Quote: Original post by Dex Jackson
The Chinese Government...

They always (and I'm not kidding; look at how they treat their own people and how they deal with both international, national and local politics) want to have power over others in the world. If they can't have it, they will try to find ways to subvertly find weaknesses in others, especially the West. It's all reminiscent of the Cold War to a certain extent. The odd - potentially unnerving - thing is that this program or system or whatever, has been going on for awhile. How much information the Chinese Government has on the countries and sovereignties within its own part on the world and the West is probably, literally unbelievable.

I really fail to see how this is any worse than what the west is doing with Echelon and all that shit. Ghostnet may even be outdwarfed several orders of magnitude by echelon from the seventies. How is it that the west (ie: america + some allies) can do everything they want and when another country wants to take a peek at secret shit they are suddenly considered evil incarnate?

The difference between this and Echelon (if it exists, which I strongly suspect that it does), is that Echelon runs on its own systems and doesn't infect everyone else's computers to do its deeds. It listens to wide-open communication and aggregates, amounting to not much more than an organized effort to listen in and categorize conversations in public parks. GhostNet breaks in your back door and steals your papers directly from you. I don't agree with Echelon, but you have to admit that there is a degree of difference between the two.


In regards to Conficker C, why can't someone write a virus that exploits the same defect to gain entry to these PCs with the express purpose of wiping out Conficker C? It could even check back to similar randomized DNS names to decide if it should keep going, with the assumption that no continue message after a week means the virus should stop and delete itself.

Quote: Original post by capn_midnight
The difference between this and Echelon (if it exists, which I strongly suspect that it does), is that Echelon runs on its own systems and doesn't infect everyone else's computers to do its deeds. It listens to wide-open communication and aggregates, amounting to not much more than an organized effort to listen in and categorize conversations in public parks. GhostNet breaks in your back door and steals your papers directly from you. I don't agree with Echelon, but you have to admit that there is a degree of difference between the two.

I admit that yes, but I contest that this is a degree such that Ghostnet is on a different level of evilness. Echelon is nothing like eavesdropping on conversations in the park. Telephone and email communications are private, the park is not.

EDIT: for example ghostnet was reportedly used to intercept email communications from the dalai lama and take political action on that. Same is possible with echelon, but on a much larger scale.

Quote: Original post by Dmytry

Quote: Original post by LessBread
How much of that so far has been over and above what they would ordinarily do as part of their job maintaining networks?

a lot.

To paraphrase The Little Rascals, "25 cents? That's almost a million dollars!"

Quote: Original post by Dmytry

Quote:
And if it doesn't activate Wednesday then what?

Then it activates some another day, maybe Thursday maybe Friday maybe another week.
Whenever it activates this Wednesday or not depend primarily to whenever worm author wants publicity or not, and we really don't know this way or the other. With all the publicity, it looks like a nice date for demonstration to potential customers.

If publicity is the goal, then it should activate tomorrow, considering all the publicity the worm has been getting.

Quote: Original post by Dmytry

Quote:
Then it amounts to hype, ala Y2K.

How so? It'll activate eventually, unlike Y2K. On Wednesday it either does something, or sets time for next update, and we can say with certainty that it'll activate on one of those update days. If conficker botnet really is shrinking, then it makes lot of sense to use it sooner while its still big.

The Conficker author(s) does not control the hype. That's on the media and the hype is that it will activate tomorrow. If it doesn't, then the hype was much ado about nothing. One of the links I posted was to a break through in identifying infestations and patching the vulnerability it exploits. Delaying the activation gives more time to patch vulnerable computers and repair infested ones.

Quote: Original post by Dmytry
We don't know who controls botnet, we don't know what it is to be used for, and we only know that on wednesday a new executable is run, and we don't know what new executable will do - will it DDOS someone, or will it just sit wait for update on 1st May, or will it implement capacity to update on any day. What we know with near certainty is that one of those update days, it'll do something. Heck, we don't even know if there are "personalized" strains of conficker stealing data from important people.

It seems to me that the "personalized strain" hypothesis is similar to my Chinese diversion hypothesis, the difference being the target. In both cases, the potential threat of a massive botnet diverts attention away from the actual goal.

Quote: Original post by DeadXorAlive

Quote: Original post by capn_midnight
The difference between this and Echelon (if it exists, which I strongly suspect that it does), is that Echelon runs on its own systems and doesn't infect everyone else's computers to do its deeds. It listens to wide-open communication and aggregates, amounting to not much more than an organized effort to listen in and categorize conversations in public parks. GhostNet breaks in your back door and steals your papers directly from you. I don't agree with Echelon, but you have to admit that there is a degree of difference between the two.

I admit that yes, but I contest that this is a degree such that Ghostnet is on a different level of evilness. Echelon is nothing like eavesdropping on conversations in the park. Telephone and email communications are private, the park is not.

EDIT: for example ghostnet was reportedly used to intercept email communications from the dalai lama and take political action on that. Same is possible with echelon, but on a much larger scale.

Did GhostNet intercept communications from the Dalai Lama or did it block them? (or both) It seems to me that Echelon is about intercepting communications but not blocking them.

Quote: Original post by Dmytry

Quote: Original post by LessBread
How much of that so far has been over and above what they would ordinarily do as part of their job maintaining networks?

a lot..

Indeed. When every computer in a school gets this and kids keep using all their USB devices, passing it back and forth between their home computers and the school computers, you have no idea how much work it is to clean it off and then prevent it from getting back on. Then there are overzealous teachers who refuse to participate as necessary to get everything cleaned up. Like I said, my dad faced this issue recently, and it took weeks to get everything back to normal, including very large amounts of overtime every day.

So yes, it can potentially be a lot of extra work depending on just how large the network is and the computer literacy of the users and so forth.

Quote: Original post by capn_midnight
In regards to Conficker C, why can't someone write a virus that exploits the same defect to gain entry to these PCs with the express purpose of wiping out Conficker C? It could even check back to similar randomized DNS names to decide if it should keep going, with the assumption that no continue message after a week means the virus should stop and delete itself.

afaik conficker also closes the door after getting in. standard practice.

Quote: Original post by capn_midnight
The difference between this and Echelon (if it exists, which I strongly suspect that it does), is that Echelon runs on its own systems and doesn't infect everyone else's computers to do its deeds. It listens to wide-open communication and aggregates, amounting to not much more than an organized effort to listen in and categorize conversations in public parks. GhostNet breaks in your back door and steals your papers directly from you. I don't agree with Echelon, but you have to admit that there is a degree of difference between the two.

I think the degree of difference is about same as between hi-tech laser mike aimed at your windows, versus low-tech sneaking into your house and planting a bug. I.e. practically, very little difference as long as they don't break your lock, and have common decency to photo your papers rather than taking those away.

Has the worm struck yet? It's 9 pm GMT. April Fool's 2009 is almost over. The Internet Traffic Report shows no disruption.

Quote: Original post by LessBread
Has the worm struck yet? It's 9 pm GMT. April Fool's 2009 is almost over. The Internet Traffic Report shows no disruption.

apparently worm is sufficiently well designed not to lag my ISP appreciably when all those PCs are phoning-home. In 2007, some worm caused outage at my ISP (according to my brother - I wasn't there at the moment). Some while ago, Latvian and/or Estonian government websites were DDOSed multiple times.
Living in Baltic state, I've got my reasons to worry about botnets possibly controlled by Russia. Especially botnets so big that them could conceivably ddos a small country. 10M bots, that is huge. My country has 1M or fewer personal computers connected to Internet.