GhostNet: Today The Dalai Lama, Tomorrow Your Company?

Never mind Conficker. If you're looking for a good reason to consider alternatives to Windows, its name is GhostNet.

Matthew McKenzie, Contributor

April 1, 2009

3 Min Read
InformationWeek logo in a gray background | InformationWeek

Never mind Conficker. If you're looking for a good reason to consider alternatives to Windows, its name is GhostNet.A few days ago, the New York Times published a big, and very detailed, story on "GhostNet": a massive illegal PC data-snooping scheme that has been operating on a global scale: "A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded. . .

"Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lamas Tibetan exile centers in India, Brussels, London and New York."

The story's author, Times tech correspondent John Markoff, normally does stellar work. This time, however, he is getting slammed -- and justifiably so -- for neglecting one important detail about GhostNet: which operating systems it targets.

The answer? Older versions of Windows, including WinXP and Win2K.

Markoff replied to one query about this omission (see above link) by claiming that this information wasn't relevant to the story. His reply, to put it bluntly, was a cop-out: The Times article is packed with far less important details about where and how GhostNet did its thing.

As one less than impressed Times reader commented, the paper's handling of this question is "a bit like covering a plane crash and not mentioning the make and model of the aircraft."

While the Times tiptoed, however, other media outlets tackled this issue head-on. Here is how one UK tech news site lays out the problem at hand: "It's compromised over 1,000 machines in 103 countries, with targets including the Dalai Lama and government departments. It's called GhostNet, it's a spy network, and it wouldn't exist if government departments and other public bodies used Linux. The scale of GhostNet is staggering, but at heart it's no more complicated than a script kiddie attack. . . "Public sector organisations tend to be a good bit behind the rest of us when it comes to operating systems, so while Windows Vista (and soon, Windows 7) offer much better security than previous versions of Windows, the security changes are irrelevant: the compromised computers will almost certainly be running XP, or perhaps even Windows 2000. Upgrading to a more modern Windows would certainly improve things, but the cost of all those Windows licences - and in many cases, of the hardware upgrades required to bring PCs up to scratch for basic Vista operation - is a tough sell in these credit crunched times."

So: GhostNet simply wouldn't have been possible if millions of PC users around the world weren't still using older versions of Windows.

As that TechRadar article points out, today it's Chinese spooks pulling this stunt. Tomorrow it could be the Russian mob or even a bunch of home-grown punks with decent hacking chops and the urge to quit their day jobs.

That leaves businesses and governments alike with a choice: Keep running the Windows-upgrade treadmill; or step off, take a deep breath, and take a hard look at the alternatives.

Read more about:

20092009
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights