90.9 WBUR - Boston's NPR news station
Top Stories:
Unmasking 'GhostNet'
Photo: csaveanu/flickr

Photo: csaveanu/flickr

OK, the April Fool’s computer virus didn’t strike, didn’t rise up with its “botnet” and take over the world. But maybe it didn’t have to.

Just days before, a crack team of computer sleuths in Canada unveiled a global computer spying network, apparently run out of China, called “GhostNet.”

It’s a spying operation that has reached into more than a thousand key computers around the world, rifling through high-security files, even turning on computers’ cameras and microphones to watch and listen from halfway round the world.

This hour, On Point: The team who cracked the “GhostNet.”


Joining us from Toronto is Ron Deibert, director of the Citizen Lab at the Munk Centre for International Studies, University of Toronto, and the co-lead investigator on the team that exposed “GhostNet.” (Read their report here.) He also teaches political science and is co-founder and a principal investigator of the Information Warfare Monitor.

Joining us from Washington, D.C., is Rafal Rohozinski, co-lead investigator, with Ron Diebert, on the team that exposed “GhostNet,” and a founder and principal investigator of the Information Warfare Monitor. He is also a principal at The SecDev Group, a private think tank and consultancy with clients in “countries and regions at risk from violence and insecurity.” Its clients have included the U.S. Department of Defense.

Also from Washington, we’re joined by Siobhan Gorman, intelligence correspondent for The Wall Street Journal.

Please follow our community rules when engaging in comment discussion on this site.
  • Kash Haffa

    Tekmology, it’s wack! Why don’t all you fools turn off the computers, blackberries, iPhones, and such for a while? Then the GhostNet playuhs will get bored and go find some other mischief to cause.

    Get off the grid people!

  • Lilya Lopekha

    Let’s be careful here. Just like after 1967 (sensitive date, eeeh), certain fractions of our society (ie. Team B in the white house) exagerated “Communism” and “Russians are Coming” and “Russians will invade the Oil Lands” themes.

    The idea was that US would cuddle and huddle better with some outpost in the Middle East better and stronger to defend its national interests. As a result, Military Industrial complex added muscle after muscle to itself; while we screwed up our sense of fairness and good Foreign Policy for Good.

    We might be seeing another version of such exageration and spreading fear against China. If you ask a Russian today whether they were going to come and invade America in the Old Days, they will laugh at you outloud.

  • J. G. Deepears

    Hi, I wonder if technology would allow us to put up a sort of smokescreen? Could we divert these malware programs to believe they had good information, when actually they were being duped by double agent of the software variety?

    Great show, as always.

  • Sean

    Why where the company IDS not able to detect the violators?

  • Andrew

    Many security and operational issues break down to the IDW principle.

    I D o n ‘ t W a n n a

    I Don’t Wanna pay to audit my security
    I Don’t Wanna remember a long complex password
    I Don’t Wanna test my software
    I Don’t Wanna update my software/firmware.

  • richard scheiber

    Would the use on home computers of multiple anti-virus programs and anti-spyware programs used simultaneously reduce the probability of these kinds of intrusions ?

  • Nelly

    I think leaving out (and not mentioning) that all of these computers that were/are being hacked and/or snooped on are computers running Mircosoft Windows.

    These is a reason why Richard Clarke (ex-Chief counter-terrorism adviser) uses an Apple Mac.

    You pay what you get for.

  • Peter Lake

    Your guest just said that the latest firewalls and AV software would not protect against this latest threat, and that is wrong. He used the example of several large corporations that were infected as proof. If you understand how corporate IT works, they rarely have the latest patches or software due to the testing process necessary to make sure it doesn’t break their existing applications. This is well known by IT professionals. Your guest is putting out misinformation, and it seems like he, like most media, is trying to create a bigger story than there is. While this latest threat has to be taken seriously, and an increased focus on security is not bad, this fear mongering is unnecessary and is creating confusion and distrust among end users.

