It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


GhostNet: Reconnaissance For Internet Doomsday

page: 2
<< 1    3  4 >>

log in


posted on Mar, 31 2009 @ 05:58 AM
Well written and informative post OP! Thank you. The fake routers were of great interest to me being a techy and seeing this makes the jig saw a little better put together.. as such.

The vast plethora of spyware would make installing trojans a snap for a government. It's also not hard to set up proxies or abuse open proxies and route traffic to all over the world, with the appearance it comes from elsewhere.

To throw a twist, how about a CT on a CT

1, Fake routers organized and produced in china by the TPTB.
2, Engineered increase in MSM attention about Chinese hacking/bot nets. you can see an increase in term 'bot net' since mid 2008. Fake router stories around since early 2008.
3, Internet 9/11 planned or mentioned in a similar method via MSM. This means mummy and daddy are worried about their 'internet tubes'. You all know what happens when people are manipulated into thinking there is a larger problem than what really exists. Iraq is one example.

Simply.. it comes down to 'create a problem to solve one.' And the end result - internet freedoms restricted.

I hope that I'm wrong and that nothing will happen either way. China attacking an electronic infrastructure of a large country could escalate from bytes to bombs pretty quickly. Deterrent factor is the main reason I think that China couldn't pull this stunt.
However keeping in mind that China stands around all day with her hands around the US economy's large dangling crown jewels, you can begin to realize that a country can be bought to its knees without weapons. That said, I don't see anyone realistically defeating the US millitary in a conventional war, even without money they'd find a way to keep pumping lead.

reply to post by JohnJetson

There already are known backdoors to windows operating systems. A hidden 'NSA key' used during cryptograpy built into windows. Anything you encrypt they can decrypt. Programs loaded remotely... They wouldn't let you use US tech against themselves would they.

[edit on 31/3/09 by GhostR1der]

[edit on 31/3/09 by GhostR1der]

posted on Mar, 31 2009 @ 06:09 AM
Even notorious "pothead and ufo nut" McKinnon was able to break into USA computers. For foreign intelligence agencies with access to the brightest minds and all the money they need, this stuff is a walk in the park.

posted on Mar, 31 2009 @ 06:28 AM
Well I can confirm on my network at home that nothing on April 1st is going to happen here.

I hooked up my network sniffer and firewall to block ports on the "egress" (to see what was leaving my network).

i then pushed the clocks forward to April 1st. I left them for 24hr and now they say its April 2nd.

No nefarious traffic leaving my network.

I run Vista on a laptop and all other machines are Gentoo Linux based.

So far so good here. I have returned clocks to normal.

I did look for ntp (network time protocol) traffic in case these folks are using some internet time for the big syncronisation event if there is one.

posted on Mar, 31 2009 @ 08:31 AM
reply to post by komp_uk

You do know that Conflicker C checks the date remotely, right?

reply to post by azzllin

The spread of the counterfeit routers is vast, and went largely unchecked for quite a while. Many companies and Governmental Agencies would have to be "in on it' to spread dis-information. Its unrealistic to believe the government new about it from the get go and went with it anyways. Opening a hole into your protected network, through the hardware, is a stupid move, even if you are trying to feed dis-information.

You do know that security flaws are found and patched, after they've been exploited, right? With that in mind, what makes you believe that the US government would open up and scan thousands of routers? Not to mention all the network hubs, switches, and individual computers connected to those routers.

Its more believable (at least to me) that some bureaucrat wanted to save money, found cheap routers, had em installed, then found out later that they were compromised. The dollar speaks louder in the short term than anything else.

OP: I followed your previous threads on these issues very closely and I agree with your estimates, this is only the beginning. It would not surprise me to hear about powerful root kits being installed in a payload connected to these routers.

[edit on 31-3-2009 by InSpiteOf]

posted on Mar, 31 2009 @ 08:35 AM
reply to post by

You're an old member and I'd have expected that you give a proof for statements like this :

"My first contact is a highly experienced computer security expert who often works directly with law enforcement and intelligence agencies"

You know as well perhaps better than me , that in this place you need proofs proofs proofs to back your statements . I like your story it's cool to read but I've read so many posts like yours having sources there and there , but not a proof to provide .

It's well known that on ATS everybody knows a guy who knows another guy who knows a loooooot of top secret things just because they're so special .

