GhostNet Haunts Government Offices

After a request to check whether computers from the Tibetan exile network were being accessed, the IWM acted by opening an investigation on Cyber Espionage.

The report conducted by the Information Warfare Monitor (IWM) comprised of researchers from SecDev Group based in Ottawa, Canada and the University of Toronto's Munk Centre for International Studies has been given the title of “Tracking GhostNet”. The researchers have revealed that over 1295 computers in 103 countries have been infiltrated by a suspected electronic spy network after carrying out a 10 month investigation into allegations that China were cyber spying against Tibetan Institutes.

Documents are being removed by the GhostNet spy network without any of the targets' knowledge. Methods of data penetration have included taking control of computers belonging to several foreign ministries around the world using malicious software, (a.k.a malware). This has enabled hackers to trigger microphones and webcams to gain access to sensitive information.

The troubling report reveals that the GhostNet has infiltrated government offices around the world, including that of Britain's Indian High Commission, news agency Associated Press and the International Chamber of Shipping. More shockingly, embassies of countries including India, Indonesia, Romania, Germany and Pakistan have also been targeted.

Evidence has suggested that an alarming 30% of the hosts infected by GhostNet are considered to be “high value” targets including those of international organisations and has also compromised that Tibetan Computer Systems seem to have the most amounts of hits, including documents of sensitive data extracted from the private office of Tibet's spiritual leader, the Dalai Lama.

Intellegence Chiefs in Britain are also warning of the exposure of our vital services the GhostNet has revealed. The cyber spy network have the capability to shut down Britain by brining a halt to critical services such as the power, water and food supplies. Alex Allan, chairman of the Joint Intelligence Committee (JIC), briefed members of the ministerial committee of the national security threat from China in the Whitehall meeting in January. Whitehall sources from the meeting led by home secretary Jacqui Smith, revealed that ministers "had not paid sufficient attention to the threat in the past", despite the warnings given from the intelligence services. The Whitehall report impacts the message by highlighting that although there is a low risk of China exploiting the capabilities, the impact of China shutting down Britain would be very high, and is "likely to bring Britain to a complete stand still."

The Tracking GhostNet report has gained no conclusive evidence that China's government are behind the cyber attacks, however the analysis from the IWM reveals that “numerous politically sensitive and high value computer systems were compromised in ways that circumstantially point to China as the culprit.” Beijing has also denied being connected or any involvement with GhostNet.

Attack Codes Breach Our Browsers

Firefox browser's vulnerability has just been published by the Security researcher Guido Landi after an attack code was released on to several security sites on March 25th, revealing details of a malicious bug, targeting critical and unpatched flaws in Firefox.

It is believed that these flaws can allow attackers to modify the coding and use it to push unauthorised software onto Firefox user's computers, allowing more attackers to load themselves into Firefox as they have done in the past, prior to the release of the code earlier on this week.

Andrew Brandt, threat expert at Webroot, has been commenting on the recent attacks against Firefox. In a statement given to SC Magazine earlier on the week, Brandt expressed: “In the past few weeks, we've seen malware writers up the ante in their bets against Firefox.” Brandt later added that “two new spies came across the transom in the past week, and easily managed to load themselves into a freshly installed copy of Firefox 3.0.7.”

Developers at Mozilla have reportedly taken immediate reaction to amend the flaws uncovered by the newly published code and are expecting to place a patch for the flaw in the new forthcoming Firefox 3.0.8. However, the new 3.0.8 release of Mozilla Firefox is not due to be published until sometime next week, leaving users vulnerable to the hacker's modified codes and allowing unauthorised software to seep into PCs, damaging any applications that are on the station.

The news of the malicious bug in the code is one of many reports to hit the headlines in technology today, highlighting the issues that even web browsers are not as secure as users believe them to be. The last outbreak of hackers hitting web browsers was back in November last year, where Thunderbird 1.5.0.8 and SeaMonkey 1.0.6 were also affected alongside the Firefox 1.5.0.8 release. As shown in the November attacks, hackers are finding stronger ways to attack the internet, including that of crafting authentication certificates and impersonating as websites, email systems and browsers.

The security chief for Mozilla, Window Snyder, is now urging for Firefox users and those of similar browsers to upgrade to the newest versions to prevent user's PCs from being affected from the recent attacks. The new release of the Firefox is due to be released on 1st April, with a further upgrade, Firefox 3.0.9, looking to be released on 14th April.

Concerns over Child Protection Brought to Life

Resulting from the meetings held yesterday (Wednesday 25th March 2009) in Brussels, the European Commission are setting out plans to toughen the existing legislation already in effect, from 2004 and 2002 respectively, for human trafficking and child sexual abuse.

The intentions announced by European Commission Vice President Jacques Barrot, responsible for justice affairs, regard adapting the 2004 legislation to include child sex abuses on the internet in a bid to punish those who are luring children through the internet with the purpose of sexually abusing them and watching child pornography on the web.

However, with 89% of the world population using the internet and over 92% of the world's children having on-line access, increasing numbers of parents are beginning to become more worried about their children surfing on-line today as new figures reveal the true extent and seriousness of these offences and many feel that little is being done to protect their children through monitoring the sites that they are visiting.

