Vast Spy System Loots Computers

Amazing, but not that surprising. The full 53-page report is available here, if you are interested in the details1.

Computer Consultants

A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.

In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware.

Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York.

The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.

Intelligence analysts say many governments, including those of China, Russia and the United States, and other parties use sophisticated computer programs to covertly gather information.

[Click to read more of Vast Spy System Loots Computers in 103 Countries – NYTimes.com]

Amusing that this front page article doesn’t once mention the operating system the target computers ran. Did Microsoft agree to purchase full page advertisements in the Sunday New York Times for the next ten years in order to keep Windows and Outlook from being mentioned in the story? Why do governments use Windows in sensitive networks anyway? Even if they didn’t use Macs, perhaps they could use Linux machines instead.

Apple Logos

Kim Zetter of Wired adds:

Infected computers include the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, and the Philippines and embassies of India, South Korea, Germany, Pakistan and Taiwan. Thirty percent of the infected computers could be considered “high-value” diplomatic, political, economic and military targets, the researchers say.

The largest number of infected computers in a single country were in Taiwan (148), followed by Vietnam (130) and the U.S. (113). Seventy-nine computers were infected at the Taiwan External Trade Development Council (TAITRA). One computer at Deloite & Touche in New York was among those infected in the U.S.

The earliest infection the researchers found occurred May 22, 2007; the most recent infection at the time they wrote their report was March 12, 2009. Each computer was infected for various amounts of days, with the average being about 145 days. There were significant spikes in the number of systems infected in December 2007 (113 of 320 infections in December occurred at TAITRA in Taiwan) and August 2008.

The researchers found the network after examining computers at the Dalai Lama’s office and found that the system had gained control of mail servers for the Dalai Lama’s offices, allowing the spies to intercept all correspondence.

The computers were infected either after workers clicked on an e-mail attachment containing malware or clicked on a URL that took them to a rogue web site where the malware downloaded to their computer. The spy network continues to infect about a dozen new computers in various places each week, according to the researchers, who are based at the University of Toronto’s Munk Center for International Studies.

The malware includes a feature for turning on the web camera and microphone on a computer in order to secretly record conversation and activity in a room.

They write that e-mails that OHHDL workers received that contained the infected attachments appeared to come from Tibetan co-workers. In some cases, monks received infected e-mails that appeared to come from other monks. The attackers seemed to target their infected correspondence at key people in the OHHDL office, including network administrators. In this way, the attackers likely gained login credentials for the mail server. Once they had control of the mail server, they were able to infect more computers by intercepting legitimate e-mail in transit and replace clean attachments with infected .doc and .pdf attachments that installed rootkits on the recipient’s computer that gave the attacker full control over the computer.

One monk reported that he was looking at his screen when his Outlook Express program launched on its own and began sending out e-mails with infected attachments.

[Click to continue reading Electronic Spy Network Focused on Dalai Lama and Embassies | Threat Level from Wired.com]

Fascinating stuff. China is very serious about keeping Tibet under their thumb.

Footnotes:
  1. unfortunately, to download the document as a PDF, you have to give up an email account, and other personal data []

Reading Around on March 18th through March 19th

A few interesting links collected March 18th through March 19th:

  • Reminiscing at Arco Arena – Quickly, I thought to myself, Jesus, I don’t know what I’m going to do about it, but I can’t back down now. I noticed that he had just brushed his teeth and there was a little toothpaste in the corner of his mouth, so I pointed to the corner of his mouth and said: “Hey, Gary, you’ve got a little toothpaste in the corner of your mouth.” To this day, I have no idea why I said that. I just didn’t have an answer to “So what are you gonna do about it?” I knew I couldn’t say: “I’m gonna kick your butt” because I was a flabby 39-year-old sportswriter at the time and he was 26 and chiseled and no doubt would have beaten the hell out of me.

    His response to the toothpaste comment was this: He came at me with an overhand right that was intercepted by either Sam Perkins or David Wingate, thankfully, because it no doubt would have hurt my face.

    Then George Karl bear hugged me, to prevent me from charging Payton, figuring I had plans to do that, which I didn’t.

  • Base Station Firmware May Resolve Time Capsule Disk Problems – “One piece of advice if you’ve had problems in the past: Back up any existing Time Machine disk images to an external disk using the Archive feature in Disk Utility, erase them from the drive, and start fresh with new Time Machine backups.

    The Leopard-only Time Machine feature works as an incremental backup system, writing all files on a selected system to a disk image in a first pass, and then only creating copies of files that have changed each hour while Time Machine is active.”