I don't mean to be agressive towards you but I read crap since 2006 on ATS , I hope you understand

On Ats it should be like No proof----> No claim . But the site would shut down , where would the guy who feels he's THE ONE go , where would the guy who has a friend that has another friend that works in Area51 go ? All these people

[edit on 31-3-2009 by Asset1911]

posted on Mar, 31 2009 @ 08:57 AM
reply to post by Asset1911

I dont think he needs to prove anything. All the OP did was post his sources opinions, and his own opinions based on observations, and the opinions of hisfriends.

Its obvious that there is a severe security threat, that much is clear. As to the intentions and the scale, that is speculation based on observations, and the opinions of his sources.

I mean, really, what type of proof are you looking for? A Chinese operative to come forward and take credit?

posted on Mar, 31 2009 @ 09:11 AM

Originally posted by DraconianKing
Just one genius could seriously give the US major problems now imagine a whole bunch of specially trained and well funded individuals with all sorts of toys and code to crush you with.

This whole post, and your remark remind me of a great book on the subject of cyber war: Pearl Harbor Dot Com.

From Amazon:

It used to take an entire nation to wage a war. Today it takes only one man. Taki Homosoto survived the hell of Hiroshima. Now, more than 50 years later, the time has come for the Americans to feel the flames of his revenge, using his personal army of terrorists and intelligence agents. The US Government and a network of somewhat reluctant allies - invisible and anonymous hackers join forces to battle this powerful enemy. The devastating climax of this one man's plan...this powerful, bitter survivor of ayamachi, The Great Mistake, is certain to bring global chaos and economic meltdown. A terrifying, thought provoking tale.

Relatively small hacks can cause chaos. Shutdown all the traffic lights in NYC. Break air traffic control radar. Image what happens.

I think in general the west is still to much focussed on defending land. But what happens if your attackers kills your warehouse management software that keeps track of your ammo stockpile? Or if someone hacks the software that manages food distribution to your troops.

posted on Mar, 31 2009 @ 09:19 AM
reply to post by InSpiteOf

Why this friend that works in this domain can't even bring a testimony ? why can't he do it himself ? Because he's super secret ? And he tells things to people who have no clearance ?

I'm not expecting that he brings a chinese hacker to tell me the truth .
But he says he has a friend that works with intelligence agencies and all ! that's pretty important ! I'd like to know if he's a valid source , I don't know this guy sorry

Anyway the facts he gave us are okay and it was an interesting thread to read . We didn't really need this part :

" My first contact is a highly experienced computer security expert who often works directly with law enforcement and intelligence agencies"

Except if you need to show us your credibility , but in this case , you have to back your claims too

As you relate facts from a source , your credibility isn't really needed , the credibility that's needed is your source's

[edit on 31-3-2009 by Asset1911]

posted on Mar, 31 2009 @ 09:28 AM
Ok, so they don't know how many computers are infected, they don't know what will happen, but they know where it originated???

Seems odd IMO.

First off all, how would they be certain of the origin of the worm if the switches may be compromised? Even in normal circunstances it may be nearly impossible to pinout the correct source of the malicious software. Then another leap is: "So the worm comes from China, it must be from the Chinese Government right?"

It just seems too fishy. Looks like segregation propaganda IMHO.

posted on Mar, 31 2009 @ 09:33 AM
reply to post by MorfeuZ

Just a question : could the U.s government take this as an act of war ? If it comes from the Chinese gov. I mean .

posted on Mar, 31 2009 @ 09:44 AM
reply to post by Asset1911

Can it be proved it came from the Chinese gvt? Hardly.
Or would the chinese gvt. take responsability for it? Then It would be a deliberate act of war.

I just don't think it is the case, there is some hidden agenda behind this IMO.
Although it may well be the chinese trying to undermine the US economy and infrastructure, I have a feeling in my gut that says this is propaganda.

I am not american, I may not know all the facts, but I don't buy it.

posted on Mar, 31 2009 @ 09:55 AM
reply to post by

If only international institutions are been spied on I would suspect they are interested in our military and international business dealings.

Ive also heard rumors that these internet call centers from the Philippines’ and possible India are selling our private info. I’d like to know to whom they are being sold to.

They also have our banking info..

It would seem the router info could only be transferred via the modem (to ping) and not the router. The router does not send and receive info but the modem and IP address would. Maybe I’m wrong though.

Doesn’t the modem go (in) to the main computer and (out) to the router? I may need help if I’m wrong about routers.

China is already fighting for global power and dominance. It’s true the dollar is weak and the US has lost some clout as a Super Power.

We know the Chinese government is communist therefore cyber espionage wouldn’t be too farfetched if only to spy on their own people.

