Widespread Cyber Espionage: More evidence and what to do about it

This week the New York Times and CNET ran a story by John Markoff titled “Vast Spy System Loots Computers in 103 Countries”

It reads in part:

“A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded. In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware.

Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London, and New York.”

The full report is available here:  “Tracking GhostNet: Investigating a Cyber Espionage Network.

The report itself is well worth a read by any technologist and by most technology users.  We should all know what we are up against.

Another technical view of the research is available at “Snooping Dragon

I’d also like to offer my opinion that many or even most of the attack vectors can be reduced or mitigated by smart technologists.  And other attack vectors can be reduced or mitigated by smart users trained to recognize when they are being fooled by social networking attacks.

For more on how to reduce threat vectors see:

This only touches on the technological paths into your systems, but it is a great start.

I would also like to offer the opinion that attack paths can be reduced by the smart use of open source technologies.  Open source technologies have fewer vulnerabilities.  They must also be smartly managed and must be well patched (although some few vulnerabilities are detected, when they are detected they need to be addressed right away).  But, the use of foundational secure systems like SE Linux and Trusted Open Solaris is a smart way to reduce your attack surface.


For more on these topics see the CTOvision Guide to National Security Technology and

Leave a Reply