Jump to content

Talk:GhostNet

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Skeletor 0 (talk | contribs) at 16:21, 30 March 2009 (Discovery clarification). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

WikiProject iconComputer Security: Computing Unassessed
WikiProject iconThis article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
Things you can help WikiProject Computer Security with:
Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...
  • Review importance and quality of existing articles
  • Identify categories related to Computer Security
  • Tag related articles
  • Identify articles for creation (see also: Article requests)
  • Identify articles for improvement
  • Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
  • Find editors who have shown interest in this subject and ask them to take a look here.
WikiProject iconInternet Unassessed
WikiProject iconThis article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the project's importance scale.

infiltrated computers with malware

Why no mention that these 'computers' are almost always desktop machines running Microsoft Windows emacsuser (talk) 14:09, 29 March 2009 (UTC)[reply]

Because window is the most popular OS? --85.108.82.254 (talk) 14:31, 29 March 2009 (UTC)[reply]
For the same reason it's not mentioned that they use electricity. 67.240.138.106 (talk) 17:44, 29 March 2009 (UTC)[reply]

audio and video

this sounds very sensationalist: "The network possesses "Big Brother-style" capabilities, allowing it to turn on the camera and audio-recording functions of infected computers for in-room monitoring." If you infiltrate a computer, you can do anything you want with it, don't you? Open CD-Drive, print, and, yet yes, switch on cam and mike. To stress this fact for GhostNet sounds very much like disinformation to me. Jasy jatere (talk) 10:47, 29 March 2009 (UTC)[reply]

Well maybe the phrase "Big Brother" is sensationalist, but the fact that the PC can be used for covert audiovisual surveillance is important to note. —Preceding unsigned comment added by 86.42.185.96 (talk) 13:29, 29 March 2009 (UTC)[reply]
this is surely an interesting feature, which was first widely noted in the coverage of GhostNet. But in my view, this seems to be a change in reporting, not a fundamental difference between GhostNet and other mal/spyware. Jasy jatere (talk) 17:41, 29 March 2009 (UTC)[reply]
Jasy, you are correct, but I believe that no existing malware networks have implemented such functionality. For zombie networks being used for spam generation and the like, bugging the room the PC is in is irreleveant. For an infiltration network being used to gather intelligence, bugging the room the PC is in is extraordinarily valuable. As such, the fact this functionality is present provides information about the nature and use of the network. Toby Douglass (talk) 22:16, 29 March 2009 (UTC)[reply]

US computers

presumably no evidence of infiltration was found for any countries not on the list of 103, why is the US mentioned? Nickmuddle (talk) 11:48, 29 March 2009 (UTC)[reply]

Probably because most readers are American and they'll need that bit of extra reassurance... --candlewicke 13:21, 29 March 2009 (UTC)[reply]
Because it was taken from the New York Times article, verbatim. Also, many readers will probably be interested in knowing if American computers were affected, given the gravity of Sino-American relations. It's not a US-centric Wiki Cabal, jeez. ZeaLitY [ DREAM - REFLECT ] 13:52, 29 March 2009 (UTC)[reply]
If it's taken verbatim from the NYT article then likely it's a copyvio. Incidentally, the version Nick was referring to was this [1] where it was taken from Reuters Nil Einne (talk) 14:00, 29 March 2009 (UTC)[reply]
No evidence was found that U.S. or U.K. government offices were infiltrated ===>> Proof of USA and UK spying operation! M Haoran (talk) 14:47, 29 March 2009 (UTC)[reply]
M Haoran - you are a brand new user and your only contributions to the Wiki have been to this article and its discussion where in the space of about ten minutes you attempted, mainly by large deletions, to place a purely pro-Chinese view onto this article. Personally speaking, I cannot help but wonder if you are employed by whoever is responsible for Ghostnet. Toby Douglass (talk) 22:08, 29 March 2009 (UTC)[reply]
Firstly please WP:AGF. If M Haoran's actions are bad, explain to him why, there's no need to make accusations of sinister motives without any evidence of that. Especially, don't prescribe silly motives without evidence. There are a lot of people with pro-Chinese views on the internet, just as there are many with pro-Tibetian, pro American et al. To presume that every person who is pro Chinese works for the Chinese intelligence, is as dumb as presuming everyone who is pro-Tibetian works for the Dalai Lama or everyone who is pro-American works for the CIA. Many people with biased POVs of all types join wikipedia and start off poorly, some of them can be convinced to act properly, some of them still can't set aside their POVs and therefore fail to obey WP:NPOV etc and may eventually be banned. Some of them just never come back. We have no way of knowing which one M Haoran is going to be, but we should still respect him/her and WP:AGF that he/she is hear to improve wikipedia until he/she proves they're not worthy of respect Nil Einne (talk) 00:15, 30 March 2009 (UTC)[reply]
I have to agree with Nil Einne, the chances that M Haoran is employed by the people responsible for Ghostnet is infinitesimal. Let's try and and keep this from becoming the trainwreck of a talk page that is on the Beijing olympics. ƒingersonRoids 01:18, 30 March 2009 (UTC)[reply]
I accept your points, both of you, about not jumping to conclusions. However, FingersOnRoids, on what basis do you assert that the chances of Haoran (or other accounts here) working directly or indirectly with or for or alongside Ghostnet are infinitesimal? Toby Douglass (talk) 06:17, 30 March 2009 (UTC)[reply]
If M Haoran is somehow affiliated to the said "GhostNet", it only proves the fact that the "GhostNet" consists of a bunch of childish pranksters.Isnaciz (talk) 07:35, 30 March 2009 (UTC)[reply]