  • Jonathon Cronin

    I work in computer security and up till now I have found it confusion to firgure out where the advancment needs to be made to create a more secure internet. If these infections are operating our of unknown code why should a system allow any non user desired code to operate on the comptuer. Is the security a matter of better software or an overhaul in the operating system software we use. Such as mac os software which is doesn’t require anti-virus or anti-malware software. Is this a result of shody operating system design, internet design or a problem to be fixed by software?

  • Peter Lake

    Again, misinformation. The old theory that Apple or Open Source is safer has been widely discounted. The reason there are more threats against Windows based computers is because they are a much larger, more lucrative target. 75% of the machines are Windows based and 90% of business is conducted on Windows machines.

  • Mari McAvenia

    Security? There is no security in any artificially engineered human endeavor.
    The more we are led to believe that we must protect ourselves against others,in any context,the more vulnerable we become to our own predatory and paranoid instincts.
    “Closed-neuronal telepathy”. Think about that and try to hack into it. 20 years ago the internet, as we know it today, was just a sci-fi fantasy to many. We can do better than this primitive technology, tomorrow, if we simply put our minds to it.

  • Nelly

    No one has yet being able to hack and/or run malware or spyware on a Mac. Windows computers are low on security by default.

  • C. Oscar

    Is it not possible that these applications are being administered by our very own government? And if not, I’d say it’s safe to say the United States would certainly control GhostNet 2.0

  • balu Raman

    The gentlemen mentioned Open Source is a solution to this problem and mentioned that most of these vulnerabilities are confined to microsoft operating system or proprietary systems.

    Open Source with proper encryption can avoid most of these problems.

    We have a stimulus of about 20 billions targeted to automating medical records. The administration should go the route of Open SOurce and get rid of proprietary medical systems.

  • Wilson Samuel

    Working in the field of IT Security, I can really say that 99% of the networks/laptops I have seen can be exploited with careful plots, reasons:

    1. Users are too user friendly (hey, my password is my wife’s birthday and i wil share it with all my colleagues)

    2. Corporates are hesitant to put restrictions on the Laptops/PDAs on their bosses computers (e.g. NO UNAPPROVED SOFTWARE ON CEO’s PC/Laptop)

    3. These laptops/computers are often target and contain the “beef” for the spies

    4. Home PCs / Networks are seldom updated with AV/AntiSpyware

    5. Users gets scammed under phishing schemes

    Finally, Apple and Unix/Linux are not being targetted right now because THE MARKETSHARE, not because they are secure out of the box!

  • Jonas

    If these were trojans then it means the users of the computers actively installed them…they were installing what they thought was a screensaver program or game…anyone remember the whole “Elf Bowling” rumor? This wasn’t hacking…this wasn’t even a script kiddie attack. This was an instance of people breaking protocol and infecting their own computers.

  • J. Oquendo

    I suggest everyone take a realistic view at the researchers and the real goal behind their so called investigation


  • Nelly

    To those that are saying that Macs aren’t more secure out of the box are speaking out of ignorance. Macs by default are more secure as acknowledge by most computer experts. You guys are parroting the myth of “Security by Obscurity.” Find another talking point.

  • nelly

    Windows proponents are always using the excuse “there are many more Windows users, thats why people write malicious code to attack them”

    …That argument, though it is true there are more Windows users than Mac or Linux, is NULL. The truth is, Linux and Mac are more secure because they follow the Unix security model.

    When you try to install a program on a Linux machine, the OS asks you for the administrative password to make sure the administrator of the system says it is OK to install the program. Now, if the administrator is dumb, they can provide the password to the OS, allowing the OS to install the program, and that program could be a virus. If the Unix security model is broken, and a malicious piece of software is installed onto the system, it is the administrative user’s fault, not the OS’s fault.

    The problem with Windows is, that the programs themselves have too many privileges. This allows mal-ware and worms to freely install themselves onto the computer, without the user of the computer knowing the malicious code is installed on their system, until it is too late!

