China has been accused of using malware to spy against the Tibetan government-in-exile and the private office of the Dalai Lama, as well as numerous foreign embassies. The study, entitled Tracking GhostNet: Investigating a Cyber Espionage Network, alleges the Chinese government may be running a cyber espionage network of 1,295 …
They find a botnet. On Chinese servers.......(Nothing new there0
Only 1.5k bots (Tiny)
Using public tools (Probibly a backdoored rxbot)
And they blame the goverment. ......... Where do they find these "Security Experts"
"The Information Warfare Monitor project"
Tell me, would the information warfare monitor project ever find that there isn't a real war on info? The agenda kind of dictates their conclusion don't you think?
"1. You receive a spoofed email with an attachment"
Everyone gets these.
"2. The email appears to come from someone you know"
The friend who has your email has already has his PC hacked and they have your name from the address book. They also often have previous documents from his PC & or email.
"3. The contents make sense and talk about real things (and in your language)"
Self selecting Barnum statement. You actually get many in many different languages. So does everyone else. Your spam filter finds it easier to take out the foreign language ones. Mine removes the Russian ones, but tends to leave in the French and English ones.
"4. The attachment is a PDF, DOC, PPT or XLS"
Yep, the known vulnerabilities.
"5. When you open up the attachment, you get a document on your screen that makes sense"
Nope, it's typically a PDF from your hacked friends computer or email automatically chosen at random with the exploit added.
"6. But you also get exploited at the same time"
Yep, that's the point.
"7. The exploit drops a hidden remote access trojan, typically Poison Ivy or Gh0st Rat variant"
"8. No one else got the email but you"
Rubbish, you get an email based on a algorithm with a pdf from a hacked computer associated with you, from which your email details were obtained, you may not understand the algo, but this attack relys on bulk algorithmic attack, and it is not manually done.
"9. You work for a government, a defense contractor or an NGO"
You are anyone, anywhere, anytime. This is a self selecting Barnum statement: You are special, unique, you present a facade to others to cover your inner vulnerability.... no you are not, but if I tell you that you will self select yourself! They have describe a common known algo attack and added a Barnum statement to it.
Back in the real world. Keep your *secret* PCs connected to *private* networks and not the public internet. Do not assume you are special in any way, or that their is some sort of cyber war going on, that is the crap of companies involved in cyber security who want to sell you something. Better to not buy their crappy firewalls and keep your network totally private and off the net. Do not connect your private security PCs to the public internet, even through their crappy firewalls.
Pot and kettle
I'm sure China is doing its best to spy on everyone else, just as Russia is and the USA is, and any other country who thinks it can. China as the Evil Empire is true when it comes to human rights, but hardly a stand-out when it comes to dirty dealing. (In fact, when it comes to human rights, Russia and the USA aren't that far behind it...)
My uncle once attended a school that had been infiltrated by Scientologists. Whenever the 'S' word was mentioned he'd go into a glassy-eyed trance and start regurgitating their propaganda. Are Cambridge students indoctrinated with the belief that Tibet can do no wrong?
Just to be cynical I'd say that His Lamaness sabotaged Chinese servers to create a botnet targetting his own computers and got a couple of impressionable minions to write a "security article" in order to create publicity for his cause.
Yes, one would indeed think that if a national government were spying on peoples' computers, they would use techniques much more sophisticated than those used by hackers. One would expect, for example, a spy to slip a hardware bug into the Dalai Lama's keyboard - or his router.
However, it does not seem too strange to me that among all the infections of computers caused by run-of-the-mill malware, a government might be foolish enough to try using the large pool of infected machines as a tool to place another infection in specifically targeted machines. If China is indeed using this technique, as the report would seem to indicate, it is foolish because, as the report shows, it is all too easy to get caught.
in other news...
Pakistan rubbishes charges of state-sponsored terrorism.
Nothing to see here, move along...
UK state sponsored terrorism
You do know that Bin Laden trained in Scotland, not in Pakistan?
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Microsoft refuses to nip 'Windows 9' unzip lip slip
- Netflix swallows yet another bitter pill, inks peering deal with TWC
- Special Report Roll up for El Reg's 3G/4G MONOPOLY DATA PUB CRAWL