Reports Conclude Social Malware Surveillance Used on Organizations in 103 Countries.
In an effort to set up a meeting with a foreign diplomat on behalf of the Dalai Lama, staff at the Office of His Holiness the Dalai Lama (OHHDL) sent a private email to the invited the guest. When the Chinese allegedly approached the foreign diplomat and discouraged the meeting, the OHHDL knew the email somehow landed in the wrong hands.
But how?
To find out, researchers with the University of Cambridge Computer Laboratory conducted on-site research at the OHHDL to determine if a computer compromise caused the leak.
The resulting technical report, The Snooping Dragon: Social-Malware Surveillance of the Tibetan Movement, revealed a number of successful logins to the OHHDL’s email servers came from IP addresses belonging to ISPs within China and Hong Kong, two places where none of the email users would have been associated.
Specifically, the March 2009 report indicates these logins came from Xinjiang Uyghur Autonomous Region, the home-base of intelligence units dealing with Tibetan movement.
But how did the Chinese gain access to the secret login information of the OHHDL?
“Email attachments appear to have been the favorured strategy to deliver malicious payloads,” according to the report. “This worked because the attackers took the trouble to write emails that appeared to come from fellow Tibetans and indeed from co-workers. ”
The hacker set up the emails to look like they were coming from other monks, according to the report. These emails spread malware using infected attachments and links to infected websites. Because the recipients thought the emails came from fellow monks, they clicked on attachments or links that downloaded the malware, which came in the form of a rootkit.
Rootkits enter your computer as trojans, hide themselves deep inside your operating system, and open a secret backdoor through which anyone can enter and hide files and processes, alter your operating system, hide registry keys, steal personal information, intercept emails and more.
“Once installed, rootkits are almost undetectable by traditional security software solutions,” says Himanshu Sonkar, chief technologist and researcher at X-Wire Technology, the company which developed Tizer Rootkit Razor™, a free tool that detects and removes most kinds of rootkits.
Larger Network of Rootkits
The rootkits found at the OHHDL were only the beginning. The University of Cambridge field research in India was the first leg of an overall University of Toronto investigation, which included additional field research in India, Europe and North America.
Upon analyzing the gathered data, University of Toronto researchers and partners uncovered a large cyber espionage network called GhostNet that infected 1,295 computers in 103 countries. The project, titled Tracking GhostNet: Investigating a Cyber Espionage Network, found that 30% of those infected computers were considered high-value diplomatic, political, economic and military targets.
Just as at the OHHDL, the GhostNet system uses contextually relevant emails directed at specific recipients who unwittingly downloaded Trojan programs and malicious code attached to these emails. Once the so called gh0st RAT infects these computers, attackers gain complete, real-time control over these computers via commercial internet accounts located on the island of Hainan in the People’s Republic of China.
That means attackers can operate attached devices—including web cameras and microphones—to see and hear what’s happening in the target offices. Worse yet, attackers can download specific files to mine for contact information. Once attackers secure this contact information, they can use it to spread more malware through additional email documents that appear to come from legitimate sources.
Malware-Based Crime Spree
“The industrialization of online crime over the past five years means that capably-written malware, which will not be detected by anti-virus programs, is now available on the market,” reports the Cambridge study. “All an attacker needs is the social skill and patience to work the malware from one person to another until enough machines have been compromised to complete the mission. ”
The Cambridge report, therefore, concludes that social malware is unlikely to remain a tool of well-funded, developed countries. In time, low-budget criminals from less developed countries will likely follow their lead.
Researchers at X-Wire Technology want to prevent such a vast criminal network in the future.
“To prevent such widespread criminal activity, we’ve developed a new tool to handle such malicious rootkits,” says X-Wire Technology’s Sonkar. “Unlike traditional antivirus software, Tizer Rootkit Razor™ works at the driver level to find the hidden rootkits through the processes they hide. ”
Detecting and removing rootkits using this method assures your system will not become part of the next wave of rootkit-based computer crimes.
Product DescriptionFor first time, to say the CIA authorized a system of high standard in everything in an unforgettable look behind the scenes, espionage action. undoubted genius, a totally new identity for everyone, anywhere and at any time, could create Antonio J. Mendez combines the tricks of a magician with the ability to be a psychologist to analyze hundreds of people escape potentially fatal situations. “Wild West” adventures in Asia Cold War intrigue in Moscow and helping six Americans escape the revolution in Tehran in 1980, was Mendez in the scene. Here he gives us a new perspective on what actually happens on the ground and unforgettable closed at the highest level of international espionage, some shocking, frightening, and wildly inventive – all. Amazon. com reviews the problem with the memoirs of ex-secret agent is that they usually do not put their careers sound about as exciting as the $ 6-1 hours of Bowling Bowling guard, unless you believe that the document is a call and epitome of thrills. Antonio Mendez, however, has a volume that the life of a CIA agent makes sounds every bit the slam-bang world of intrigue and lurk in the shadows that movies like Mission: Making Impossible, they are produced. Honored by the CIA for its 50th Birthday as one of 50 agencies “Pioneers”, the now retired Mendez spins a fast-paced story of fascinating characters in Skullduggery in exotic locations, particularly attractive part because Mendez is featured star of the proceedings. Almost casually, he writes about seeing and doing things that you are the flower of courage in almost every reader. “I was proud to recruitment, he asks rhetorically at one point, on our side in the Cold War? You bet.” Originally by the CIA as an artist “technically to cover” for agents behind enemy lines on written, Mendez has the ladder climbed and progressing to a full agents in the field, stealing stealthy diplomat past enemy guards and spiriting informants into the night, and at each corner of torture – and with his artistic eye for detail, a vivid word pictures of his own color. Mendez has a remarkable sense of mechanics is a good story of daring, and fortunately, it pours in abundance here in his very difficult – and surprisingly lively – autobiography. – Madison AADT
Recent Comments