    But also, with Linux, the code is OPEN-SOURCE…This means that there are literally millions of eyes looking at the code and reviewing it. If somebody finds suspicious/malicious code, it is known IMMEDIATELY, and made public, so everyone else knows NOT to install that specific code.

    Also, updates and patches to known vulnerabilities of the Linux distributions are provided every single day. Microsoft only releases updates and patches on the first Monday (“Black Monday”) of every month…so it may take 30 days for a known vulnerability or threat to be patched.

  • Jim Gehrer

    Great show, but I think someone should have mentioned that the tens of millions of Mac users are currently unaffected by theses spyware and malware attacks.

  • J. Oquendo

    Jim Gehrer, you seem to be unaware about real world security malware affecting MAC’s


  • Matthew Johnson

    I suppose if I were trying to protect vital information I would keep it completely off the internet. That’s sounding like the ultimate solution to this problem. If there is a computer sitting there, storing something or running something vital, have no wired or wireless communication to it. Another thing I was wonder(being to lazy to investigate) was how the software was put on the machines in the first place?

  • Laughs Joe

    An illuminating story for the novice FBI agents in National Treasure 2 (the Movie).

    Agents Joe and Jane came into the office of snr Agent Zack (the old guy), beaming with the uncovering of a note from a Mr. Wilkes that showed the Mr. Will Gates had been the plotter of the assisination of President Lincoln. Agent Z asks, Who is this Wilkes and Why is he showing the note now and then after 150+ plus years. A good question indeed.

    Don’t be fooled!

  • Lon C Ponschock

    On the “don’t be fooled” caution I agree. Every time I see a new ‘threat to your security’ story or book (such as the one by Robert O. Harrow several years ago) I think of the oldest dodge in the world: the story of the pickpocket in the crowd.

    As far back as ancient times, the traveling show would come through town and at the beginning of the performance announce that there was a pickpocket in the crowd. After everyone reflexively grabs for their purse, the _real_ pickpocket or “cut purse” knows who to target for the theft.

    Privacy is an important matter. Identity theft can occur. But using any sort of online “check your security” service and the like should be avoided. Don’t be a “mark.”

  • Jim

    Jim, you seem to be unaware about real world security malware affecting Macs.

    It seems like a very low risk compared to what windows users face. If it did happen, I think I can handle deleting a few files:

    Despite the potential for mayhem, Mac users can simply kill the widgets by deleting them from their Library folder, and using Activity Monitor to kill any instance of the widget already running.

  • J. Oquendo

    Jim, I hear ya ;) I use Solaris + Linux. Windows for Visio, haven’t had any issues whatsoever concerning viruses or malware. I shift the responsibility of security to the user, no one (repeat) no one, will take better care of your machine irrespective of the operating system better than you would. Regardless of the amounts of threats available. I haven’t had any viruses or malware on this machine since circa 2004 when I discovered typical malware (not a virus).

  • Sandy

    nelly you are super-boring with this Mac stuff, are you paid for it? Not to mention it’s irrelevant here, and you are factually wrong. If you knew windows you wouldn’t have said such non-sense, you can set accounts up any which way you want to make it more secure.

  • Clint

    More virii and malware target Windows because of market share, that’s certainly true. But it’s also true that Linux distros (Ubuntu, say) are more secure out of the box. Unix was designed for multiple users, with access controls built in at a very low level and refined over decades. In Windows, access controls were bolted on as an afterthought.

    When I install Ubuntu, there are no open ports by default. The latest Firefox is quite secure. Put this setup behind a $50 Linksys NAT router, and you’re immune to 99.9% of threats with very minimal effort.

    Finally, Open Source is inherently more secure due to peer review. Vulnerabilities get fixed because the source is out in the open.

  • http://sos-newdeal.blogspot.com markbrown in NJ

    Posted by Andrew,:
    Many security and operational issues break down to the IDW principle.

