This is the
talk page for discussing improvements to the
GhostNet article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
![]() | A news item involving GhostNet was featured on Wikipedia's Main Page in the In the news section on 29 March 2009. | ![]() |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Why no mention that these 'computers' are almost always desktop machines running Microsoft Windows User:Emacsuseremacsuser ( User talk:Emacsusertalk) 14:09, 29 March 2009 (UTC)
this sounds very sensationalist:
"The network possesses "Big Brother-style" capabilities, allowing it to turn on the camera and audio-recording functions of infected computers for in-room monitoring."
If you infiltrate a computer, you can do anything you want with it, don't you? Open CD-Drive, print, and, yet yes, switch on cam and mike. To stress this fact for GhostNet sounds very much like disinformation to me.
Jasy jatere (
talk)
10:47, 29 March 2009 (UTC)
presumably no evidence of infiltration was found for any countries not on the list of 103, why is the US mentioned? Nickmuddle ( talk) 11:48, 29 March 2009 (UTC)
Wikipedia is not a forum. If you want to chat about conspiracy theories and secret agents,
please do so on your individual talk pages (or on another site). Thank you.
APK
thinks he's ready for his closeup
09:36, 30 March 2009 (UTC)
Is it possible that this ghostnet is responsible for the conficker virus? 75.166.97.83 ( talk) 17:37, 29 March 2009 (UTC)
How can you say the Chinese government is not involved when it was the Chinese government that acted on the stolen information, in the case of the Dalai Lama's emails??? Haiduc ( talk) 17:40, 29 March 2009 (UTC)
Although evidence shows that servers in China were collecting some of the sensitive data, the analysts were cautious about linking the spying to the Chinese government. Rather, China has a fifth of the world's Internet users, which may include hackers that have goals aligning with official Chinese political positions.
"Attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading," the report said.
Ohconfucius ( talk) 06:31, 30 March 2009 (UTC)
Do we have any sources that address the origin of the name "GhostNet"? Nyttend ( talk) 21:42, 29 March 2009 (UTC)
Can someone move the Spanish version ( es:Ghostnet) of this article to "GhostNet" instead of "Ghostnet"? I noticed the interlanguage link was added, but it goes to an empty page. I've never edited es:wiki, so I can't move it. Gracias. APK thinks he's ready for his closeup 01:31, 30 March 2009 (UTC)
Without support of Chinese government, Chinese spynet wouldn't have became like this GhostNet, the article should mention about Chinese government involvement and why they are doing this.--Korsentry 03:15, 30 March 2009 (UTC) —Preceding unsigned comment added by KoreanSentry ( talk • contribs)
Speaking of conspiracy theories - the report could also be an attempt to frame the Chinese government of cyber spying. Credible source? No I don't have any... Hong Qi Gong ( Talk - Contribs) 11:25, 30 March 2009 (UTC)
Beside it is illogical to assume that the CIA, Mossad or MI5 were behind it because it would be ten times harder to set up and conduct such operations in China than in their own countries. Further if they wanted to use another country as a smokescreen, there are far better choices than China with its crazy bandwidth restrictions and monitoring. Skeletor 0 ( talk) 16:06, 30 March 2009 (UTC)
Is there a way to remove "GhostNet?" —Preceding unsigned comment added by 96.244.221.220 ( talk) 04:45, 30 March 2009 (UTC)
That's funny, I just changed my IP address from the one the guy above has and yet when I looked up where he is, he's on the other side of the world from me. Ahh Windows thou art mysterious Skeletor 0 ( talk) 16:42, 30 March 2009 (UTC)
Was it Windows, MacOS or Linux? —Preceding unsigned comment added by 80.135.197.245 ( talk) 09:44, 30 March 2009 (UTC)
The report [3] mentions Microsoft Word as an attack vector:
Cute how in no. 2 they refer to the Word document itself as if it were malware. Protect yourself: don't use Word to open Word documents! — Michael Z. 2009-04-02 00:27 z
I think we should clarify that it was not members of University of Toronto's Munk Centre for International Studies and the University of Cambridge's Computer Laboratory, but the Information Warfare Monitor (IWM) that discovered GhostNet. IWM is a joint project between Toronto's Munk Centre for International Studies and an Ottawa-based think-tank called the SecDev Group. (SecDev provided the funding for the research by the way, Hong Qi Gong, and yes they were spying on the Chinese networks or else they would not have found GhostNet.) Skeletor 0 ( talk) 16:21, 30 March 2009 (UTC)
Looks like Cambridge's part in this was supported by the US Department of Homeland Security. Check page two of this file - [6]. Hong Qi Gong ( Talk - Contribs) 13:31, 31 March 2009 (UTC)
I propose this because the current "government involvement" section did not deal exclusively with how the Chinese government is involved, it also contained an examination on who could've created GhostNet besides the Chinese government.
