Tracking GhostNet : investigating a cyber espionage network by the SecDev Group ; Citizen Lab, Munk Centre for

By the SecDev Group ; Citizen Lab, Munk Centre for International Studies, University of Toronto

Advent -- upward push of the cyber spies -- a spotlight on China -- define of file -- half one: Context and history -- Alleged chinese language operations in our on-line world -- employing the evidence-based method of cyber assaults: the problem of attribution -- concentrating on Tibet -- behavior of the research -- part 1: box research -- part 2: picking command and keep an eye on servers -- half : monitoring Ghostnet --  Read more...

Summary --
Introduction --
Rise of the cyber spies --
A specialize in China --
Outline of record --
Part one: Context and historical past --
Alleged chinese language operations in our on-line world --
Applying the evidence-based method of cyber assaults: the problem of attribution --
Targeting Tibet --
Conduct of the research --
Phase 1: box research --
Phase 2: deciding upon command and keep watch over servers --
Part : monitoring Ghostnet --
Phase I: box research --
Targeted malware, past study --
Information conflict computer screen box learn --
Office of His Holiness the Dalai Lama --
Tibetan Government-in-Exile --
Offices of Tibet --
Drewla --
Phase 2: choosing command and keep an eye on servers --
List of contaminated pcs --
Sending instructions --
Command effects --
Methods and features --
Analysis of checklist of contaminated desktops --
Methodology --
Selected infections --
Infection timeline --
Part 3: Investigating GhostNet: conclusions --
Alternative reasons --
Attribution --
The value of GhostNet --
Part 4: in regards to the details battle display screen.

Show description

Read Online or Download Tracking GhostNet : investigating a cyber espionage network PDF

Similar security books

Simple Steps to Data Encryption: A Practical Guide to Secure Computing

Every body desires privateness and protection on-line, whatever that the majority machine clients have kind of given up on so far as their own information is worried. there isn't any scarcity of excellent encryption software program, and no scarcity of books, articles and essays that purport to be approximately easy methods to use it. but there's important little for traditional clients who wish barely enough information regarding encryption to exploit it competently and securely and appropriately--WITHOUT having to develop into specialists in cryptography.

Comprehensive Security in Asia: Views from Asia and the West on a Changing Security Environment

This is often an exam of "Comprehensive defense" as a coverage that is going past the necessities of army defence opposed to a selected "enemy" to emphasize the necessity to have in mind different points very important to nationwide balance: foodstuff, power, atmosphere, communique and social safeguard.

Protecting Human Security in Africa

Retaining Human safety in Africa discusses the most effective threats to human defense in Africa. It bargains particularly with these threats to the safety of African humans that are least understood or explored. In topics various from corruption, the proliferation of small fingers and lightweight guns, nutrients safeguard, the devastation of inner displacement in Africa, the hyperlink among usual assets and human protection, to the issues of compelled labour, threatsto women's safeguard, and environmental safety, the e-book examines the criminal and coverage demanding situations of shielding human defense in Africa.

Additional info for Tracking GhostNet : investigating a cyber espionage network

Sample text

47 The content is base64 encoded and XORed with values we have yet to identify. JR02-2009 Tracking GhostNet - PART TWO 38 Fig. 11 The GhostNet “List Command” interface. This screen capture of the GhostNet interface lists the commands issued to infected computers. It has been obscured to protect the identity of the victims. JR02-2009 Tracking GhostNet - PART TWO 39 Methods and capabilities The attacker(s) are able to exploit several infection vectors. First, they create web pages that contain “drive by” exploit code that infects the computers of those who visit the page.

At our Laboratory, we have analysed our own infected “honey pot” computer and discovered that the capabilities of GhostNet are potent and wide ranging. Almost certainly, documents are being removed without the targets’ knowledge, keystrokes logged, web cameras are being silently triggered, and audio inputs surreptitiously activated. This raises the question, how many sensitive activities have been preemptively anticipated by intelligence gathered through this network? How many illegal transactions have been facilitated by information harvested through GhostNet?

Recently, several large-scale spy nets have been discovered, including ones containing lists of affected computers of a magnitude higher than that harvested by GhostNet. This trend is predictable, converging with accumulating incidents of cyber-attacks facilitated by lower entry-thresholds for computer exploitation methods and technologies. The tools we profile in our investigation, though apparently amassed in a complex way to achieve a definite purpose, are not restricted to an exclusive guild of experts with specialized and confidential knowledge.

Download PDF sample

Rated 4.68 of 5 – based on 7 votes