    I D o n ‘ t W a n n a

    I Don’t Wanna pay to audit my security
    I Don’t Wanna remember a long complex password
    I Don’t Wanna test my software
    I Don’t Wanna update my software/firmware.

    He’s right you know.

    If (as a unix systems administrator for over 20 years)
    a company/country wanted absolute security

    they could:
    1) Hire me (example) for $100,000 per year to administer ONE machine, and AUDIT that machine either in real time, or near real time.

    that would cover
    : security logs
    : security updates
    : recommended software updates
    and of course PERSONALIZEd manual password and user identification (as well as what is RUNNING on the machine at all times, as well as monitoring the PORTS on the machine.

    It’s NOT too expensive. It’s Extremely time consuming.
    It;s too much for everyday stuff.

    But do-able also!

  • Peter Pjecha Jr.

    “If you’re on the internet surfing, or doing the king’s bidding with the nefarious ‘GhostNet’ prowling about, your life is an open book … and so is mine—but not as open as it’ll be to the ghost (I’m unmasking) we outta really be concerning ourselves with … which is the Holy Ghost on the judgment day y’all …“Bu-yah!”

  • Nick

    “I work in computer security …” “…Such as mac os software which is doesn’t require anti-virus or anti-malware software.”

    This might be the problem.

  • Frank

    The problem is not just the malware inserted into our software, but also the hardware. The FBI’s own offices, as well as other government and industry organizations have bought counterfeit routers that can fail or leave back door open to exploitation. As long as the supply chain is not secure, state sponsored and independent actors can penetrate any IT systems.
    At home, lax security opens vulnerabilities in the unexpected places. There is a trojan in the wild that targets the DNS routing of the cable modem/dsl routers. The days of ” I don’t have to worry about that” are over.

  • http://N/A Diane

    I listen to your show every night, If I was to tell you about stuff I know of ( Not my own doing though!) You would be shocked! I know because they can also watch you by Satelite…Anyone who could work for the Military …Goverment could break into the satellite system and watch you close up drive down a road…How do I know… Well, it happened to me!Yes I am still ,mad about that….but what can you do about it? Complain to the Space aliens? They would just laugh and say: Get with it man!..hehe!Not only that ..(THEY)and they know who they are! can break into a radio’s waves in your car and talk to you while interrupting the radio station your listening to. Yes, I am not joking!No one is safe anywhere, even in your home. A satellite can know just where you are and when also…Hiding in your Basement won’t even work,so don’t try hiding.It’s a freaky world out there and also you could be stalked by governmental or spy dudes also ..if they thought you where up to something. People..! Privacy is no more! Next time you go to the store and walk in front of a TV just pretend your in the movie (#1 Enemy) Jean Hackman and the one actor from Independence Day.Watch that movie… It will really tell you all you need to know!You can’t hide no where!Oh well..!Where all walking talking stars for the whole world or….. Them..Whom-ever!
    Good luck and peace and God’s love too!

  • http://N/A Dean

    Yep he is right!

  • http://N/A Dean

    If you think that is bad..Listen to your new digital TV at night re-setting it’s self all the time…They whom-ever! can watch you and tape your every word..Unplugging won’t help either, because as soon as you plug in again it’s recharging it’s small battery.Nothing is secure or safe anymore..and just think (Re-mote viewing!) also..That is even more frightening! Do your home work read and do research and be aware of what is and is not going on!

  • Ellen Lincourt

    Reminds me of the “Cuckoo’s Egg” story. It was a story of a lone computer geek at Berkley who broke a KGB cyber spying network.

  • Robert

    Botnets like this are exclusively a problem on Windows.

    Let me say that again, and if any Windows/Microsoft apologists have proof otherwise, please put it here: Botnets like this are exclusively a problem on Windows.

    That’s why most of the internet runs on UNIX or UNIX-like platforms.

  • Wilson Samuel

    Microsoft or No Microsoft, if the System Admin/Network Admin is not determined to play the game safely, he/she will bite the dust, period.

    Vendors across the spectrum offer Solutions to protect and guard systems against Day Zero Attacks, and not only the installation BUT also the configuration, management and monitoring is VERY IMP. to safeguard against any attacks from Day Zero.

    One such good Solution is Cisco Systems MARS (Monitoring Analysis and Response System and NAC (Network Admission Control) which are quite effective IF deployed correctly. I guess that the victims in this case were either didnt have these installations or were poorly configured and monitored.

    Cisco NAC=


    Cisco MARS=


  • Wilson Samuel

    Dear OnPoint Radio WebAdmin:

    I have noticed which I would like to point your attention, and I really wish I’m wrong BUT let me point anyways.

    I have noticed that the time stamp should be the EDT (i.e. -4.00 hrs GMT/UTC) but it actually posts EST (i.e. -5.00 hrs GMT/UTC).

    Once again, I’m just pointing out what I have seen and would be glad to be proven wrong, but in case I’m not wrong may I request you to correct the timestamp on the WebServer please.


  • Telcosteve

    This is a fairly long and detailed report but regarding the issue that all of the attacked PCs were running Microsoft OS was incorrect as thoroughly explained towards the last 3 minutes of the Interview. I suggest all of you “Mac-o-nites” and Unix based open systems gurus revisit the warm cozy feeling of being protected by paying more for an Apple Product. We all are at risk and we need solutions not finger pointing.

Apr 23, 2014
In this Thursday, Dec. 20, 2012, file photo, Chet Kanojia, founder and CEO of Aereo, Inc., shows a tablet displaying his company's technology, in New York. Aereo is one of several startups created to deliver traditional media over the Internet without licensing agreements. (AP)

The Supreme Court looks at Aereo, the little startup that could cut your cable cord and up-end TV as we’ve known it. We look at the battle. Plus: a state ban on affirmative action in college admissions is upheld. We’ll examine the implications.

Apr 23, 2014
Attendees of the 2013 Argentina International Coaching Federation meet for networking and coaching training. (ICF)

The booming business of life coaches. Everybody seems to have one these days. Therapists are feeling the pinch. We look at the life coach craze.

Apr 22, 2014
This undated handout photo, taken in 2001, provided by the Museum of the Rockies shows a bronze cast of the Tyrannosaurus rex skeleton known as the Wankel T.rex, in front of the Museum of the Rockies at Montana State University in Bozeman, Mont. (AP)

As a new Tyrannosaurus Rex arrives at the Smithsonian, we’ll look at its home – pre-historic Montana – and the age when dinosaurs ruled the Earth.

Apr 22, 2014
Security forces inspect the site of a suicide attack in the town of Suwayrah, 25 miles (40 kilometers) south of Baghdad, Iraq, Monday, April 21, 2014. Suicide bombings and other attacks across Iraq killed and wounded dozens on Monday, officials said, the latest in an uptick in violence as the country counts down to crucial parliament elections later this month. (AP)

We look at Iraq now, two years after Americans boots marched out. New elections next week, and the country on the verge of all-out civil war.

On Point Blog
On Point Blog
The Week In Seven Soundbites: April 18, 2014
Friday, Apr 18, 2014

Holy week with an unholy shooter. South Koreans scramble to save hundreds. Putin plays to the crowd in questioning. Seven days gave us seven sounds.

More »
Our Week In The Web: April 18, 2014
Friday, Apr 18, 2014

Space moon oceans, Gabriel García Márquez and the problems with depressing weeks in the news. Also: important / unnecessary infographics that help explain everyone’s favorite 1980′s power ballad.

More »
Some Tools And Tricks For College Financial Aid
Thursday, Apr 17, 2014

Some helpful links and tools for navigating FAFSA and other college financial aid tools.

More »