Monday, March 30, 2009

Thoughts on GhostNet

I thought it would be useful to provide some concluding thoughts on GhostNet as a means to wrap up today's in class discussion.
  • Its important to note that the real work in these type of social malware attacks is not in the vulnerability discovery and exploit creation process. Rather the real work is in the social engineering phase - that is the research conducted that enables the hackers to design an email, or other form of communication, that convinces the target to infect him or herself.
  • While these attacks illustrate an attack on confidentiality, from a technical perspective there is nothing that prevented the hackers from attacking both integrity and availability. In the case of GhostNet, it is highly likely that the hackers were interested only in stealing information and therefore did not want to alert the targets to their presence by conducting a denial of service attack or by altering the function of the targeted network.
  • While there is both technical and circumstantial evidence that attributes these attacks to China, there is not necessarily enough evidence to attribute these attacks to the Chinese government.  The fact that the botnet was not encrypted and that the command and control servers were openly accessible appear to indicate that a traditional government organization tasked with espionage was not directly responsible for carrying out the attacks.  Nation-states would typically guard their sources and methods with zeal in an effort to protect its access to intercepted communications.  That the GhostNet was openly accessible appears to indicate that patriotic hackers were responsible for the attacks. However, this does not mean that the patriotic hackers were operating with the implied consent of the Chinese government and providing the stolen information directly to Chinese intelligence.

1 comment:

Patrick D. said...

In our discussions of attacks that were similar to GhostNet, I never remember us talking about attacks through political networking sites.

I have discussed this with several of my friends and we found it baffling that we never heard about an attack on my.barackobama.com. In a fastcompany.com article it said that "By the time the campaign was over, volunteers had created more than 2 million profiles on the site, planned 200,000 offline events, formed 35,000 groups, posted 400,000 blogs, and raised $30 million on 70,000 personal fund-raising pages." This website also had Barack Obama supporter kid groups and a phone bank tool.

I believe it would be much easier for a hacker to capitalize on the fervor that surronds campaigns. Also, elections are becoming more heated than ever and it might be easy to recruit am angry, disconcerted and motivated person off a website, or use them to spread your malicious software.

The extent to which people argue about polics in this country is absurd. The lack of respect people have for each other in this country is often greater. When President Bush came out for Obama's election, he was booed by many people around me. Those same people were so enamored with the thought of having Obama become President that they would have gladly sent my malicious email out to thousands of Obama supporters looking for Anit - Bush news or propaganda.

Social sites like Facebook and Myspace and intruging places to launch an attack, but the network of information and excitment that one can capitalize on during a political campaign is second only to teenage girls at a Jonas Brothers concert.