Gh0stNet


2658532094_10f267bf0e_b The latest security news (hype?) is the discovery of Gh0stNet. Links:

My take on it? There is no proof that China is behind this. There are alternative explanations (as the paper correctly points it out on page 47, but I don’t think that most people got that far). The fact that all those government institutions got penetrated only shows that most people don’t get security (even in “high risk” places). Yes, some of the attacks were targeted, but we hear almost daily about your average worm penetrating all kinds of “big” institutions.

A qualm of mine with the report is too secretive: it tries to black out essential parts (no MD5 is given for the files, etc). Also, there are some aspects which make the fact that this was a “professionally run” operation less believable:

  • From what I’ve seen, the associated GUI only makes it possible to control one machine at a time. This is very ineffective.
  • They mentioned that one of the first files to be retrieved trough the network was one to contain email addresses. This seems to be indicative of spamming-operation more than an infiltration operation

Picture taken Môsieur J.’s photostream with permission.

, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *