GhostNet

2009-04-15

In March 2009, Canadian researchers discovered a large scale cyber spying operation after examining the Dalai Lama's computers for signs of malware.

John Markoff, New York Times, wrote "Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries, and other government offices, as well as the Dalai Lama's Tibetan exile centers in India, Brussels, London, and New York."

This is said to be, by far, the largest spying operation to come to light in terms of countries affected. The malware installed on the computers has the capability to turn on the infected computer's cameras and audio-recording, allowing monitors to see and hear what goes on in a room. The researchers do not know whether this method of spying was used, but the capabilities of the malware are 'remarkable'.

The Information Warfare Monitor, an advanced research activity tracking the emergence of cyberspace as a strategic domain, published a study titled "Tracking GhostNet: Investigating a Cyber Espionage Network".

In the foreword of the study, it states "This report serves as a wake-up call. At the very least, a large percentage of high-value targets compromised by this network demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet...These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly."