Inside the GhostNet – Symantec video shows off the tool behind the espionage - Security

Researchers from Symantec have created a video that offers a rare look into the mechanics of an application

When researchers from the Information Warfare Monitor project discovered a whole network of compromised systems used for espionage, during investigations over the claims of spying by the Chinese government against the Tibetan government-in-exile and others, the reality of how SIGINT (Signals Intelligence) can be used took hold.

They called the network discovered - GhostNet.

According to the researchers, the 10-month long investigation (June 2008 through March 2009) uncovered 1,295 infected systems residing in 103 countries. Moreover, the report called the infected systems “high-value targets” in almost 30 percent of the cases where an infected system was discovered. Those high-value targets included systems within news media, embassies, NGOs, ministries, and other international organizations.

The gh0st RAT Trojan is a serious work of art. The criminals who maintain it are clever to say the least. The functionality of the Trojan is something that must take a good deal of resources to maintain. Whoever is behind it deserves an evil genius award... and the rest of their life in prison.

The Trojan will act as a keylogger, it can stream near-live feeds of the infected host’s screen, it can issue commands via remote shell, it can act as an FTP server

“Regardless of who or what is ultimately in control of GhostNet, its capabilities of exploitation and the strategic intelligence that can be harvested from it matter most. Indeed, although the Achilles’ heel of the GhostNet system allowed us to monitor and document its far-reaching network of infiltration, we can safely hypothesize that it is neither the first nor the only one of its kind,” the researchers stated in their report.

The Symantec video can be viewed below.

Want regular updates from The Tech Herald? Follow us on Twitter.