We still have spies in every Nation. What better than to use computer hacking.

It’s already possible to send a keylogger via email attachment. Some say “Your Birthday” when your birthday is months away. A virtual spy. Very interesting!

Dont open attachments unless you know the person and trust they are computer illiterate.

posted on Mar, 31 2009 @ 09:59 AM
reply to post by Asset1911

First, all the OP was doing was relating information he exchanged with two of his friends. Nothing more. No clearance required. If you doubt the veracity of his relationship with two industry experts, that is something you bring up in private conversation with the OP. There is no claim of knowledge, just speculation that A) the counterfeit routers are connected to the recently discovered "Ghost Net" B) That these routers in conjunction with the program are an attempt by some group or groups within China, whether it be the government or state-sponsored group, to gain access to sensitive systems and materials for a currently unknown reason.

The report from Information Warfare Monitor stops short of specifically naming the Chinese government, or intelligence agencies within the government, as the culprit of these attacks. However, we do know that their intelligence agencies and law enforcement units have acted upon information obtained through GhostNet.

I suggest you read the report listed for further verification. The implications are vast and terrifying.

For the record, his primary sources of information are the websites linked to us in the OP. Secondary sources would be his friends in the field. If you require validation of those sources, I believe that would be a personal matter between you and the author, and perhaps best left to private conversation?

posted on Mar, 31 2009 @ 10:01 AM
Thanks for this post and also to user who posted the super-relevant pdf on the matter.

In reading the mentioned analysis of GhostNET, I noticed this last paragraph in the sum-up:

Another possible explanation is that there is a single individual or set of individuals (criminal networks, for example) who are targeting these high-value targets for profit. This can be in the form of stealing financial information or critical data that can be sold to clients, be they states or private entities. There are countless examples of large-scale fraud and data theft worldwide and numerous apparent instances of outsourcing to third parties of cyber-attacks and espionage, some of which the Information Warfare Monitor and its related research project, the OpenNet Initiative, have documented. GhostNet could very well be a for-profit, non-state venture. Even “patriotic hackers” could be acting on their own volition, or with the tacit approval of their government, as operators of the GhostNet.

Finally, it is not inconceivable that this network of infected computers could have been targeted by a state other than China, but operated physically within China (and at least one node in the United States) for strategic purposes. Compromised proxy computers on Hainan Island, for
example, could have been deployed as staging posts, perhaps in an effort to deliberately mislead observers as to the true operator(s) and purpose of the GhostNet system.

It is hard to determine the origin in reality so long as there is at least one or two nodes in any other state than China. So, research is good, but lessening the certainty can also serve a purpose as well because bad decision and wrong decisions are born from bad or wrong intel. I'm more about knowing the facts, like with the Challenger explosion in which all the engineers put the #'s at 1 in a million or higher, that a catastrophic failure would happen with the Shuttle. Feynman put the actual number around 1 in 100 that should go bad. So I do know that real numbers and real data do take some work, to find.

The report posted by doesn't mention counterfeit routers at all so OP will have to substantiate that part. There's a cultural divide here, also an economic one. Also a technical skill one.

Americans as such, are better equipped for national mobilization or defense of their home-networks but they are being sold out by the major brands of software which promise protection.

Also, port scanning is only moderately effective because these are bold, targeted emails which come to you and if you are displaying email in HTML format (all the pretty colors) then the code will run, and even if its scanned as safe by the webmail provider you use, the PDF or DOC itself launches the code and makes an outgoing whois request and very few firewalls are set to block outgoing traffic automatically (some do) so how shall you know with whom your PC is speaking?

1,200 or so computers is a frightening amount when you consider the dispersion across nations and involving super-powers whose people are anything but "super" when it comes to tech. But if the Americans mobilize for PC safety, they can gain a hand up.

What happens next is this: Mobile devices become like PCs (best malicious software is java based) in that they will receive unwanted text messages which contain an irresistible payload. Suddenly your phone is spamming your phonelist just like email works now, and b-b-b-bang, suddenly all your digital gear becomes the "most urgent problem". It is spamming your social networks and punishing people for being in your phonelist. Fun huh?

How about the recent movie, "Sex Drive" where we see that the Amish lifestyle may actually have a lot to offer? I really enjoyed that movie. Why so much tech when no humans are ready for it? ANSWER: It serves the goals of those who dispense your computing-machines and your Worlds of Warcraft, etc, etc. These people have 5-10-25-50 year timelines for how they will give you tech.

