Mar 14, 2012 chairman leahy, ranking member grassley, and members of the committee, i thank you for your invitation to appear today and present testimony on the question of cybersecurity information sharing. For example, although some research, like tracking ghostnet. Mar 29, 2009 chinas global cyber espionage network ghostnet penetrates 103 countries a vast chinese cyber espionage network, codenamed ghostnet, has penetrated 103 countries and infects at least a dozen new. Pdf the role of malware in reported cyber espionage. Investigating a cyber espionage network by information warfare monitor 2009, examines the ghostnet phenomenon, it focuses in detail on the social and technological aspects and how ghostnet was tracked, leaving out the influence on communication. Apr 22, 2010 the recent increase in attention given to cyber security is thanks in no small measures to the works published by information warfare monitor and shadowserver foundation titled shadows in the cloud. Forensic capabilities in the physical realm are far more advanced than they are in the cyber world.
Tracking ghostnet is the first scholarly study that documents the existence of a directed cyber espionage network. Ghostnet was a cyber espionage network in 2008 that attracted much attention and raised serious public concern. In ghostnet part i, the reader can learn more about the process of investigation. Week 1 introduction to computer networks and cyber threats 1. Cybersecurity information sharing and the freedom of. Bbc news americas major cyber spy network uncovered. Investigating a cyber espionage network cyber espionage is an issue whose time has come. Jr022009 information warfare monitor tracking ghostnet. This report documents the ghostnet a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are highvalue targets, including ministries of foreign affairs, embassies, international organizations, news media, and ngos. The investigation ultimately uncovered a network of. Investigators focused initially on allegations of chinese cyber espionage against.
These reports include the landmark tracking ghostnet report which uncovered an espionage operation that infiltrated the computer networks of hundreds of government offices, ngos, and other organizations, including those of the dalai lama, chinas great cannon an offensive tool used to hijack digital traffic through distributed denial of. Investigators focused initially on allegations of chinese cyber espionage against the tibetan exile community, such as instances where email correspondence and other data were extracted. Mounting targeted attacks for cyber espionage with trojans and. The report said the network had used malware see information panel to. Lecture notes on computer and network security by avi kak. Investigating a cyber espionage network was the product of a tenmonth investigation and analysis focused on allegations of chinese cyber espionage against the tibetan community. A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the dalai lama, canadian researchers have concluded. Context and background alleged chinese operations in cyberspace applying the evidencebased. Investigating a cyber espionage network infowar monitor report secdev and citize lab, march 29, 2009 fsecure mirror of the report pdf information warfare monitor tracking cyberpower university of toronto, canadamunk centre. Investigating a cyber espionage network, a collaborative effort by consultancy secdev group and the munk centre for international studies at the university of. The secdev group and munk centre for international studies. Investigating a cyber espionage network, is a product of a twophase 10month investigation, consisting of fieldwork, technical scouting, and laboratory. The discovery of the ghostnet, and details of its operations, were reported by the new york times on march 29, 2009.
The report documented a wide ranging network of compromised. Ghostnet is the name given by researchers at the information warfare monitor to a largescale. The investigation, consisting of fieldwork, technical scouting, and. Secdev group munk centre for international studies. Drawing on actor network theory ant, the research examined key sociotechnical relations of ghostnet and their influence on affected organizations. In their 2010 followup report, shadows in the cloud. Perpetrators and victims usually act as if it never happened, while the evidence is designed to erase itself. However, formatting rules can vary widely between applications and fields of interest or study.
This study reveals the existence and operational reach of a malwarebased cyber espionage network that we call ghostnet. The investigation, consisting of fieldwork, technical scouting, and laboratory analysis, discovered a lot more. Investigating a cyber espionage network free download as pdf file. Allegations of cyber espionage computer network exploitation are increasingly common, but there are few case studies in the unclassified realm that expose the inner workings of such networks. Investigators focused initially on allegations of chinese cyberespionage against. Mar 28, 2009 researchers at the information warfare monitor uncovered a suspected cyber espionage network of over 1,295 infected hosts in 103 countries. Posted by cytrap labs euist we help protect since 2000 blog archive chinabased cyber spies. Nearly 1,300 computers in more than 100 countries have been attacked and have become part of a computer espionage network apparently based in. Cyberwarfare is a potent weapon in political conflicts, espionage, and propaganda. Citizen lab introduction rise of the cyber spies a focus on china outline of report part one. Mar 29, 2009 this report documents the ghostnet a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are highvalue targets, including ministries of foreign.
In this second report from the information warfare monitor, we lay out the findings of a 10month investigation of alleged chinese cyber spying against tibetan institutions. Investigating a cyber espionage network, detailing the findings of a 10month investigation into a global electronic spy network that has infiltrated computers in various government offices around the world. Ghostnet part i infosec resources infosec institute. To say that the drm allows you to read it being overly generous it appears in a tiny, blurred and illegible type face. This finding comes at the close of a 10month investigation of alleged chinese cyber spying against tibetan institutions that consisted of fieldwork, technical scouting, and laboratory analysis. Knowledge is the best weapon for cyber warfare since one of the sun tzes art of. Eespionage what risks does your organisation face from. Exposing attacks on foreign affairs ministries fireeye. March 29, 2009 foreword cyber espionage is an issue whose time has come.
Researchers at the information warfare monitor uncovered a suspected cyber espionage network of over 1,295 infected hosts in 103 countries. Apr 01, 2009 the report, entitled tracking ghostnet. Chinese cyber espionage has emerged as a top issue in sinous. The recent emergence of the targeted use of malware in cyber espionage. Chinas global cyberespionage network ghostnet penetrates. Id also like to recommend the iwms official report, tracking ghostnet. Jul 31, 2019 ghostnet was discovered and named following a month investigation by the infowar ghostnst iwmcarried out after iwm researchers approached the dalai lamas representative in geneva 5 suspecting that their computer network had been infiltrated. Between june 2008 and march 2009 the information warfare monitor conducted an extensive and exhaustive twophase investigation focused on allegations of chinese cyber espionage against the tibetan community. This report documents the ghostnet a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are highvalue targets, including ministries of foreign. Investigating a cyber espionage network, comes after a 10month investigation by the information warfare monitor iwm, which comprises researchers from ottawabased think tank secdev group and the university of torontos munk centre for international studies. This report documents the ghostnet a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are highvalue targets, including ministries of. Investigating a cyber espionage network infowar monitor report secdev and citize lab, march 29, 2009 fsecure mirror of the report pdf information warfare monitor tracking cyberpower university of toronto, canadamunk centre twitter.
Apr 24, 20 in ghostnet part ii, which is to be published separately, the main plot revolves around the reactions and allegationsdenials of security experts, parties involved, politicians, and so on, with respect to the news of this cyber exploitation network that have made the headlines. The purpose of studying ghostnet here is to explore technoethical and communicative aspects of cyber espionage on affected organizations, which significantly influences cyber peace and corporate development. The research delves into the sociotechnical aspects of cyber espionage through a case study of ghostnet. Malware samples consisted primarily of the files with the pdf, doc, ppt. The ghostnet cyber spy network, recently evaluated by.
58 1605 416 566 609 613 1540 745 1295 339 680 388 1353 783 1306 445 53 26 53 1084 1271 658 1572 1459 1276 1214 1417 1358 565 874 1275 323 729 1314 1407 940 1425 1440 1096