GhostNet: Reconnaissance For Internet Doomsday

The recent news about GhostNet, the suspected cyber espionage activity of the Chinese government uncovered by The Information Warfare Monitor is alarming news, to say the least. More than a thousand computers have been compromised with apparent ease, many in high-value secure government offices. Researchers revealed that the compromises were so sophisticated, that confidential documents were removed, video cameras and microphones turned on to observe events, and sophisticated key-loggers tracked everything that was typed. According to two of my sources well-placed in government and computer security, this is just the frightening tip of an enormous iceberg.

Many will recall my report on the FBI's concern about counterfeit network router hardware being installed in businesses and government agencies all across the nation. Many were concerned that the counterfeit routers contained code that allowed for a broad range of back-doors into secure computer systems, as well as covert kill-switches that would shut-down after receiving a remote signal. Indeed, several analysts found thousands of additional lines of machine code as compared to a non-counterfeit. Since the counterfeit hardware originated in China, the FBI was very concerned, so much so that they responded to my report.

Our work here, together on abovetopsecret, broke that important story to the world.

I've recently spoken to two well-placed computer security experts who firmly believe there is a frightening connection between GhostNet and the counterfeit routers. Their fear is that we are mere months away from a series of significant cyber attacks on key private sector businesses and portions of our infrastructure.

My first contact is a highly experienced computer security expert who often works directly with law enforcement and intelligence agencies. Asking for my assurances of complete confidence in his anonymity, he revealed that there is a great deal of concern, both among his IT counterparts and security experts within law enforcement, that GhostNet is a sophisticate reconnaissance system designed to locate the counterfeit routers. Many are speculating that the gHost RAT trojan (delivered via email and has been in broad use for months) may be triggered by recognizing key attributes of the counterfeit routers, and reports back the details of the exploitable network.

Experts are concerned that the number of infected systems discovered by The Information Warfare Monitor may very well be a tiny percentage of networks that are known to be exploitable, but not yet infected. GhostNet is cataloging potential networks and refining the cyber weapons for the next round of attacks. The activity seen thus far has been proof-of-concept tests of computer take-over software in preparation for larger-scale attacks -- a weapons test if you will.

My second contact is an IT manager at a large financial products company who tracked down and replaced a number of counterfeit routers in their network. As their internal security team examined all systems connected to the removed routers, he was alarmed at their findings. Nearly all of the Windows-based computer systems connected to the routers contained some form of malware. In comparison to other Windows computers on their network, only 10-20% on average had any type of malware. He cautioned that all of the systems on the counterfeit routers were new systems in public-facing installations (branch offices), and a higher-than normal infection rate was expected. However, the 100% infection-rate was unusual.

Both of these computer security professionals are increasingly concerned about the convergence of these two items that appear to point back to either the Chinese government, or Chinese state-sponosored cyber criminals. The report from Information Warfare Monitor stops short of specifically naming the Chinese government, or intelligence agencies within the government, as the culprit of these attacks. However, we do know that their intelligence agencies and law enforcement units have acted upon information obtained through GhostNet.

My contacts feel we (western nations) are mere months away from the second, more serious wave, of attacks designed to harm key corporations and interrupt vital infrastructure. The hope is that GhostNet is a tool of cyber criminals -- after all, if that is the case, we're safe, no criminal would cripple the networks that provide their bounty. What worries them most, however, is the combination of our complete lack of preparation (the U.S. DHS cyber security division is a joke), the stunning sophistication and multi-tiered nature of these attacks, and the disturbing potential connection to the Chinese government. To be clear, they feel a second wave of attacks are not likely to be a national disaster that cripples the nation, that may be reserved for the third wave.

The conspiracy theorist in me observes a number of causes for concern.

(1) - The mainstream press appears to be working hard to spike or avoid any connection of GhostNet back to the counterfeit router issue.

(2) - The media, especially US-based media, is typically over-playing the "hacker criminal" aspect of this story so as to avoid concern over state-sponsored cyber warfare -- they know we (western nations) are at a disadvantage.

