Computer spying network touched 103 countries

[twinscythe12332]

well, I guess it can be looked at as this way:
if you're in a highly confidential section of government, you shouldn't be checking your personal emails in the first place.

[insulin]

I remember designing a system for a large company in 2007. The system had an Intranet connected to a VPN that ran across 2 cities. It used 1mb line as backbone and we had to implement tunnelling systems and compression systems so that Data and e-mail had dedicated speeds given to them. We used domain controllers with the basic permission systems. We also implemented Active Directory and Raid with 5 redundant servers each one of them able to handle the network on their own. We also used what is considered a big No-No in the IT industry and that is dedicated IP addresses. Thus we knew of every computer and there were about 200 computers on the network. We also implemented Remote Desktop and other little goodies to make the system completely accessible for the administrators.

In the end the users had an E-mail service but were not able to send mail outside the intranet. I designed the system that only top management could send e-mail to the outside world. Also thanks to the systems I mentioned before all the mail was scanned and checked when it left the intranet and when it was received by the internet it was scanned and approved again. This type of system is a bit harsh but it shows you what can be done if the technology is understood correctly and used correctly.

We are now entering 2009 and the system is still working flawlessly. It never crashed once and virtually no down time. The only upgrade that was done was the backup system. The thing is we used the best like Gigabit LAN and encrypted-key-wireless LAN for the notebooks. It worked so well that the company saved money in the end.

[Frankincense]

OK Team....

I naturally had to take it "too far"...

Here's the 53 page Doc...
http://cryptome.org/ghostnet.zip

and the interpretation of one...

The recent news about GhostNet, the suspected cyber espionage activity of the Chinese government uncovered by The Information Warfare Monitor is news, to say the least. More than a thousand computers have been compromised with apparent ease, many in high-value secure government offices. Researchers revealed that the compromises were so sophisticated, that confidential documents were removed, video cameras and microphones turned on to observe events, and sophisticated key-loggers tracked everything that was typed. According to two of my sources well-placed in government and computer security, this is just the frightening tip of an enormous iceberg.

Many will recall reports on the FBI's concern about counterfeit network router hardware being installed in businesses and government agencies all across the nation. Many were concerned that the counterfeit routers contained code that allowed for a broad range of back-doors into secure computer systems, as well as covert kill-switches that would shut-down after receiving a remote signal. Indeed, several analysts found thousands of additional lines of machine code as compared to a non-counterfeit. Since the counterfeit hardware originated in China, the FBI was very concerned, so much so that they responded to the reports.


I've recently spoken to two well-placed computer security experts who firmly believe there is a frightening connection between GhostNet and the counterfeit routers. Their fear is that we are mere months away from a series of significant cyber attacks on key private sector businesses and portions of our infrastructure.

My first contact is a highly experienced computer security expert who often works directly with law enforcement and intelligence agencies. Asking for my assurances of complete confidence in his anonymity, he revealed that there is a great deal of concern, both among his IT counterparts and security experts within law enforcement, that GhostNet is a sophisticate reconnaissance system designed to locate the counterfeit routers. Many are speculating that the gHost RAT trojan (delivered via email and has been in broad use for months) may be triggered by recognizing key attributes of the counterfeit routers, and reports back the details of the exploitable network.

Experts are concerned that the number of infected systems discovered by The Information Warfare Monitor may very well be a tiny percentage of networks that are known to be exploitable, but not yet infected. GhostNet is cataloging potential networks and refining the cyber weapons for the next round of attacks. The activity seen thus far has been proof-of-concept tests of computer take-over software in preparation for larger-scale attacks -- a weapons test if you will.

My second contact is an IT manager at a large financial products company who tracked down and replaced a number of counterfeit routers in their network. As their internal security team examined all systems connected to the removed routers, he was alarmed at their findings. Nearly all of the Windows-based computer systems connected to the routers contained some form of malware. In comparison to other Windows computers on their network, only 10-20% on average had any type of malware. He cautioned that all of the systems on the counterfeit routers were new systems in public-facing installations (branch offices), and a higher-than normal infection rate was expected. However, the 100% infection-rate was unusual.

Both of these computer security professionals are increasingly concerned about the convergence of these two items that appear to point back to either the Chinese government, or Chinese state-sponosored cyber criminals. The report from Information Warfare Monitor stops short of specifically naming the Chinese government, or intelligence agencies within the government, as the culprit of these attacks. However, we do know that their intelligence agencies and law enforcement units have acted upon information obtained through GhostNet.

My contacts feel we (western nations) are mere months away from the second, more serious wave, of attacks designed to harm key corporations and interrupt vital infrastructure. The hope is that GhostNet is a tool of cyber criminals -- after all, if that is the case, we're safe, no criminal would cripple the networks that provide their bounty. What worries them most, however, is the combination of our complete lack of preparation (the U.S. DHS cyber security division is a joke), the stunning sophistication and multi-tiered nature of these attacks, and the disturbing potential connection to the Chinese government. To be clear, they feel a second wave of attacks are not likely to be a national disaster that cripples the nation, that may be reserved for the third wave.

The conspiracy theorist in me observes a number of causes for concern.

(1) - The mainstream press appears to be working hard to spike or avoid any connection of GhostNet back to the counterfeit router issue.

(2) - The media, especially US-based media, is typically over-playing the "hacker criminal" aspect of this story so as to avoid concern over state-sponsored cyber warfare -- they know we (western nations) are at a disadvantage.

(3) - The Chinese government has recently made a great deal of noise voicing concern over the US dollar and the need for a global currency. Causing harm to the US infrastructure through a well-placed cyber attack may significantly weaken the dollar and hasten their financial agenda.

(4) - After all that has happened after September, 2001, especially the increase in sophisticated Internet attacks as well as known state-sponsored cyber terrorism, why has the government let us down?


These developments indicate the Internet attacks may very well be on the horizon. And again, we are not only not ready, we're completely clueless.

Seems China is denying involvement and trying to alter the focus towards finding out who would blame China for this.....lmao!
http://www.voanews.com/english/2009-03-31-voa12.cfm

"Oldschool, China would like to have a word with you..."


If any of you have Cisco routers....http://it.slashdot.org/it/06/10/24/1819200.shtml

If any of you think of claiming from insurance ....http://finance.yahoo.com/news/Great-...-14765152.html

There already are known backdoors to windows operating systems. A hidden 'NSA key' used during cryptograpy built into windows. Anything you encrypt they can decrypt. Programs loaded remotely... They wouldn't let you use US tech against themselves would they.
http://www.heise.de/tp/r4/artikel/5/5263/1.html


Oh well...

[insulin]

Look do you want to make your computer completely safe there is only one way of doing it. You are a clever person and you know I am right. Isolate your network. If you unplug there is no physical access to your system unless if someone developed spyware based on telepathy. Security can do only so much I mean if I want to cripple the internet just attack the routers and it is done. There is no more internet. It is really that easy...