The Gh0st in the Shell [PDF]
The town of Dharamsala in the Himalayas of India harbors not only the Tibetan government in-exile, but also a very unique Internet community operated by AirJaldi. The combination of high-proﬁle clientele and naive users makes for a very interesting setting from a network security standpoint. Using packet capture and network intrusion detection systems (NIDS), we analyze the security of the network. Given the sensitive history between China and Tibet, and the general public’s penchant to support the freedom of Tibet, it would not be surprising for the Chinese government to be interested in the activities of the community in-exile. Therefore,
we also look for evidence of malware targeted at this unique user-base. In our work, we ﬁnd signiﬁcant amounts of malicious activity in the trafﬁc, including a solid link to a previously discovered high-proﬁle spy network operated in China.
Matthias Vallentin firstname.lastname@example.org
Jon Whiteaker email@example.com
Yahel Ben-David firstname.lastname@example.org