(3) - The Chinese government has recently made a great deal of noise voicing concern over the US dollar and the need for a global currency. Causing harm to the US infrastructure through a well-placed cyber attack may significantly weaken the dollar and hasten their financial agenda.

(4) - After all that has happened after September, 2001, especially the increase in sophisticated Internet attacks as well as known state-sponsored cyber terrorism, why has the government let us down?


These developments indicate the Internet equivalent of the 9/11 attacks may very well be on the horizon. And again, we are not only not ready, we're completely clueless.


[edit on 30-3-2009 by mister.old.school]

They are probably just trying to watch youtube...

-----




Mod Note:

www.abovetopsecret.com...
AboveTopSecret.com takes pride in making every post count. Please do not create minimal posts or simple "I agree" posts when replying to threads.

[edit on 30-3-2009 by 12m8keall2c]

Not to make light of such a serious issue, but now I can see where they got the recent plot line to the series "24". Reading through your post here and some links to more info, I couldnt help but see the parallels between the two.

On a more serious note, right now is the prime time for such a strike. Look at how distracted people both in and out of government are. Financial disparity, more "wars on (fill in the blank)" than one can count, citizens protesting in the streets, astronomical job loss figures, fiscal future in the drink, and more.
This all adds up to a group of smart, opportunistic people making a bold move at a critical time.

Obama is to address the cyber threat issue at the G20

Great American’s Cyber Risk Insurance was developed to protect commercial enterprises, including not-for-profit organizations, from exposures inherent with the use of the Internet as a business tool.

finance.yahoo.com...

Now watch out for the company that gets hit, and they get to claim insurance.

Your right, we are completely clueless

I've wondered when something like this would come into public awareness. For years China threatened to leave Microsoft Windows and adopt Linux. They feared that MS, along with the NSA had planted back doors into the OS to spy on them. They apparently have considered the idea and don't trust us, right?

Then the US has all this networking hardware from China, complete with Chinese firmware (like an OS for the router) going into the some highly important organizations. I have a hard time believing no one in the government would thought it necessary to take precautionary measures (ie. reflashing the firmwares) before rolling them out for use in the states.

Unless, they fully trusted the Chinese not to spy on us,

Or

Unless this is part of some other agenda yet to be determined.

reply to post by mister.old.school


One thing I don't understand;
Why is it that people somehow believe that China is our "friend"?

The fact remains, is that China benefits from two possible scenarios that the U.S. is presently cruising towards.

If the U.S. collapses, China is best in the position to fill the void left by our military and trading collapse.

If the world moves towards a one world gov't , China also benefits greatest. I mean, they then have a third of the total votes if we were in such a situation.

My point?

Even if neither of the two situations above were to take place, there is no doubt in my mind that China eyes our bread basket, and the power we have on this globe.

What were we thinking?

Were we fooled by a sec. of state who is clearly in the back pocket of the Chinese, and has been for years?

I have no idea, but something makes me believe your OP spells big trouble for us all.

I just wanted to thank you for sharing this info with us. It was certainly illuminating and I applaud your efforts at making us see the light. With all of the Conficker stuff rolling around out there, it makes me wonder if maybe the Chinese gov't is behind that too. Star and flag to you!

You think this attack could be used as a means of garnering public support for the privatization of the Internet? Some interested party might then make use of this development to their advantage...

Come on, John(or different one?) Rockefeller already made a statement about the internet being a threat. It really has not worked out in the best interest of those hoping to keep secrets from spreading.

Now all this?

They don't want us to have free communications.

Reminds me of the Mexico fiasco. Mexico is in chaos, so they want to disarm US. Makes a lot of sense, yes?

Great find I was just downloading the zip when I read this thread. Here is a link for any one looking to check it out.

53 pages, part one start on page 11 and introduces context of background:
Tracking GhostNet Cyber Espionage Network

Great. It's bad enough we have to worry about the US government spying on our interwebs, now the Chinese are getting in on it.

The US intelligence and federal police agencies have often compromised foreign networks, illegally, in pursuit of their goals. The NSA monitors all traffic on the web. The government dropped its antitrust suit against MS - did they get backdoors into Windows in exchange?

