Ghosts of GhostNet - 2009, Shadows Creeping into Cyberspace
In 2009, researchers at the University of Toronto, Canada, published a report that shook the world. It was the existence of a large-scale cyber espionage network called "GhostNet. The investigation revealed that over a thousand computers were remotely controlled by the Tibetan government-in-exile, the Dalai Lama's office, and even the embassies of India, South Korea, and European countries. Chinese involvement was strongly suspected in the background, further heightening diplomatic tensions.
Looking back at the historical background at the time, China's presence in the international community was growing after the Beijing Olympics, and Western countries were becoming increasingly wary of China's influence in economic and security affairs. While guns and tanks remained silent on the post-Cold War front, a new networked spy war was dawning in their place. The GhostNet case brought home the reality of the unseen offensive and defense that was unfolding behind the scenes of diplomacy.
Technically, it was not a sophisticated zero-day attack that was used in this case, but relatively simple Trojan horse-type malware. However, it is noteworthy that the infection was spread through sophisticated spear phishing, i.e., targeted emails. Malware planted in document files connected infected terminals to a command server, which sent e-mails, files, and correspondence to the outside world. The technologies involved were a complex combination of remote access Trojans, command and control (C&C) servers, encrypted communications, and even social engineering.
What this incident demonstrated is the asymmetry of cyberspace. It showed that even a small number of attackers can gather information on a national level and threaten countries with vast military capabilities. As a result, the U.S. established Cyber Command the following year in 2010, and European and Asian countries also rapidly developed their defense systems.
GhostNet was more than just a malware incident; it was an event that redefined the concept of national security. The year 2009 was the year that showed the world that data is a strategic resource and that cyberspace is the new battlefield.
No comments:
Post a Comment