Threat Center Security News GhostNet used for high-tech espionage
GhostNet used for high-tech espionage Print E-mail
Written by Rebecca Mints   
Wednesday, 01 April 2009 00:38

Espionage agencies are allegedly taking advantage of the spy botnet GhostNet for its intelligence work, using mainly the botnet's capability to monitor emails and chats from an infected computer and download personal information of the user.

A 10-month research conducted by the Canada-based Independent Warfare Monitor exposed how GhostNet works and what network hosts it may have already infected.

Researchers revealed over the weekend that two foreign embassies in Australian, namely the German Embassy and the Maltese Embassy, are among the hundreds of host computers that are confirmed to be infected.

A recent case mentioned by the researchers that give proof of GhostNet use for espionage involves Chinese authorities who allegedly acquired information from a suspected activist by monitoring her emails, chats, and all Internet activity.

β€œIt demonstrates the ease by which computer-based malware can be used to build a robust, low-cost intelligence capability and infect a network of potentially high-value targets,” the report stated.

The research also showed that there are now more than 1,000 hosts from 103 countries that have been exposed to GhostNet. This means that these computers are now infected with a trojan which an attacker exploits to control machines. With the trojan in place, attackers can also grab control of external devices attached to the computer, including microphones and web cameras.

GhostNet spreads through emails disguised as attached documents from legitimate sources.


WTW Threat Level