And now counterfeit routers and "ghostnet"?

I've been worried about all out cyberwar for a while now. The US is probably bottom of the list in terms of being ready for a true cyberwar. Our military brass have no clue just how powerful a weapon the computer can be. Right now if Russia or China had enough brilliant security experts and equipment they could practically destroy this country overnight.

I've been into the information security scene for over a decade and you might think that by now the government and corporations would be secure but it's just not the case. I will say that finding your own high value 0-day exploits has become quite a challenge for an individual but selling pre-exploited routers to the US sure makes life much easier.

This also makes it easier to get into closed networks(not connected to internet). Many of our key infrastructures are run on closed networks for security reasons but with pre-exploited hardware they become vulnerable. It would still be tricky to get data off the network but if destruction is your only goal then life is good. You would just need to figure out a practical way to trigger the event.

I can't say when a serous cyberwar could break out but I certainly have seen my fare share of interesting activity on the darknets. I've also seen some serious bits of code floating around that had to be written by true zen masters. Just sneak peaks but enough to show you the kind of minds that you are up against and working with. If the US is attacked then put your faith in the public sector of America's information security elite, the government will be useless. They will probably go straight into blame mode.

Just one genius could seriously give the US major problems now imagine a whole bunch of specially trained and well funded individuals with all sorts of toys and code to crush you with.

Originally posted by mister.old.school
To be clear, they feel a second wave of attacks are not likely to be a national disaster that cripples the nation, that may be reserved for the third wave.

Phase 1

I feel that this is just the first wave that has already crippled financial institutions the world over, from hacking into corporate systems starting with Freddie Mac to Lehman to Citi and AIG, and spreading to hundreds of other financial organizations all over the world resulting in the present financial collapse.

Startling as it may seem, it is most likely that what were seeing is not reality. Hacked Information systems could be showing false data and not the actualities. Things are probably not that bad as made out to be! The balance sheets being churned out by corporations and banking institutions in over 100 countries do not give the true picture as these have been compromised. So what we’re seeing here is not the actual financial position of the companies but false data that has been fed into these systems to generate a financial crises!

So this phase or stage has been accomplished by the Chinese Government.

Phase 2

The second phase is the switch from dollar trading to SDR as a global currency causing harm to the US infrastructure, significantly weakening the dollar and hastening their financial agenda.

Zhou Xiaochuan, China's central bank governor, earlier this month said the world should consider the SDR, as a super-sovereign reserve currency. Is it China’s intention to relegate the dollar and move to a global currency instead? Yes! That way, America’s strangle-hold on the world’s financial systems will wane considerably and would carry little weight.

Phase 3

China’s financial clout at this stage will be supreme and it would then dictate terms by controlling the world’s economy. The new super power! The head of a New World Order!

This is a conspiracy of the Chinese Govt, by the Chinese Govt, for the Chinese Govt! And they’ve probably been working on this grand strategy since quite some time. GhostNet is the means to the end, which is world domination!

This is a conspiracy of horrendous proportions that would put all others combined in the shade!



[edit on 31-3-2009 by mikesingh]

I was wondering, would this have any link to the Confickervirus I've been hearing about?

[edit on 31/3/09 by Cthulwho]

Originally posted by mikesingh

Originally posted by mister.old.school GhostNet is the means to the end, which is world domination!

Reminds me of the Skynet in Terminator movies.

reply to post by mister.old.school


Everything is moving along as 'planned'. In fact it's ahead of schedule. Some say it had something to do with the 'heat'.

The 'people' are burning up over here.

Pinnochio looks UP and realizes he's not Pinnochio at all.

He bleeds as well!

How comforting?

reply to post by mister.old.school


Cyber war is something new and interesting the least, makes you wonder what the future holds. The thing we must take in to consideration is that all countries are involved in this new piece of warfare.

Just like missile shields some countries are playing defencive and just like weapons of mass destruction others are playing offensiive.

reply to post by mister.old.school


Ever thought that perhaps they already knew about the code? and the hacking? and that perhaps they where using this to their advantage (US AND OTHER GOVERNMENTS), you know playing China at their own game, allowing them to hack, and serving them up false information.

