Cyber-Anarchists Twist Their Panties Over “GhostNet”

Do you want to generate a ton of press over an everyday occurrence and drive attention to your liberal cause? This is how you do it, as proven by Ron Deibert of the University of Toronto, CitizenLab and Munk Centre.

Ron Deibert attempting to make people think he has l33t Skillz in computer security, but he barely has skills in Google Picasa.

• Step 1: Pick a popular leftist cause or nation-state. For instance, global warming or Palestine.
• Step 2: Declare that the target is being attacked by its arch-nemesis.  In the case above, that would be Big Oil or Israel.
• Step 3:  Declare that the adversary is stealing documents with a remote control hacker program, and that the activity is part of a vast far reaching network.
• Step 4:  Come up with a cool name for this fake network like “PhantomMenace” or “GhostNet.”
• Step 5:  Profit!

This is exactly what Deibert did with this paper here, which accuses China of running a coordinated cyber attack against the remnants of the exiled Tibetan government to steal documents and intelligence.

Out of 53 pages, there is very little factual information and a ton of conjecture.  Some of the conjecture suggests that only the CIA, Israel and China would have the capabilities to do something on this scale of sophistication, but when you look at the facts, you find that the cyber issues being discussed are common everyday occurrences.

Fact:  The GhostNet “malware” is a remote control backdoor trojan horse program.  Such programs have been around for over a decade, like Back Orifice or SubSeven.  This malware has the odious capability of being able to turn on the camera and microphone.  Big deal.  SubSeven was doing that back in ’99.

Fact:  The malware was distributed by a phishing attack.  The email included an attachment of a word document that was trojanized to install a remote control trojan.  This is what phishing attacks do, but Deibert treats this like some sort of advanced cyber-warfare tactic.  Deibert even includes a copy of the email, but like the amateur he is, neglects to include a real copy that includes email headers that would show the internet trail and true sender’s identity.

Fact:  Members of the Exiled government of Tibet were stupid and clicked on the attachment and neglected to keep their systems up to date.  The only way Diebert’s crew was able to analyze the attack was to investigate pwn3d hosts.  Since they are buddy-buddy with the Tibetans, they were granted access.  I guess exiled governments can’t afford real professional cyber forensic teams, so they get Canadian anarchists to do the work instead.

Fact:  Once hackers had access to the affected systems, they stole documents and other valueable data.  This is what hackers do.  And apparently this fact is news to Deibert and his ilk.  So much so that they wrote a paper about it and held a press conference.

But doing cyber work is secondary to these guys.  What they are really trying to do is drum up sympathy for their cause.  And judging by the amount of press they are getting, it seems to be working.  It is just a shame that there are no credible cyber experts in the journalism field that are calling these guys out for their sloppy analysis and questioning their motives.

I wrote about these guys two years ago when they were creating a P2P proxy network to let their friends in China evade government censorship.  The fact that they are Canadians and commited acts of anarchy in the US during the WTO meetings in Seattle, and worship Che Guevara, Karl Marx and Noam Chomsky, destroys all shreds of credibility.