Forum latest

Son of GhostNet: China-based hacking targets India government
Written by Daniel   
Tuesday, 06 April 2010 18:15

From Ars Technica

The people who uncovered GhostNet, an extensive cyber espionage network that targeted the Tibetan exile community, are back with a sequel. Starting with an infected machine that was uncovered during that investigation, an international team of researchers has uncovered a completely separate network that primarily targeted the Indian government, and uncovered some classified documents that had been obtained by the hackers. By reconstructing the network, the team was able to trace things back to the hacking community in Chengdu, China.

The work involved a collaboration between the Information Warfare Monitor and the Shadowserver Foundation, but, over the course of its work, involved dozens of other security groups and experts. It also benefitted from extensive cooperation with the Office of His Holiness the Dalai Lama, which had previously approached the security researchers in response to security lapses that unearthed GhostNet. The researchers take what they term a "fusion methodology," which is basically a combination of fieldwork—studying infected systems in situ—with standard security approaches.

The investigation grew out of GhostNet in two ways. As part of their efforts to help the Tibetan exile community secure its systems, the researchers were monitoring the network used by the OHHDL. As part of that monitoring, they uncovered an malware-infected machine that attempted to transfer documents to a control server.

Separately, they found that most of the control servers identified through the GhostNet investigation were taken down after their report on it was released. As the domain registrations on these servers lapsed, the researchers grabbed them for themselves, and created what's termed a DNS sinkhole, in which requests from compromised machines were directed to one under the researchers' control, allowing a study of the command-and-control communications.   [More...] [Comments...]



See also

None found.

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either