Wikipedia is not a forum. If you want to chat about conspiracy theories and secret agents, please do so on your individual talk pages (or on another site). Thank you. APK thinks he's ready for his closeup 09:36, 30 March 2009 (UTC)[reply]

connection with conficker possible?

Is it possible that this ghostnet is responsible for the conficker virus? 75.166.97.83 (talk) 17:37, 29 March 2009 (UTC)[reply]

Anything is possible but you must be very careful with how you consider such questions. The human mind has a specific bias towards associating events of similar magnitude, regardless of the evidence or lack of evidence for a connection. The very fact two events are of a similar magnitude causes us to assume correlation. Toby Douglass (talk) 22:10, 29 March 2009 (UTC)[reply]

How can you say the government is not involved?

How can you say the Chinese government is not involved when it was the Chinese government that acted on the stolen information, in the case of the Dalai Lama's emails??? Haiduc (talk) 17:40, 29 March 2009 (UTC)[reply]

The Wiki community isn't stating the Chinese government is not involved. We're simply reiterating what the New York Times and The BBC are speculating, and quoting the Chinese response. It's more than possible that the Chinese government is behind this program; but it's far from definite; and untill that information is conclusive, it's best to represent all sides without assumptions. 92.13.134.192 (talk) 17:55, 29 March 2009 (UTC)[reply]
The article reports merely what is written elsewhere. We do not offer opinions. Personally speaking, I concur. Unless they were perhaps selling that information to the Chinese Government, I can see no reason why a non-Government infiltration network would spend any time working on computers run by the Tibetien Government-in-exile. Toby Douglass (talk) 22:12, 29 March 2009 (UTC)[reply]
Just want to point out that within Mainland China, given the amount of public outrage against 2008 Tibet protests, it is entirely plausiable that a private group of Chinese nationalistic zealots could've done this. Jim101 (talk) 04:32, 30 March 2009 (UTC)[reply]
If you read the report provided in the external links, the Cambridge group do believe the Chinese government is to blame. I think there is ample evidence to suggest the Chinese government is responsible: the fact that it occurred in their country, the fact that they used the information to their advantage, and the fact that they have a sincere motive to profit from it – the monitoring of pro-Tibetan autonomy movements.Laneb2005 (talk) 18:22, 29 March 2009 (UTC)[reply]
Indeed, it points to the likelihood; added with the fact that the majority of targeted systems are the property of Asian states, that China has direct or indirect interest in. However, since no conclusive evidence could be drawn by the teams investigating the breach, and the Chinese government have denied the operation; other eastern governments, civilians, corporations, or even foreign intelligence services trying to embarrass China; shouldn't be ruled out, for now. Nigholith (talk) 18:43, 29 March 2009 (UTC) (DY:92.13.134.192)[reply]
Seconded. We do not know the truth. To assume it is an error. Toby Douglass (talk) 22:13, 29 March 2009 (UTC)[reply]
Thirded. If you read the paper, the 'attack' itself is quite primitive (read: scriptkiddies could have done it). There is no attempt to hide that servers in china made connections and downloaded files. There is then later use of some proxies that the authors say is 'unexplained' (ie. it could have been anyone from anywhere).--Dacium (talk) 01:09, 30 March 2009 (UTC)[reply]
As Jim101 pointed out, there are many Chinese zealots who could probably have done this. Indeed I believe there have been past incidents of such Chinese zealots hacking in the name of patriotism. Another possibility is that a third government carried out the operation in an attempt to implicate China and turn world opinion against her. This is not at all unlikely - the CIA, for example, has carried out similar operations many times in history. 202.40.139.168 (talk) 06:23, 30 March 2009 (UTC)[reply]