  • Gapers Block : Drive-Thru : Chicago Food – San Marino Deli: Welcome New Addition to West Loop Lunch Desert – Just noticed this place, but haven’t tried it yet.
    “A small deli counter is stuffed with imported cheeses, cured meats, marinated olives, salads and a rotating daily selection of warm entrees like lasagna and herb-roasted chicken. Classic sandwiches are made with a few different types of Italian breads, cheeses and cured meats. The sandwiches are gigantic, even on an American scale. The meatball sandwich (called “American”) was about two feet long, with four 2-inch meatballs and a generous ladleful of homemade tomato sauce (I got two lunches out of it). There’s a full coffee bar that serves illy coffee and an assortment of simple but delicious-looking pastries “

Reading Around on February 19th

A few interesting links collected February 17th through February 19th:

  • CBS Falsely Portrays Stanford as Democratic Scandal – But as Public Citizen, Huffington Post, ABC News and Talking Points Memo all reported, Stanford and his Stanford Financial Group PAC contributed to politicians and political action committees of both parties (including $448,000 in soft money contributions from 2000 to 2001 alone) to advance his agenda of banking and money-laundering deregulation. Many others journeyed on Stanford's junkets to Antigua and elsewhere, prompting TPM to brand his company "a travel agent for Congress." (TPM has a slide show of one of those of Stanford getaways.)

    As it turns out, the list of Stanford beneficiaries is long – and bipartisan.

  • Remembering Gene – Roger Ebert's Journal – Gene died ten years ago on February 20, 1999. He is in my mind almost every day. I don't want to rehearse the old stories about how we had a love/hate relationship, and how we dealt with television, and how we were both so scared the first time we went on Johnny Carson that, backstage, we couldn't think of the name of a single movie, although that story is absolutely true. Those stories have been told. I want to write about our friendship. The public image was that we were in a state of permanent feud, but nothing we felt had anything to do with image. We both knew the buttons to push on the other one, and we both made little effort to hide our feelings, warm or cold. In 1977 we were on a talk show with Buddy Rogers, once Mary Pickford's husband, and he said, "You guys have a sibling rivalry, but you both think you're the older brother."
  • TidBITS iPod & iPhone: iPhone to Add Location Logging? – Could the iPhone soon be able to track your location in the background as you walk around? A hint that such a capability is in the works at Apple comes from a programmer friend who spent some time spelunking around inside iPhoto '09, which shows traces of being able to associate such GPS log data with photos.
  • Daily Kos: Chocolate Covered Cotton – billmon – The fatal innovation…was the rise of so-called collateralized obligations, in which the payment streams from supposedly uniform pools of assets (say, for example, 30-year fixed prime mortgages issued in the first six months of 2006 to California borrowers) could be sliced and diced into different securities (known as tranches) each with different payment characteristics.

    This began as a tool for managing (or speculating on) changes in interest rates, which are a particular problem for mortgage lenders, since homeowners usually have the right to repay (i.e. refinance) their loan when rates fall, forcing lenders to put the money back out on the street at the new, lower rates. This means mortgage-backed securities can go down in value when rates fall as well as when they rise. By shielding some tranches from prepayments (in other words, by directing them to other tranches) the favored tranches are made less volatile and thus can be sold at a higher price and a lower yield.

  • An old habit dies… hard. « chuck.goolsbee.org – "I stumbled across a likely little application that seems to fit the bill: Gyazmail. It has a very flexible UI that allows me to make it behave very Eudora-like when I want it to. It has very good search, rules, and filters. It can import all my old mail(!)

    I’m test driving it at the moment and liking it so far. Switched my work mail to it late last week, and my personal mail is still coming over one account at a time. So far so good. If you regularly contact me via email be patient while I work through this transition period."

    I'm still using Eudora on three of our most used Macs (since 1995 probably -only 14 years), but the writing is on the wall. Have to check out Gyazmail.

  • Hands on: Drop.io's private, easy file sharing with a twist – Ars Technica – Sharing information online is getting more complex than it sometimes should be. If you want to share pictures, files, plain ideas, or even faxes with friends or businesses, you can try the old e-mail standby, but you may end up joining a social network, agree to a dense privacy policy, and then track down an app made by who-knows-who to get the job done. Even starting a simple blog usually involves more time than most users can afford‚ and more features than they'll ever need. Drop.io is an intriguing, but simple, new service that is part wiki, part file sharing, and part personal secretary, with an emphasis on privacy and ubiquitous access, requiring no signup or account activation.

    Upon visiting Drop.io—pronounced as a seamless single word: "drop-ee-o"—the site presents a basic elevator pitch about its services and a short form with which to get started uploading files.

