Computer Espionage
Cyber Espionage Network Uses Rootkits to Spy on High-Profile Targets
Reports Conclude Social Malware Surveillance Used on Organizations in 103 Countries.
In an effort to set up a meeting with a foreign diplomat on behalf of the Dalai Lama, staff at the Office of His Holiness the Dalai Lama (OHHDL) sent a private email to the invited the guest. When the Chinese allegedly approached the foreign diplomat and discouraged the meeting, the OHHDL knew the email somehow landed in the wrong hands.
But how?
To find out, researchers with the University of Cambridge Computer Laboratory conducted on-site research at the OHHDL to determine if a computer compromise caused the leak.
The resulting technical report, The Snooping Dragon: Social-Malware Surveillance of the Tibetan Movement, revealed a number of successful logins to the OHHDL’s email servers came from IP addresses belonging to ISPs within China and Hong Kong, two places where none of the email users would have been associated.
Specifically, the March 2009 report indicates these logins came from Xinjiang Uyghur Autonomous Region, the home-base of intelligence units dealing with Tibetan movement.
But how did the Chinese gain access to the secret login information of the OHHDL?
“Email attachments appear to have been the favorured strategy to deliver malicious payloads,” according to the report. “This worked because the attackers took the trouble to write emails that appeared to come from fellow Tibetans and indeed from co-workers.”
The hacker set up the emails to look like they were coming from other monks, according to the report. These emails spread malware using infected attachments and links to infected websites. Because the recipients thought the emails came from fellow monks, they clicked on attachments or links that downloaded the malware, which came in the form of a rootkit.
Rootkits enter your computer as trojans, hide themselves deep inside your operating system, and open a secret backdoor through which anyone can enter and hide files and processes, alter your operating system, hide registry keys, steal personal information, intercept emails and more.
“Once installed, rootkits are almost undetectable by traditional security software solutions,” says Himanshu Sonkar, chief technologist and researcher at X-Wire Technology, the company which developed Tizer Rootkit Razor™, a free tool that detects and removes most kinds of rootkits.
Larger Network of Rootkits
The rootkits found at the OHHDL were only the beginning. The University of Cambridge field research in India was the first leg of an overall University of Toronto investigation, which included additional field research in India, Europe and North America.
Upon analyzing the gathered data, University of Toronto researchers and partners uncovered a large cyber espionage network called GhostNet that infected 1,295 computers in 103 countries. The project, titled Tracking GhostNet: Investigating a Cyber Espionage Network, found that 30% of those infected computers were considered high-value diplomatic, political, economic and military targets.
Just as at the OHHDL, the GhostNet system uses contextually relevant emails directed at specific recipients who unwittingly downloaded Trojan programs and malicious code attached to these emails. Once the so called gh0st RAT infects these computers, attackers gain complete, real-time control over these computers via commercial internet accounts located on the island of Hainan in the People’s Republic of China.
That means attackers can operate attached devices—including web cameras and microphones—to see and hear what’s happening in the target offices. Worse yet, attackers can download specific files to mine for contact information. Once attackers secure this contact information, they can use it to spread more malware through additional email documents that appear to come from legitimate sources.
Malware-Based Crime Spree
“The industrialization of online crime over the past five years means that capably-written malware, which will not be detected by anti-virus programs, is now available on the market,” reports the Cambridge study. “All an attacker needs is the social skill and patience to work the malware from one person to another until enough machines have been compromised to complete the mission.”
The Cambridge report, therefore, concludes that social malware is unlikely to remain a tool of well-funded, developed countries. In time, low-budget criminals from less developed countries will likely follow their lead.
Researchers at X-Wire Technology want to prevent such a vast criminal network in the future.
“To prevent such widespread criminal activity, we’ve developed a new tool to handle such malicious rootkits,” says X-Wire Technology’s Sonkar. “Unlike traditional antivirus software, Tizer Rootkit Razor™ works at the driver level to find the hidden rootkits through the processes they hide.”