Although evidence shows that servers in China were collecting some of the sensitive data, the analysts were cautious about linking the spying to the Chinese government. Rather, China has a fifth of the world's Internet users, which may include hackers that have goals aligning with official Chinese political positions.

"Attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading," the report said.

Ohconfucius (talk) 06:31, 30 March 2009 (UTC)[reply]

One reason that I find this isn't likely to have a third party/government did this to implicate China is the lack of Japan as a target of hacking attempt. There is no reason to not target Japan especially if it's a politically motivated action against China. This is also another reason that I don't believe this is a work of zealots. They "always" target Japan whether there is a reason or not. That's like an Islamic clergy specifically excluding US when criticizing about "lack of moral standards in Western countries".--Revth (talk) 09:46, 30 March 2009 (UTC)[reply]
Excellent point. Also note that US/UK were not infiltrated. However, this is now find interesting in another way - whether I was the Chinese Government or not, if I were running GhostNet, I would want to infiltrate all these countries. They are all high value targets. It is curious therefore that such infiltration has not been uncovered. Either it was not found, or it was not done. Perhaps the people running GhostNet started on targets assumed to be more vulnerable? Toby Douglass (talk) 09:59, 30 March 2009 (UTC)[reply]
Incorrect data. The US, UK and Japan were infiltrated. Just not very much in the UK and Japan. Lots in Taiwan. [2] Toby Douglass (talk) 11:41, 30 March 2009 (UTC)[reply]

A more reasonable question...

Do we have any sources that address the origin of the name "GhostNet"? Nyttend (talk) 21:42, 29 March 2009 (UTC)[reply]

Per the NYT, it's simply what the Canadian researchers decided to call what they detected. 86.44.33.122 (talk) 22:00, 29 March 2009 (UTC)[reply]
And the NYT article got the name from the title of the University of Toronto paper. Nigholith (talk) 22:19, 29 March 2009 (UTC)[reply]

Spanish version

Can someone move the Spanish version (es:Ghostnet) of this article to "GhostNet" instead of "Ghostnet"? I noticed the interlanguage link was added, but it goes to an empty page. I've never edited es:wiki, so I can't move it. Gracias. APK thinks he's ready for his closeup 01:31, 30 March 2009 (UTC)[reply]

Thanks Jondel. APK thinks he's ready for his closeup 02:28, 30 March 2009 (UTC)[reply]

Chinese government

Without support of Chinese government, Chinese spynet wouldn't have became like this GhostNet, the article should mention about Chinese government involvement and why they are doing this.--Korsentry 03:15, 30 March 2009 (UTC) —Preceding unsigned comment added by KoreanSentry (talkcontribs)

