Malware-based spying network discovered

Canadian researchers have uncovered a widespread spying operation that has stolen sensitive information from hundreds of mostly governmental offices in 103 countries.  The University of Toronto researchers had been asked by the office of the Dalai Lama, the exiled Tibetan leader, to examine its computers for signs of malware.  What they found was a network of infected computers, which they dubbed GhostNet, that was apparently focused on spying on the governments of South Asian and Southeast Asian countries.

The researchers were able to gain access to the command and control structure for GhostNet via a web page that had surprisingly not been password protected by GhostNet's operators.  With that access, the researchers were able to monitor the names of files being stolen by the spies. Working with the Tibetans, the researchers also determined that GhostNet's operators had gained control of the Dalai Lama’s organization's mail servers.

The researchers also determined that three of the four control servers for GhostNet were hosted China, while the fourth was in in Southern California. GhostNet's command and control software had a Chinese-language user interface, but there has been no direct evidence released concerning the identities of GhostNet's operators.

For more information, please see this N.Y. Times news story and Gary Warner's in-depth analysis.
© 2008-2009 Internet Identity | Privacy Policy | Home | News | Solutions | About Us | 888-239-6932 | +1 253-590-4100

Note: All advertised performance claims are based upon direct, real-world trials for clients and prospects against our competitors. References who can further substantiate these claims are available to qualified prospects upon request. We encourage you to compare our service performance against our peers head-to-head for yourself!