I suggest keep the first paragraph under the header "government involvement", but put the second paragraph under a new section "Origin" Jim101 ( talk) 04:52, 31 March 2009 (UTC)
"and the Dalai Lama's Tibetan exile centers in India, Brussels, London and New York City were compromised." -- Only the OHHDL in Dharamsala was compromised by GhostNet. There were infections at other OOT's (London and New York City) by different instances of malware.
"carried at the instigation of the Tibetan government in exile," -- It was the OHHDL (the representative in Geneva) that requested the security review.
"while a report from researchers at the University of Cambridge says they believe that the Chinese government is behind the intrusions." -- The Cambridge report is not about GhostNet per se but is specific to Tibetan-related targets (and focuses largely on separate (non-GhostNet) attacks). The Cambridge report does not analyze GhostNet and therefore does not claim that the Chinese government is behind GhostNet but rather that the Chinese government is behind the non-GhostNet, Tibet-specific attacks they analyze.
"or created by intelligence agencies from other countries such as Russia or the United States." -- [Edit] It is in the NYT article, but not in the report itself.
"pointed out that besides the Chinese government, the Chinese hacker group Red Hacker Alliance could also be responsible for the creation of 'Ghost Rat'." This is incorrect. Greg Walton was pointing out that the Red Hacker Alliance may be behind the attacks he was analyzing in which GhostRAT was one of 8 trojans used. I don't think the authorship of GhostRAT is in dispute, it was created by C. Rufus Security Team (www.wolfexp.net) and is widely available.
"had managed to trace one of the GhostNet operators to" -- This was the CGI network (that Scott Henderson is now calling "CasperNet"), not the GhostNet.
"Despite the lack of evidence to pinpoint Chinese government in the operation of 'GhostNet', researchers have found actions taken by Chinese government officials that corresponded with the information obtained via the 'GhostNet'. One such incident involved a diplomat who was pressured by Beijing after receiving an email invitation to a visit with the Dalai Lama from his representatives.[12] Another incident was about a Tibetan woman who was interrogated by Chinese intelligence officers and was shown transcripts of her online conversations.[" -- This is very misleading. The diplomat story is rightly sourced to the Cambridge paper but is not in the GhostNet paper, the interrogation story is an anecdote in the GhostNet report and is about the NGO Drewla at which an infection was found, but not a GhostNet infection, rather it was to the CGI/CapsperNet family of malware. In both cases there are a variety of other plausible explanations and in neither case is there any direct connection to GhostNet.
Note: It is better to rely on the original GhostNet report than random news media articles, as the latter often contain inaccuracies which are then duplicated in this Wikipedia article. —Preceding unsigned comment added by 217.41.41.172 ( talk) 12:57, 21 April 2009 (UTC)
The lead should clearly state who coined the name (mass media? researchers?). -- Piotr Konieczny aka Prokonsul Piotrus| talk 20:32, 28 April 2009 (UTC)
The name was coined by the researchers.
The "no conclusive evidence" line that opens the piece is misleading. It would be better phrased as "There are strong indications that the Chinese government was involved in Ghostnet." Ghostnet is consistent with Chinese political concerns over Tibet, Chinese espionage practices, and Chinese internet surveillance policies. There are no other governments beside China who care about interfering with Tibetan activists and in tracking their contacts with other countries. A private group of hackers could not operate in China on issues related to Tibet, given the high degree of surveillance, without the cognizance and tacit permission of the Chinese government. There are linkages between Ghostnet and the actions of Chinese officials. It is inane to expect a service as skilled as China's to leave big messy footprints leading back to Beijing, and the absence of such 'footprints' is in no way conclusive proof that China is not involved. Reasonable evidentiary standards point to China as responsible and no other explanation is as plausible. Gaintes ( talk) 17:01, 3 June 2009 (UTC)
If China has this "Great Firewall", why don't they just block access so the trojan can't communicate with the controllers located in China? That argues that "they" are indeed behind it or at least are not enforcing their own laws against cypercrime. Why hasn't this point been brought up before? If it's discussed in quality citable sources, I hope someone adds to this article. Długosz ( talk) 21:41, 22 January 2010 (UTC)
"Drelwa uses QQ and other instant messengers" -- Dandv ( talk) 10:29, 29 January 2010 (UTC)
Hello fellow Wikipedians,
I have just added archive links to one external link on
GhostNet. Please take a moment to review
my edit. If necessary, add {{
cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— cyberbot II Talk to my owner:Online 15:02, 27 January 2016 (UTC)
== External links modified
see my recent edits.
in previous version-- "monitors perform surveillance?" -- computer monitors or attackers?
"drop a Trojan horse on to the system"? -- that one computer system, or the entire network? how exactly does it the email attachment penetrate the larger network of a target org?
