|
Risk Management and the Snooping Dragon |
|
|
I just came upon two recent reports that should be required reading for any CIO concerned with risk management: “The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement” put out by the University of Cambridge Computer Laboratory; and “Tracking GhostNet: Investigating a Cyber Espionage Network” by a group of researchers based at the Munk Center for International Studies at the University of Toronto. .
Both deal with social-malware that initially was targeted at undercutting the effectiveness of the Dahai Lama and the Tibetan government in exile and have now extended to about 1,300 computers in 103 countries. .
Granted malware attacks are nothing new, but “two aspects of this case make it worth series study,” the Cambridge report notes. “First, it was a targeted surveillance attack designed to collect actionable intelligence for use by the police and security services of a repressive state (China), with potentially fatal consequences for those exposed. Second, the mod operandi combined social phishing with high grade malware. This combination of well-written malware with well-designed email lures, which we call social malware, is devastatingly effective.”.
This lethal combo can do enormous damage, the Cambridge report states. “Few organizations outside the defense and intelligence sector could withstand such an attack, and although this particular case involved the agents of a major power, the attack could have in fact have been mounted by a capable motivated individual.” .
Indeed, the Toronto researchers, who had also been hired by the office of the Dahli Lama, bears this out, exposing for what is believed to be the first time a computer system has been used in an intrusion of this magnitude and underscores the apparent ease with which cyberspace can be used as a vector for a new do-it-yourself form of signals intelligence. .
According to the Cambridge report, the Chinese used so-called Snooping Dragon social malware to create all kinds of problems, some of them minor, many of them serious. For instance the Dalai Lama’s Office of His Holiness the Dalai Lama (OHHDL) would send out an email invitation on behalf of his Holiness to a foreign diplomat. Almost immediately the Chinese government would contact the diplomat and warn him not to go ahead with the meeting. Clearly the OHHDL network was being tapped. Then, there were hundreds of email supposedly from Tibetans to their countrymen and fellow workers urging them to visit bogus website which enabled the Chinese to spread malware. .
Once the social malware purveyors gained an initial foothold, the attackers had access to the mailboxes of users of the OHHDL mail server, notably those prominent members of the organization and key support staff including the system administration team. Often the attackers would steal email in transit and replace attachments with toxic ones. "Few organizations outside the defense and intelligence sector could withstand such an attack," the report says. .
The Ghostnet report, which states that the malware system is controlled from China-based computers comes from China but does not go so far as to state the Chinese government is responsible, says more than a dozen new computers are invaded and monitored a week. To date Ghostnet spies have monitored a NATO system as well as computers in the Indian Embassy in Washington, other ministries of foreign affairs, embassies, international organizations, news media and NGOs. It can not only intercept and alter email messages, the Toronto researchers says, but can activate the camera and audio-recording functions of an infected computer. .
The Toronto researchers have alerted international law enforcement agencies of the spying operation. .
For Ghostnet report go to: http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network
For Snooping Dragon: http://www.scribd.com/doc/13782822/The-snooping-dragon-socialmalware-surveillance-of-the-Tibetan-movement
Only registered users can write comments.
Please login or register. |