  • Fat Tire Ale Downed Near Load Of Burgers – A Good Beer Blog – Motorists on Interstate 15 were impeded by a piles of hamburgers after a truck spilled a load of the patties, blocking the northbound lanes for four hours. The driver of a tractor-trailer carrying 40,000 pounds of hamburger patties dozed off around 5 a.m., said Utah Highway Patrol trooper Cameron Roden. The truck driver's rig drifted to the left side of the freeway near 2300 North and crashed into a wall and an overhead sign, which ripped open his trailer, spilling hamburger over the north and southbound lanes of the interstate…A second truck spill east of Morgan caused minor delays. Before 7:30 a.m., a truck was heading westbound on Interstate 84 about a half-mile east of Morgan… The truck slipped off to the left, hit a guardrail, and flipped over on its side. The impact split the truck open, spilling Fat Tire Beer being shipped from Colorado, Roden said.
  • The Associated Press: Chimp owner begs police in 911 call to stop attack – Police said that the chimp was agitated earlier Monday and that Herold had given him the anti-anxiety drug Xanax in some tea. Police said the drug had not been prescribed for the 14-year-old chimp.

    In humans, Xanax can cause memory loss, lack of coordination, reduced sex drive and other side effects. It can also lead to aggression in people who were unstable to begin with, said Dr. Emil Coccaro, chief of psychiatry at the University of Chicago Medical Center.

    "Xanax could have made him worse," if human studies are any indication, Coccaro said.

  • Facebook | Home – Over the past few days, we have received a lot of feedback about the new terms we posted two weeks ago. Because of this response, we have decided to return to our previous Terms of Use while we resolve the issues that people have raised. For more information, visit the Facebook Blog.

    If you want to share your thoughts on what should be in the new terms, check out our group Facebook Bill of Rights and Responsibilities.

  • Big Tuna – Chicago — Anthony 'Big Tuna' Accardo, reputed crime syndicate figure, and his wife are shown as they arrive at the St. Vincent Ferrer Church in suburban River Forest to attend wedding of their son Anthony Jr, who was married to the former Janet Hawley, 1961 Miss Utah. Many top gangland bosses and other underworld figures attended the wedding under the watchful eye of law enforcement agencies
  • Home | Recovery.gov – Recovery.gov is a website that lets you, the taxpayer, figure out where the money from the American Recovery and Reinvestment Act is going. There are going to be a few different ways to search for information. The money is being distributed by Federal agencies, and soon you'll be able to see where it's going — to which states, to which congressional districts, even to which Federal contractors. As soon as we are able to, we'll display that information visually in maps, charts, and graphics.
  • George Will: Liberated From the Burden of Fact-Checking | The Loom | Discover Magazine – In an opinion piece by George Will published on February 15, 2009 in the Washington Post, George Will states “According to the University of Illinois’ Arctic Climate Research Center, global sea ice levels now equal those of 1979.”

    We do not know where George Will is getting his information, but our data shows that on February 15, 1979, global sea ice area was 16.79 million sq. km and on February 15, 2009, global sea ice area was 15.45 million sq. km. Therefore, global sea ice levels are 1.34 million sq. km less in February 2009 than in February 1979. This decrease in sea ice area is roughly equal to the area of Texas, California, and Oklahoma combined.

    It is disturbing that the Washington Post would publish such information without first checking the facts.

  • Wonk Room » George Will Believes In Recycling – Will’s numerous distortions and outright falsehoods have been well documented by Joe Romm, Nate Silver, Zachary Roth, Brad Plumer, Erza Klein, David Roberts, James Hrynyshyn, Rick Piltz, Steve Benen, Mark Kleiman, and others. They recognized that George Will is recycling already rebutted claims from the lunatic fringe, and offer the excellent suggestion that Washington Post editors should require some minimum level of fact-checking.

    But I haven’t seen anyone comment that Will is also recycling his own work, republishing an extended passage from a 2006 column — which Think Progress debunked — almost word for word. Take a look:

Reading Around on February 17th

Some additional reading February 17th from 01:12 to 15:32:

  • Galoscaves – The technology of building salt-iodine caves, patented in 108 countries, is based on the Black Sea salt, crystallized in natural conditions.

    The sea microclimate created inside the caves becomes an oasis of peace and relaxation for citizens of many countries.

    Since 2000, the Everet Company has been building Galos caves in Poland.

    This summer, the first salt-iodine cave in the U.S. was built according to very strict technological rules.

    Considering the low level of iodine found in the air in the middle-eastern part of the U.S., the cave was erected in the biggest city Chicago, IL. Thanks to the efforts of specialists from the Ukraine and Poland, two caves were built, in which healing attributes are being confirmed by testing.

  • Apple – Support – Apple Expert – Do you have questions or need technical support? Simply describe the issue and an Apple Expert will call you now. Or if you prefer to choose an exact time for the support phone call, schedule an appointment at your convenience. You’ll start at the front of the line—no waiting in the queue, no talking to a machine.