impact on U.S. oil and gas pipelines, as well as rail systems.

While this warning is just an overview, China is renowned for its highly advanced cyber operations. The infamous GhostNet spy system, which compromised more than 1,000 computers of military, political, economic, and diplomatic targets around the world, is largely believed to have been coordinated by the Chinese government. China was never formally blamed for the crime, though, for a number of political and legal reasons. The history of GhostNet is therefore still a mystery.

Cyber Espionage Network ‘GhostNet’

GhostNet first came to light when the office of the Dalai Lama in India invited a team of security researchers at the Munk Center for International Studies at the University of Toronto to check their computers for any indication of a hack. This prompted an inquiry that turned up a large cyberattack that had compromised 1,295 systems over the course of two years in 103 nations. The Munk Center and Information Warfare Monitor analysts released a thorough analysis in 2009 that provided insight into the extensive spying operation they called "GhostNet."

GhostNet distributed malware via emails with attachments and suspicious links. Once the malware was successfully downloaded on the victim’s system, it would take complete access to the computers, which further enabled hackers to search for and download files, and even control the victim’s external devices like webcams and microphones. 

Around 30% percent of the victims of GhostNet were of high-profile, such as foreign ministries of several nations in Southeast Asia, South Asia and Europe. Also, several international organizations were targeted, like ASEAN, SAARC, the Asian Development Bank, news organizations, and computers of NATO headquarters.

Who was Behind the GhostNet Attacks?

Researchers from GhostNet were successful in locating and connecting to the espionage network's command servers. Hainan Island in China was linked to a number of IP addresses that the attackers used to communicate with the compromised PCs. Four control servers in total were found by the investigation, three of which were in China. The fourth server was situated at an American web hosting business. Furthermore, five of the six detected command servers were found in mainland China, while the sixth was found in Hong Kong.

According to researchers, China is amongst the most obvious operators behind GhostNet, however, their reports did not directly point at the country since they were unable to provide any concrete proof of the Chinese government’s involvement. They noted that other nations could also be behind the attacks.