If you haven’t just fallen off the turnip truck, you know that cybercrime is a serious and increasing problem. Many governments consider cyberspace to be a strategic target, and devote serious resources to attacking these targets (the United States, Israel, and the United Kingdom being considered the most sophisticated, with China not far behind). And many criminals, both organized and independent, consider cyberspace to be a legitimate target for their criminal enterprises.
In truth, however, while we all buy anti-malware programs for our machines and centers, and read about one worm or virus or another, most of us have little understanding of how this all works, or its implications. A new report from the Munk Centre for International Studies at the University of Toronto and The SecDev Group in Ottowa will help put this in perspective.
The report, Tracking GhostNet: Investigating a Cyber Espionage Network, shows that their investigation, originally aimed at what was believed to be Chinese attacks on Tibetian government in exile computers, “ultimately uncovered a network of over 1,295 infected hosts in 103 countries. Up to 30% of the infected hosts are considered high-value targets and include computers located at ministries of foreign affairs, embassies, international organizations, news media, and NGOs.”
While the story of GhostNet is interesting in itself, it is significant in that “It demonstrates that the subterranean layers of cyberspace, about which most users are unaware, are domains of active reconnaissance, surveillance, and exploitation.” If you are involved in cybersecurity, this is a must-read.