

Chasing Ghostnet, a espionage network w/ 1295 infected PCs - schtono
http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network

======
andr
The actual PDF: <http://dl.getdropbox.com/u/10731/15987355.pdf>

~~~
ciupicri
Thank you!

------
nikblack
WAY over-rated story. The network is built using a script kiddy tool called
Gh0st RAT, which relies solely on social engineering to propagate. There are
no new exploits here, or nothing as sophisticated as confiker especially since
Gh0st RAT is a simple client/server model that is very easy to block (infact,
most firewalls should already be blocking it).

The security company that wrote that report probably charged hundreds of
thousands of dollars for information that any competent network admin could
have found online or would already know if they kept up to date with the
'latest' (ie. 10 year old) threats.

It just happens that one of these networks hits a high-valued target, and then
propagates. Note that most of the victims are incredibly unsophisticated and
from poorer countries or organizations without a clue.

The lesson here should be about training computer users and having competent
administration and support of IT infrastructure, rather than a scare campaign
about Chinese government hacking. ('oh the host server is a Chinese IP, it
must be the government! (300M net users in China.. durgh)).

------
ckinnan
60 minutes just ran a story on Ghostnet. It is a terrible development-- these
networks undermine online trust and e-commerce everywhere.