Then you come along, and place the whole thing in jeopardy?

While there are things I believe the public should know, I also appreciate that there are secrets that are there to benefit everyone in the long term, Espionage and trojan horses did not come about when computers came along, I think it began with a bunch of fellas, building a huge horse, then hiding in it, there have been several variations in history, and not all where giant hollow horses.

My point is, intriguing as all this cloak and dagger behind the scenes computer hacking seems to be, I cant for a second believe nobody went over these computers and chips with the finest tooth comb available, who in any Government is stupid enough, to buy components from their now new enemy, winning the contract from the Soviets by painting toys with lead, and poisoning baby food (allegedly) and then thinks, ahhh these are good and cheap, they cant be suspicious or dangerous to my Country?

I don't for a second believe that is true, what you see here is a game, a game of spies, probably right now, some guy in China, is doing a Windy Miller impression, telling all his friends that Bill Gates has hacked all their computers, and now has all the information needed to build the new bycicle prototype with electric horn.

What a way to get everyone thinking their computers may be vulnerable to hackers and Trojans, PLEASE ! people have been screaming that the Governments have been doing this for years, to it's own people, and now we are worried the Chinese might steal all our secrets, Enemies are every where according to our Governments.

Yeah right, lets start with our own first, they like to tell us who wants to hurt us don't they, and while were looking that way, some bastard is exiting through the back door with our lives on a disk, and he looks like Santa to me.

Interesting but:
China's economy is so tied to our, if the US is damaged financially, so will China. China depends on us consuming their goods as we are their biggest trading partner so by damaging us, they would be destroying their own economy.

The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware.

Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York.

Jack Loftus explains the simplicity of it:

Other GhostNet highlights include the ability to turn on webcams and microphones remotely, and a browser-based "dashboard" that the spies use to control their network of 1,295 computers. And yes, I mean a dashboard as in what you use to post those American Idol rants to your Wordpress blog. Researchers discovered the spynet using, of all things, a Google search.

blogs.computerworld.com...

Posted by kdawson on Tue Oct 24, 2006 03:27 PM
from the procurement-via-eBay dept.
Networking IT
spazimodo writes to point out a Network World report on the growing problem of counterfeit networking equipment. The article surveys the whole grey-market phenomenon, which is by no means limited to Cisco gear — they just happen to be its biggest target. From the article: "Thirty cards turned out to be counterfeit... Despite repeated calls and e-mails to his supplier, Atec Group, the issue was not resolved... How did a registered Cisco reseller (also a platinum Network Appliance partner and gold partner to Microsoft and Symantec) acquire the counterfeit [WAN interface cards] in the first place?... Phony network equipment [has] been quietly creeping into sales and distribution channels since early 2004... Counterfeit gear has become a big problem that could put networks — and health and safety — at risk. 'Nobody wants to say they've got counterfeit gear inside their enterprises that can all of a sudden stop working. But it's all over the place, just like pirated software is everywhere,' says Sharon Mills, director of IT procurement organization Caucus."

This is an article from Slashdot.
it.slashdot.org...
If you'll notice it's from 2006 and within the article, it talks about counterfeit routers being introduced as early as 2004 so it's been going on for approx. 5 years. From what I understand, the tech behind Ghostnet is fairly new (correct me if I'm wrong), so the router situation probably wouldn't be part of a 2 pronged attack.

Originally posted by Ownification
Cyber war is something new and interesting the least, makes you wonder what the future holds. The thing we must take in to consideration is that all countries are involved in this new piece of warfare.

Not all I would say the most primitive societies can be the least affected. I don't think being 'primitive' is bad, it's not analogous to being dumb or whatever. In fact in the future, they might have the last word.. 'I told you so!'

I'm planning on moving to such place, not for security reason, but I like the people, not because they are easily manipulated, but they represent the last of the good stuff left in humanity. That is honor, respect, loyalty, integrity, honesty, love, peace, joy, forgiveness, simplicity, contentment...

[edit on 31-3-2009 by ahnggk]