Also when one controls information, one controls significant markets exclusively. Markets in all kinds of porn, weapons and all 'illegal data' which exist only in digital form are controlled then by groups of people.

Isn't it funny that even as people don't want to get to know their neighbors globally, their COMPUTERS are the ones shaking hands quietly and making a truly connected world? Now if only the humans could control their computers!

posted on Mar, 31 2009 @ 10:03 AM

Originally posted by wonderworld
Doesn’t the modem go (in) to the main computer and (out) to the router? I may need help if I’m wrong about routers.

Ya you got it wrong. Modem to router, router to computers.

We know the Chinese government is communist therefore cyber espionage wouldn’t be too farfetched if only to spy on their own people.

Communism is an economical system, and in any event, the Chinese economy allows private capital accumulation and private enterprise in certain cases. The government, is totalitarian. Besides, even the US spies on its own people, not to mention others across the globe.

[edit on 31-3-2009 by InSpiteOf]

posted on Mar, 31 2009 @ 10:11 AM
I found this information regarding proxy servers and their value in regards to digital information markets at the following URL:


Same as for the content servers, logging is turned off on the proxy and forwarding servers, residing in Truecrypt containers. The Russians have developed very clever software for proxy servers (in addition to the possibility of SSL tunneling and IP Forwarding). This proxy accepts incoming connections from the customers which are then tunneled to the Content Server in Germany - completely anonymous and unidentifiable. The link can even be configured for encryption. Result: the server in Germany NEVER APPEARS PUBLICALLY AND STAYS completely anonymously because he never appears with its IP except to the proxy servers that are configured to send the traffic back and forth like through a tunnel - using similar technology like large enterprise VPNs. I stress that this proxy servers are installed everywhere in the world and only consume a lot of traffic, have no special demands, and above all are completely unused.

posted on Mar, 31 2009 @ 10:24 AM
reply to post by InSpiteOf

Thank you. I have a modem and router just forgot to check it first. I need more coffee. I have had difficulies in the past pinging while connected to the router and only found it to work via the modem. It may be a personal problem.

I agree with the OP's view of China too. I do suspect soon everything will be regulated. The last thing we need is router spyware and espionage !

posted on Mar, 31 2009 @ 10:31 AM

Originally posted by
The report from Information Warfare Monitor stops short of specifically naming the Chinese government, or intelligence agencies within the government, as the culprit of these attacks. However, we do know that their intelligence agencies and law enforcement units have acted upon information obtained through GhostNet.

My emphasis.

How do we 'know' that their intelligence agencies have acted upon information recieved through Ghostnet?

Forgive my potential lack of insight, truly, but does that not suggest that our intelligence is up to par enough to negate the potential for any serious damage?

Or could that suggest (the conspiracy theorist in me makes this leap) that we are perhaps witnessing the beginnings of the foundation for a "Virtual Cold War"?

As well...the blanket statement you made regarding the medias awareness that we are unprepared for cyber attacks is, in my opinion, assuming a coordinated effort and collaboration on their part for such an attribution. At the best, the media would merely assume the lack of preparation in order to capture the attention of the consumer...

And using China as a scapegoat for the life of credit and debt that was not only encouraged but instilled into the public's world view (the fall of the dollar/transition to a cashless society) is the biggest cop out in the world...and if that is an implicit agenda of this string of events then I hope we don't fall for it.

posted on Mar, 31 2009 @ 10:39 AM
as with everything, there are priorities, unless your wealthy or in a position of power, the odds of somebody actually caring about what is on your computer is slim to none. management of data is as important as the gathering of it. so if you're not breaking any laws, and you're not wealthy, or in a position of power, they are not interested in you.

having said that, being in computers for 15 years and now retired, i still do NOT do any banking, bill paying, or purchasing merchandize with a credit card, ONLINE!!...old school saying regarding the internet...what is written, can be read.

you want privacy...write a letter and mail it at the post office. and if you're doing something against the law, even that isn't secure, so keep it legal.

[edit on 31-3-2009 by jimmyx]

posted on Mar, 31 2009 @ 11:04 AM
"old school saying regarding the internet...what is written, can be read"

I hate this sentence but it's so true

Can it be applied for the nsa ? They must have one hell of an equipment

And another question if anyone of you knows , do you have knowledge of an "event" where the U.s hacked chinese systems ? I ask this question knowing that if such a thing happened , their commie government would probably keep it secret ... So there shouldn't be many cases to relate of a U.s attack

[edit on 31-3-2009 by Asset1911]

new topics

top topics

<< 1    3  4 >>

log in