This is the
talk page for discussing improvements to the
GhostNet article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
![]() | A news item involving GhostNet was featured on Wikipedia's Main Page in the In the news section on 29 March 2009. | ![]() |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Why no mention that these 'computers' are almost always desktop machines running Microsoft Windows User:Emacsuseremacsuser ( User talk:Emacsusertalk) 14:09, 29 March 2009 (UTC)
this sounds very sensationalist:
"The network possesses "Big Brother-style" capabilities, allowing it to turn on the camera and audio-recording functions of infected computers for in-room monitoring."
If you infiltrate a computer, you can do anything you want with it, don't you? Open CD-Drive, print, and, yet yes, switch on cam and mike. To stress this fact for GhostNet sounds very much like disinformation to me.
Jasy jatere (
talk)
10:47, 29 March 2009 (UTC)
presumably no evidence of infiltration was found for any countries not on the list of 103, why is the US mentioned? Nickmuddle ( talk) 11:48, 29 March 2009 (UTC)
Wikipedia is not a forum. If you want to chat about conspiracy theories and secret agents,
please do so on your individual talk pages (or on another site). Thank you.
APK
thinks he's ready for his closeup
09:36, 30 March 2009 (UTC)
Is it possible that this ghostnet is responsible for the conficker virus? 75.166.97.83 ( talk) 17:37, 29 March 2009 (UTC)
How can you say the Chinese government is not involved when it was the Chinese government that acted on the stolen information, in the case of the Dalai Lama's emails??? Haiduc ( talk) 17:40, 29 March 2009 (UTC)
Although evidence shows that servers in China were collecting some of the sensitive data, the analysts were cautious about linking the spying to the Chinese government. Rather, China has a fifth of the world's Internet users, which may include hackers that have goals aligning with official Chinese political positions.
"Attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading," the report said.
Ohconfucius ( talk) 06:31, 30 March 2009 (UTC)
Do we have any sources that address the origin of the name "GhostNet"? Nyttend ( talk) 21:42, 29 March 2009 (UTC)
Can someone move the Spanish version ( es:Ghostnet) of this article to "GhostNet" instead of "Ghostnet"? I noticed the interlanguage link was added, but it goes to an empty page. I've never edited es:wiki, so I can't move it. Gracias. APK thinks he's ready for his closeup 01:31, 30 March 2009 (UTC)
Without support of Chinese government, Chinese spynet wouldn't have became like this GhostNet, the article should mention about Chinese government involvement and why they are doing this.--Korsentry 03:15, 30 March 2009 (UTC) —Preceding unsigned comment added by KoreanSentry ( talk • contribs)
Speaking of conspiracy theories - the report could also be an attempt to frame the Chinese government of cyber spying. Credible source? No I don't have any... Hong Qi Gong ( Talk - Contribs) 11:25, 30 March 2009 (UTC)
Beside it is illogical to assume that the CIA, Mossad or MI5 were behind it because it would be ten times harder to set up and conduct such operations in China than in their own countries. Further if they wanted to use another country as a smokescreen, there are far better choices than China with its crazy bandwidth restrictions and monitoring. Skeletor 0 ( talk) 16:06, 30 March 2009 (UTC)
Is there a way to remove "GhostNet?" —Preceding unsigned comment added by 96.244.221.220 ( talk) 04:45, 30 March 2009 (UTC)
That's funny, I just changed my IP address from the one the guy above has and yet when I looked up where he is, he's on the other side of the world from me. Ahh Windows thou art mysterious Skeletor 0 ( talk) 16:42, 30 March 2009 (UTC)
Was it Windows, MacOS or Linux? —Preceding unsigned comment added by 80.135.197.245 ( talk) 09:44, 30 March 2009 (UTC)
The report [3] mentions Microsoft Word as an attack vector:
Cute how in no. 2 they refer to the Word document itself as if it were malware. Protect yourself: don't use Word to open Word documents! — Michael Z. 2009-04-02 00:27 z
I think we should clarify that it was not members of University of Toronto's Munk Centre for International Studies and the University of Cambridge's Computer Laboratory, but the Information Warfare Monitor (IWM) that discovered GhostNet. IWM is a joint project between Toronto's Munk Centre for International Studies and an Ottawa-based think-tank called the SecDev Group. (SecDev provided the funding for the research by the way, Hong Qi Gong, and yes they were spying on the Chinese networks or else they would not have found GhostNet.) Skeletor 0 ( talk) 16:21, 30 March 2009 (UTC)
Looks like Cambridge's part in this was supported by the US Department of Homeland Security. Check page two of this file - [6]. Hong Qi Gong ( Talk - Contribs) 13:31, 31 March 2009 (UTC)
I propose this because the current "government involvement" section did not deal exclusively with how the Chinese government is involved, it also contained an examination on who could've created GhostNet besides the Chinese government.
