The Gh0st in the Shell: Network Security in the Himalayas

The Gh0st in the Shell [PDF]

Abstract

The town of Dharamsala in the Himalayas of India harbors not only the Tibetan government in-exile, but also a very unique Internet community operated by AirJaldi. The combination of high-profile clientele and naive users makes for a very interesting setting from a network security standpoint. Using packet capture and network intrusion detection systems (NIDS), we analyze the security of the network. Given the sensitive history between China and Tibet, and the general public’s penchant to support the freedom of Tibet, it would not be surprising for the Chinese government to be interested in the activities of the community in-exile. Therefore,
we also look for evidence of malware targeted at this unique user-base. In our work, we find significant amounts of malicious activity in the traffic, including a solid link to a previously discovered high-profile spy network operated in China.

Authors:

Matthias Vallentin vallentin@icir.org
Jon Whiteaker jbw@berkeley.edu
Yahel Ben-David yahel@airjaldi.net