"In air traffic control, we don't have people flying with no flight path," says Rafal Rohozinski, CEO of the SecDev Group and one of the co-authors of the investigation. He and his partners are trying to use their findings to spur governments into action on controlling this kind of information warfare.
"We need to begin thinking about ways of implementing arms control in cyberspace," says Prof. Deibert.
Yesterday, Mr. Villeneuve looked at his computer screen and noticed no slowdown in the cyber-spy ring. The infection, it seems, continues to spread.
Infiltrated 'high-value' locations
Canadian researchers found more than 1,000 infected computers in an illegal cyber spy network. Among the locations of the most "high-value" machines that were infiltrated:
Deloitte & Touche, the United States
The embassies of India in Belgium, Serbia, Germany, Italy, Kuwait and the United States
Embassy of Pakistan in Bahrain
International Campaign for Tibet, the Netherlands
Ministry of Foreign Affairs, Iran
NATO, the Netherlands
Office of Dalai Lama, India
Associated Press, United Kingdom
Department of Science and Technology, Philippines
Prime Minister's Office, Laos.
Students for a Free Tibet, the United States
The infection cycle
The process by which an unsuspecting user's computer becomes infected begins with a simple e-mail and ends with the computer under the complete control of another party.
1. An e-mail message arrives in a user's inbox and contains an attachment such as a Miscrosoft Word or PDF file. It appears harmless but enticing.
2. The user opens the attachment, which unleashes a piece of malicious code on his machine.
3. The code exploits a vulnerability in the user's computer, and uses it to order the computer to connect with a server somewhere else in the world.
4. The computer connects to the server, and in the process essentially opens itself to control by whoever is at the other end of that server.
5. The server to which an infected computer connects is only one of several such servers. That way, if authorities shut down one server, the others can continue to spread the virtual infection. All such servers also communicate with one another.
6. The other servers continue the same infection relationship with other computers, continuing the cycle.
CARRIE COCKBURN/THE GLOBE AND MAIL
SOURCE: TRACKING GHOSTNET, INFORMATION WARFARE MONITOR, MARCH 29, 2009