Detecting and removing rootkits using this method assures your system will not become part of the next wave of rootkit-based computer crimes.
About the Author
John Moore is the marketing and communications manager for X-Wire Technology, a company focused on computer security solutions and other IT initiatives. About X-Wire Technology Headquartered in Chapel Hill, NC, and with offices in Mumbai, India, X-Wire Technology provides IT services to clients around the world. As a Microsoft Certified Partner that has achieved Microsoft Competency in ISV/Software Solutions, X-Wire Technology specializes in product development, technical support, software customization, business automation, ecommerce solutions, web programming, design and engineering services.
How to remove adware, spyware, dailers, keyloggers, trojans, and protect your usage tracks…
|
|
ATARI Swashbucklers Blue Vs. Grey High Seas Showdowns Bare-Fisted Brawls Exotic Locales Popular $19.19 Get ready to take on the role of Abraham Gray, the schizophrenic and morally lacking Captain in his smuggling adventures throughout the treacherous waters of the Caribbean! Set against the backdrop of the American Civil War, experience Captain gray’s exploits as he becomes embroiled with the case of the mysterious English ironclad build in Liverpool! Requirements. WindowsXP. 1.5GHzIntelPentium… |
|
|
Donizetti – Anna Bolena / Bonynge, Sutherland, Morris, Canadian Opera Company $26.96 It would have been better, of course, if this 1984 production of Donizetti’s Anna Bolena, or at least its title role, had been filmed 20 years earlier, when Joan Sutherland’s voice was in its spectacular prime. But like her Canadian Opera Norma, dating from 1981, this is a better-late-than-never documentation of one of the most remarkable voices of the 20th century. Lotfi Mansouri spared no e… |
|
|
King of the Cowboys $2.18 KING OF THE COWBOYS – DVD Movie… |
|
|
Donât Bug Me: The Latest High-Tech Spy Methods $15.00 This comprehensive study of spying devices shows you how to stop others from tapping into your privacy and violating your right to be left alone. It covers everything from inexpensive transmitters hidden in potted plants to the latest high-tech supersystems favored by governments and businesses…. |
|
|
Jumpin’ Jack Flash $4.16 Whoopi Goldberg (The Color Purple) gives one of her earliest and finest film performances as Terry Doolittle, a computer programmer who unwittingly becomes embroiled in an international espionage scheme, forced to outmaneuver the CIA and KGB in this riotous 1986 Cold War comedy. Doolittle, the outspoken and irreverent employee of an international bank, is working overtime one evening when her ter… |
|
|
Sneakers (Collector’s Edition) $2.49 This enjoyable thriller, written and directed by Phil Alden Robinson (the screenwriter of Field of Dreams), follows a raggedy group of corporate security experts who get in over their heads when they accept an assignment poaching some hot hardware for the National Security Agency. Robert Redford plays the group’s guru, an aging techno-anarchist who has been hiding from the feds since the early 197… |
|
|
The 15 Minutes Job $1.99 … |
|
|
Reamde: A Novel $27.99 Amazon Best Books of the Month, September 2011: Neal Stephenson is quite rightly known as a writer of ideas, but don’t put it past him to pen a straightforward thriller. True, the plot of said thriller hinges on a massively multiplayer online game that’s a step beyond what’s actually available on the Internet circa 2011, but that’s as far as the sci-fi goes. Enter “REAMDE,” an online virus that br… |
|
|
Patriots: Surviving the Coming Collapse $7.76 paperback book… |
|
|
The Scarecrow $9.99 Book Description Forced out of the Los Angeles Times amid the latest budget cuts, newspaperman Jack McEvoy decides to go out with a bang, using his final days at the paper to write the definitive murder story of his career. He focuses on Alonzo Winslow, a 16-year-old drug dealer in jail after confessing to a brutal murder. But as he delves into the story, Jack realizes that Winslow’s so-calle… |