GhostNet: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Header_Message}}
{{Header_Message}}
==Case Summary==
GhostNet is the name given to a large-scale cyber espionage operation discovered in March 2009. The operation’s command and control infrastructure was based mainly in the People's Republic of China and had infiltrated high-value political, economic and media locations in 103 countries.  At least 1,295 computer systems were compromised, including systems belonging to embassies, foreign ministries, government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City. 
The trojan was primarily delivered through carefully social engineered e-mails and upon installation it connected back to a control server to receive commands. The infected computer would then execute commands specified by the control server.  Although the activity was mostly based in China, the Chinese government denied all involvement in this operation and conclusive links between the Chinese government and GhostNet were not discovered.
==Recommended Literature==
* [http://en.wikipedia.org/wiki/GhostNet Wikipedia entry]
* John Markoff, [http://www.nytimes.com/2009/03/29/technology/29spy.html?_r=1&adxnnl=1&adxnnlx=1344535526-2wJ7Kus8PyKDSGO9NlesZQ Vast Spy System Loots Computers in 103 Countries], NY Times, Mar 28, 2009
* Shishir Nagaraja & Ross Anderson, [http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf The snooping dragon: social-malware surveillance of the Tibetan movement], University of Cambridge Computer Laboratory Technical Report, March 2009
* [https://www.f-secure.com/weblog/archives/ghostnet.pdf Tracking GhostNet: Investigating a Cyber Espionage Network], Information Warfare Monitor, Mar 29, 2009
[[Category:Case Studies]]

Latest revision as of 14:26, 9 August 2012

This page is currently under construction. Check back for updates soon.

Case Summary

GhostNet is the name given to a large-scale cyber espionage operation discovered in March 2009. The operation’s command and control infrastructure was based mainly in the People's Republic of China and had infiltrated high-value political, economic and media locations in 103 countries. At least 1,295 computer systems were compromised, including systems belonging to embassies, foreign ministries, government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City.

The trojan was primarily delivered through carefully social engineered e-mails and upon installation it connected back to a control server to receive commands. The infected computer would then execute commands specified by the control server. Although the activity was mostly based in China, the Chinese government denied all involvement in this operation and conclusive links between the Chinese government and GhostNet were not discovered.


Recommended Literature