According to the International Labour Organisation, over 1000 commercial and over 500non-commercial child abuse content websites were found world wide in 2008, and an estimated 25% of these are mostly Peer-to-Peer (P2P). These numbers are said to be constantly increasing with the rapid changes to technologies available in the cyberspace, enabling more ways for Paedophiles and Human Traffickers to target and groom the internet today.

As reported from a survey run by security firm Symantec, UK parents alone are truly unaware how many hours children are spending on the net, underestimating the average per week by over 22 hours. The 2009 Norton On-line Living Report revealed that parents in Britain are among the worst to grasp how long children spend on-line, identifying that parents believed that their children spent less than 20 hours per week surfing the internet, where as the survey actually revealed that children are spending over 43.5 hours per week on-line.

With the internet looking evermore like the future for family communication and news, more and more children are looking and using unsuitable websites. With this key factor increasing the amount of time children are using the internet, parents are putting their children at higher risk by failing to monitor their on-line usage and safety.

America's Most Wanted host and co-founder of the National Centre for the Missing and Exploited Children, John Walsh (left), has been educating American parents on how to protect children from the dangers lingering on the internet. In a statement featured on The Balancing Act, an American Lifetime Television program, Walsh highlights the reasoning for bringing to light the education of parents to internet safety. "Children spend hours everyday on the Internet," says Walsh. "But most parents have no idea the scope of dangers that are lurking behind the computer screen." Walsh then adds: "It is imperative for parents to become security savvy and to know how to protect their child from unwanted contact by strangers, cyber bullying and more."

Another recent survey uncovered that 62% of parents today are unable to identify the contacts that their children talk to on-line, with 68% of those surveyed not even knowing which sites their children are visiting. These figures are alarmingly high in the UK, as many British parents are failing to supervise their offspring when they surf the net.

With little numbers of protective monitoring methods available today, social networking sites are being targeted by abusers and human traffickers to a greater extent, with a soaring concern for the amounts of personal details that are freely being given out on-line. The amounts of personal and highly intimate questions being asked to the nation's youth, along with unsolicited pictures breaching through children's profiles, are progressively on the rise. This is endangering our children further by allowing personal details to be freely handed out to absolutely anyone, including the strangers that these children are contacting on a daily basis.

With new found technology today, solutions are available (but the one I would like to mention) is the PM-007 protective monitor. This has come in the form of a small device which attaches on to the home network rather than computer software, which can bloat and cause instability on your computer. By actively monitoring internet traffic, one can block private data from leaving the home . Over time, analysis logs can be used to spot the coercion of paedophiles and other internet nasties, that may be trying to access and gain personal data from your network.

For more information about the PM-007 protective monitor device, or for any issues or queries you may have, please contact the Microexpert team.

Corporate Data Leaks Through Former Employees

Through a current survey conducted by Ponemon Institute and supported by Symantec Corporation in February 2009, it has been revealed that 60 percent of former employees keep corporate data after employment has been terminated.

The results presented by Dr Larry Ponemon, rightfully titled “Data Loss Risks During Downsizing- As Employees Exit, so does Corporate Data”, disclosed that of the sample population surveyed, 20 percent of recipients are employees who left or had their job terminated in the past 12 months. After asking “Did you have access to your former company's computer system or network after departure or termination of employment?” alarmingly over 25 percent of respondents can regain access to their former employer's computer networks.

A similar survey composed by Cyber-Ark, the IT security group, also worryingly reveals that 58 percent of British workers are prepared to acquire confidential company data if faced with possible job termination and 40 percent of the people surveyed said that they were already removing confidential data.

Those that have responded to the surveys have also identified that the data being accessed after employment are being used to aid finding a new job, starting their own business or to accomplish revenge through the means of leaking company sensitive data to competitors and customers.

The databases of client and customers are the most likely forms of data to be stolen, but along with the financial services sector, business proposals and product information, they are at the most highest risk from employee data theft.

Many employees have many different methods for removing data from companies, the numbers increasing as the years go on. The opportunities for data removal are made easier on a day to day basis with an ever increasing amount of small devices, each having the capacity to hold many gigabytes of data and work.

The Ponemon Institute survey reveals that the main four means of information transfer used by employees when keeping proprietary data include taking and hand carrying files, downloading documents onto CD or DVD, downloading electronic files onto a USB memory stick or sending documents as an e-mail attachment. These are the most occurring methods used by former employees to gain corporate information, with 61 percent hand carrying the information upon leaving work, 53 percent downloading the information onto CD or DVD and 41 percent of data removal being USB Memory Sticks or access through the company networks.

The surveys that have been published of late all demonstrate the risks of trusted insiders using corporate and sensitive data, highlighting the importance for all businesses to use and become more responsible for information security management, as well as increasing the security of sensitive information by protecting more files from employees.

Without hardening the security surrounding these files, more employees and insiders are going to be able to leak information through the company to customers and competition, causing business reputations and e-assets to be blundered.