I suggest keep the first paragraph under the header "government involvement", but put the second paragraph under a new section "Origin" Jim101 ( talk) 04:52, 31 March 2009 (UTC)
"and the Dalai Lama's Tibetan exile centers in India, Brussels, London and New York City were compromised." -- Only the OHHDL in Dharamsala was compromised by GhostNet. There were infections at other OOT's (London and New York City) by different instances of malware.
"carried at the instigation of the Tibetan government in exile," -- It was the OHHDL (the representative in Geneva) that requested the security review.
"while a report from researchers at the University of Cambridge says they believe that the Chinese government is behind the intrusions." -- The Cambridge report is not about GhostNet per se but is specific to Tibetan-related targets (and focuses largely on separate (non-GhostNet) attacks). The Cambridge report does not analyze GhostNet and therefore does not claim that the Chinese government is behind GhostNet but rather that the Chinese government is behind the non-GhostNet, Tibet-specific attacks they analyze.
"or created by intelligence agencies from other countries such as Russia or the United States." -- [Edit] It is in the NYT article, but not in the report itself.
"pointed out that besides the Chinese government, the Chinese hacker group Red Hacker Alliance could also be responsible for the creation of 'Ghost Rat'." This is incorrect. Greg Walton was pointing out that the Red Hacker Alliance may be behind the attacks he was analyzing in which GhostRAT was one of 8 trojans used. I don't think the authorship of GhostRAT is in dispute, it was created by C. Rufus Security Team (www.wolfexp.net) and is widely available.
"had managed to trace one of the GhostNet operators to" -- This was the CGI network (that Scott Henderson is now calling "CasperNet"), not the GhostNet.
"Despite the lack of evidence to pinpoint Chinese government in the operation of 'GhostNet', researchers have found actions taken by Chinese government officials that corresponded with the information obtained via the 'GhostNet'. One such incident involved a diplomat who was pressured by Beijing after receiving an email invitation to a visit with the Dalai Lama from his representatives.[12] Another incident was about a Tibetan woman who was interrogated by Chinese intelligence officers and was shown transcripts of her online conversations.[" -- This is very misleading. The diplomat story is rightly sourced to the Cambridge paper but is not in the GhostNet paper, the interrogation story is an anecdote in the GhostNet report and is about the NGO Drewla at which an infection was found, but not a GhostNet infection, rather it was to the CGI/CapsperNet family of malware. In both cases there are a variety of other plausible explanations and in neither case is there any direct connection to GhostNet.
Note: It is better to rely on the original GhostNet report than random news media articles, as the latter often contain inaccuracies which are then duplicated in this Wikipedia article. —Preceding unsigned comment added by 217.41.41.172 ( talk) 12:57, 21 April 2009 (UTC)
The lead should clearly state who coined the name (mass media? researchers?). -- Piotr Konieczny aka Prokonsul Piotrus| talk 20:32, 28 April 2009 (UTC)
The name was coined by the researchers.
The "no conclusive evidence" line that opens the piece is misleading. It would be better phrased as "There are strong indications that the Chinese government was involved in Ghostnet." Ghostnet is consistent with Chinese political concerns over Tibet, Chinese espionage practices, and Chinese internet surveillance policies. There are no other governments beside China who care about interfering with Tibetan activists and in tracking their contacts with other countries. A private group of hackers could not operate in China on issues related to Tibet, given the high degree of surveillance, without the cognizance and tacit permission of the Chinese government. There are linkages between Ghostnet and the actions of Chinese officials. It is inane to expect a service as skilled as China's to leave big messy footprints leading back to Beijing, and the absence of such 'footprints' is in no way conclusive proof that China is not involved. Reasonable evidentiary standards point to China as responsible and no other explanation is as plausible. Gaintes ( talk) 17:01, 3 June 2009 (UTC)
If China has this "Great Firewall", why don't they just block access so the trojan can't communicate with the controllers located in China? That argues that "they" are indeed behind it or at least are not enforcing their own laws against cypercrime. Why hasn't this point been brought up before? If it's discussed in quality citable sources, I hope someone adds to this article. Długosz ( talk) 21:41, 22 January 2010 (UTC)
"Drelwa uses QQ and other instant messengers" -- Dandv ( talk) 10:29, 29 January 2010 (UTC)
Hello fellow Wikipedians,
I have just added archive links to one external link on
GhostNet. Please take a moment to review
my edit. If necessary, add {{
cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— cyberbot II Talk to my owner:Online 15:02, 27 January 2016 (UTC)
== External links modified
see my recent edits.
in previous version-- "monitors perform surveillance?" -- computer monitors or attackers?
"drop a Trojan horse on to the system"? -- that one computer system, or the entire network? how exactly does it the email attachment penetrate the larger network of a target org?