Many news sources are reporting on how Google and other corporations were hacked by China.
The reports, depending on vendor, blame either PDF files via email as the original perpetrator, or lay most of the blame on an Internet Explorer 0day.
Unlike my colleagues (save for the ones reporting), I rather not discuss this too much before more data is available.
Regardless of what really happened, which I hope we will know more on later, these things are clear:
1. Unlike GhostNet, which showed an interesting attack, but unfortunately many of us jumped to conclusions without evidence that it was China behind them -- based on Ethos alone I'd like to think that when Google says China did it, they know. Although being a commercial company with their own agenda, I am saving final judgement.
2. The 0day disclosed here shows a higher level of sophistication, as well as m.o. which has been shown to be used by China in the past.
3. If this was China, which some recent talk seems to make ambiguous, but still likely; they would have more than just one weapon in their arsenal.
4. This incident has brought cyber security once again to the awareness of the public, in a way no other incident since Georgia has succeeded, and to political awareness in a way no incident since Estonia has done.
Gadi Evron,
ge@linuxbox.org.
Follow me on twitter! http://twitter.com/gadievron
Showing posts with label ghostnet. Show all posts
Showing posts with label ghostnet. Show all posts
Friday, January 15, 2010
Wednesday, April 01, 2009
GhostNet and computer spying on Tibet. It's just Spear Phishing.
Gary Warner covers the recent GhostNet story, where the New York Times told of academic research, uncovering a computer spy network using Trojan horses to spy on Tibet and the Dalai Lama, with fingers pointed at China.
While interesting as a case study and the researchers did good work... It's not new, it's really just old news called Spear Phishing. Using a "technology" called RAT.
You can read more about what Gary has to say here:
http://garwarner.blogspot.com/2009/03/ghostnet-or-gh0st-rat-cyber-persecution.html
Gadi Evron,
ge@linuxbox.org.
Follow me on twitter! http://twitter.com/gadievron
While interesting as a case study and the researchers did good work... It's not new, it's really just old news called Spear Phishing. Using a "technology" called RAT.
You can read more about what Gary has to say here:
http://garwarner.blogspot.com/2009/03/ghostnet-or-gh0st-rat-cyber-persecution.html
Gadi Evron,
ge@linuxbox.org.
Follow me on twitter! http://twitter.com/gadievron
Subscribe to:
Posts (Atom)