Without support of Chinese government, Chinese spynet wouldn't have became like this GhostNet - Logical assumption, but no creditable source I find confirms this statement. It's one thing to say Chinese government knows the existance of GhostNet. It is a completely different level to say that they own and operate it. Where is the source of your claim that Chinese government owns and operates GhostNet besides the signs that Chinese Cyber-police let it slip under their nose?
Currently, there are three parties the could've create GhostNet: Chinese government, private hackers/criminals, and thrid countries. If you want to explain in the article on who created the GhostNet and why, you should include the other two parties besides the Chinese government to maintain NPOV, unless there are conclusive evidences that Chinese government indeed created GhostNet. Jim101 (talk) 04:02, 30 March 2009 (UTC)[reply]
Jim, those three parties covers everyone on the planet. Toby Douglass (talk) 06:21, 30 March 2009 (UTC)[reply]
That is my point. To be honest, the more I read into the GhostNet, the more it doesn't make sense. If it is the work of the Chinese Intellegence, a lot of vital target is not probed (why attack NATO when US Pacific Command is more important?). If it is the work of private zealots, then it shouldn't be this big, with no knowledge of the government and based purely in China. It is pretty much given that the Chinese government knows more about GhostNet than they tell us, given their powerful cyber-police force. But given the utter confusion of this entire matter, with anti-Tibetan indenpences/anti-US sentiment running all time high in China, plus the Chinese is just as good at hiding incompetence as hiding secrets, I urge caution on the matter unless we want this article to degrade into an edit war. Jim101 (talk) 14:44, 30 March 2009 (UTC)[reply]
This is beyond the scope of this article, but to be honest, this news of the existence of the so-called GhostNet leaves me with more questions than answers.
  • I believe completely that anything that Chinese hackers are capable of, their American, Russian, and Western European counterparts can do just as well, or even better. Does that mean hackers or governments in these other countries are also cyber spying on foreign governments?
  • Who funded this research to discover GhostNet?
  • How the heck did they conduct the research on secure government networks to discover that they've been spied on? These foreign embassies would either have to grant access to the research group (highly unlikely) or well, the research group was, itself, spying on these networks.
Hong Qi Gong (Talk - Contribs) 15:42, 30 March 2009 (UTC)[reply]

Speaking of conspiracy theories - the report could also be an attempt to frame the Chinese government of cyber spying. Credible source? No I don't have any... Hong Qi Gong (Talk - Contribs) 11:25, 30 March 2009 (UTC)[reply]

That is kinda the point. There are no suggestions that the CIA, Mossad, MI5 or whatever were behind it; there ARE suggestions from verifiable sources that the Chinese govt were (even if they turn out to be wrong). So we can report that, but we can't do WP:OR. SimonTrew (talk) 15:55, 30 March 2009 (UTC)[reply]

Beside it is illogical to assume that the CIA, Mossad or MI5 were behind it because it would be ten times harder to set up and conduct such operations in China than in their own countries. Further if they wanted to use another country as a smokescreen, there are far better choices than China with its crazy bandwidth restrictions and monitoring. Skeletor 0 (talk) 16:06, 30 March 2009 (UTC)[reply]

Is there a way to remove "GhostNet?"

Is there a way to remove "GhostNet?" —Preceding unsigned comment added by 96.244.221.220 (talk) 04:45, 30 March 2009 (UTC)[reply]

reinstall Windows or buy a new computer —Preceding unsigned comment added by 115.75.27.131 (talk) 05:13, 30 March 2009 (UTC)[reply]
I imagine the anti-virus vendors will be updating their offerings soon enough. As it is, I'd just boot from a CD, figured out which files are involved and delete them. Toby Douglass (talk) 06:22, 30 March 2009 (UTC)[reply]

Which OS

Was it Windows, MacOS or Linux? —Preceding unsigned comment added by 80.135.197.245 (talk) 09:44, 30 March 2009 (UTC)[reply]

Windows. Toby Douglass (talk) 11:39, 30 March 2009 (UTC)[reply]
Is it worth specifying what versions of Windows etc? I don't think maybe this necessarily belongs in a "current affairs" article... SimonTrew (talk) 15:12, 30 March 2009 (UTC)[reply]

Discovery clarification

I think we should clarify that it was not members of University of Toronto's Munk Centre for International Studies and the University of Cambridge's Computer Laboratory, but the Information Warfare Monitor (IWM) that discovered GhostNet. IWM is a joint project between Toronto's Munk Centre for International Studies and an Ottawa-based think-tank called the SecDev Group. (SecDev provided the funding for the research by the way, Hong Qi Gong, and yes they were spying on the Chinese networks or else they would not have found GhostNet.)Skeletor 0 (talk) 16:21, 30 March 2009 (UTC)[reply]