Black Code: Inside the Battle for Cyberspace Read Online Free PDF

and yet we were also, in our own way, engaging in a kind of cyber espionage.
    We set up a sting operation by infecting an isolated computer at the Citizen Lab, our “honeypot,” with the same trojan horse – a program in which malicious code is contained inside apparently harmless data – used by the attackers. Then we waited. A few days later our honeypot lit up. A visitor was poking around. He came and went quickly, but stayed just long enough for us to see that he was connecting from a digital subscriber line (DSL) through an IP address on Hainan Island, the same location as one of the command servers, which happened to be a government of Hainan computer. Hainan Island is home to the Lingshui signals intelligence facility and the Third Technical Department of the Government ofChina’s People’s Liberation Army (PLA). Established in the 1960s, and upgraded substantially in the 1990s, the signals intelligence facility is staffed by thousands of analysts, and its primary mission is to monitor U.S. naval activity in the South China Sea. (It’s a big island, to be sure, but that a signals intelligence facility of some renown happens to be located there is intriguing.)
    The tool used to hack into government agencies, media outlets, and others, was a trojan called Ghost RAT that gave the attackers the ability to remove any file from the computers under their control. (RAT stands for “remote access trojan.”) We had seen this through Greg Walton’s monitoring of the network traffic of Tibetan organizations – connections were then made to China-based IP addresses, hidden from view, and sensitive documents were plucked right out from under the noses of unwitting computer users. Ghost RAT also gave the attackers the ability to record every keystroke entered into the infected computers, capture all passwords and encrypted communications, and turn on audio and video capture devices. Effectively, it could turn the machines under their control into wiretaps.
    Remarkably, most of the GhostNet spying capabilities are freely available through an open-source network intrusion tool, the same Ghost RAT that anyone, to this day, can download from the Internet. With widely available and easy-to-access tools like Ghost RAT we have entered the age of do-it-yourself cyber espionage.
    •  •  •
    “Who done it?” The obvious answer was China. The geographic locations of most victims formed a crescent moon around China’s southern flank and read like a who’s who of its most important strategic adversaries: Tibetans, Russians, Iranians, Vietnamese, and so on. We had something of a smoking gun withthe Hainan Island sting, but we needed to be sure, needed to articulate precisely how these types of attacks could be launched by just about anyone, and, perhaps most importantly, by people who might have an interest in making it
look as if
the Chinese government was responsible. Having gained access to the attackers’ command-and-control interfaces would have allowed us, for instance, to infiltrate the same organizations, and no one would have been the wiser. We had a list of the compromised computers and knew where the vulnerabilities lay. It would have been easy for us to commandeer those computers, and there were many agencies that would pay for access to, say, the Iranian foreign affairs ministry or the Indian embassy in Washington. (Later, I would meet computer security engineers who had monetized that type of access and knowledge, selling information about specific target vulnerabilities to, presumably, law enforcement and intelligence agencies for a king’s ransom.) Although the attacks emanated from China’s Internet space they could have originated from a garage in New Jersey. In fact, one of the command servers was in the United States. In short, GhostNet could have been orchestrated and controlled by anyone, anywhere.
    Cyber security has long been highly politicized and dozens of government agencies and transnational