A spy network believed to have been controlled from China has hacked into classified documents on government and private computers in 103 countries, according to internet researchers. The spy system, dubbed GhostNet, is alleged to have compromised 1,295 machines at Nato and foreign ministries, embassies, banks and news organisations across the world, as well as computers used by the Dalai Lama and Tibetan exiles.
The work of Information Warfare Monitor (IWM) investigators focused initially on allegations of Chinese cyber-espionage against the Tibetan exile community, but led to a much wider network of compromised machines. IWM said that, while China appeared to be the main source of the network, it had not been able conclusively to identify the hackers. The IWM is composed of researchers from an Ottawa-based think-tank, SecDev Group, and the Munk Centre for International Studies at the University of Toronto.
They found that the foreign ministries of Iran, Bangladesh, Latvia, Indonesia, the Philippines, Brunei, Barbados and Bhutan had been spied on remotely, and the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan hacked.
The operation is thought to be the most extensive yet uncovered in the political world and is estimated to be invading more than a dozen new computers a week. Other infected computers were found at the accountancy firm Deloitte & Touche in New York.
The IWM report said: “GhostNet represents a network of compromised computers in high-value political, economic and media locations in numerous countries worldwide. These organisations are almost certainly oblivious to the compromised situation in which they find themselves. The computers of diplomats, military attachés, private assistants, secretaries to prime ministers, journalists and others are under the concealed control of unknown assailant(s).
“In Dharamsala [the headquarters of the Tibetan government in exile] and elsewhere, we have witnessed machines being profiled and sensitive documents being removed. Almost certainly, documents are being removed without the targets’ knowledge, key-strokes logged, web cameras are being silently triggered and audio inputs surreptitiously activated.”
Chinese hackers are thought to have targeted Western networks repeatedly. Computers at the Foreign and Commonwealth Office and other Whitehall departments were attacked from China in 2007. In the same year, Jonathan Evans, the MI5 Director-General, alerted 300 British businesses that they were under Chinese cyber-attack.
British intelligence chiefs have warned recently that China may have gained the capability effectively to shut down Britain by crippling its telecoms and utilities. Equipment installed by Huawei, the Chinese telecoms giant, in BT’s new communications network could be used to halt critical services such as power, food and water supplies, they said.
The Chinese Embassy in London said that there was no evidence to back up the claim that the Chinese Government was behind GhostNet and alleged that the report had been “commissioned by the Tibetan government in exile”.
Liu Weimin, a spokesman, said: “I will not be surprised if this report is just another case of their recent media and propaganda campaign. In China, it is against the law to hack into the computers of others, and we are victims of such cyber-attack. It is a global challenge that requires global cooperation. China is an active participant in such cooperation in the world.”
Once the hackers had infiltrated the systems, they gained control using malware – software installed on the compromised computers – and sent and received data from them, the researchers said. “The GhostNet system directs infected computers to download a Trojan known as Ghost Rat that allows attackers to gain complete, real-time control,” IWM said. “These instances of Ghost Rat are consistently controlled from commercial internet access accounts located on the island of Hainan, in the People’s Republic of China.”
Hainan is home to the Lingshui signals intelligence facility and the Third Technical Department of the People’s Liberation Army, IWM said.
Greg Walton, editor of IWM, said: “Regardless of who or what is ultimately in control of GhostNet, it is the capabilities of exploitation, and the strategic intelligence that can be harvested from it, which matters most. Indeed, although the Achilles’ heel of the GhostNet system allowed us to monitor and document its far-reaching network of infiltration, we can safely hypothesise that it is neither the first nor the only one of its kind.”
Tuesday, March 31, 2009
Thursday, March 19, 2009
IE8 to be launched later today
By Elizabeth Montalbano, IDG news service
Microsoft is set to make its Internet Explorer 8 browser available later today, tying it in with a company-commissioned report claiming IE8 is more secure against malware than rival browsers from Mozilla and Google.
Users will be able to download IE8 in 25 languages from 5.00 (GMT) this afternoon from the IE8 website or Microsoft's download centre.
Microsoft has been preparing users for the new browser since the launch of the first IE8 beta a year ago, stressing performance improvements, better support for Internet technology standards, the addition of new features to help people keep track of most visited sites and favourite sources of information, and of course, security, as highlights of the new browser.
According to the report Microsoft has just released, based on research conducted by NSS Labs, IE8's Release Candidate 1 was 69 percent effective at catching malware before it did damage to a user's system. Mozilla Firefox 3.07 came in second with a 30 percent effectiveness rate, with Apple Safari's 3 in third place with a 24-percent rate and Google's Chrome 1.0.154 in fourth place with 16 percent effectiveness rate
NSS Labs said in the report that the data was collected from tests conducted in just over 12 days from 26 February to 10 March. During the course of the test, the company said it monitored connectivity to ensure the browsers could access the live malware sites being tested, and performed 141 discrete tests. The margin of error of the tests was 3.76 percent, according to NSS Labs.
Amy Barzdukas, a senior director at Microsoft, acknowledged that it might be a conflict of interest for Microsoft to sponsor a report in which IE8 came out on top in terms of security. However, she encouraged people to "look closely at the results" before making a judgment call on the validity of the report.
IE8 will be included as part of the Windows 7 OS. However, for the first time since adding browser technology to its operating system, Microsoft will give users the ability to turn off IE8 as a feature in the system.
This decision was outlined in a blog post on the Engineering Windows 7 blog. Microsoft is under pressure from an ongoing anti-trust case in the European Union to give users more browser choice in Windows.
Microsoft is set to make its Internet Explorer 8 browser available later today, tying it in with a company-commissioned report claiming IE8 is more secure against malware than rival browsers from Mozilla and Google.
Users will be able to download IE8 in 25 languages from 5.00 (GMT) this afternoon from the IE8 website or Microsoft's download centre.
Microsoft has been preparing users for the new browser since the launch of the first IE8 beta a year ago, stressing performance improvements, better support for Internet technology standards, the addition of new features to help people keep track of most visited sites and favourite sources of information, and of course, security, as highlights of the new browser.
According to the report Microsoft has just released, based on research conducted by NSS Labs, IE8's Release Candidate 1 was 69 percent effective at catching malware before it did damage to a user's system. Mozilla Firefox 3.07 came in second with a 30 percent effectiveness rate, with Apple Safari's 3 in third place with a 24-percent rate and Google's Chrome 1.0.154 in fourth place with 16 percent effectiveness rate
NSS Labs said in the report that the data was collected from tests conducted in just over 12 days from 26 February to 10 March. During the course of the test, the company said it monitored connectivity to ensure the browsers could access the live malware sites being tested, and performed 141 discrete tests. The margin of error of the tests was 3.76 percent, according to NSS Labs.
Amy Barzdukas, a senior director at Microsoft, acknowledged that it might be a conflict of interest for Microsoft to sponsor a report in which IE8 came out on top in terms of security. However, she encouraged people to "look closely at the results" before making a judgment call on the validity of the report.
IE8 will be included as part of the Windows 7 OS. However, for the first time since adding browser technology to its operating system, Microsoft will give users the ability to turn off IE8 as a feature in the system.
This decision was outlined in a blog post on the Engineering Windows 7 blog. Microsoft is under pressure from an ongoing anti-trust case in the European Union to give users more browser choice in Windows.
Subscribe to:
Posts (Atom)