Information Warfare Monitor » Yahel Ben-David http://www.infowar-monitor.net Tracking Cyberpower Fri, 10 Sep 2010 13:39:21 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 The Gh0st in the Shell: Network Security in the Himalayas http://www.infowar-monitor.net/2010/02/the-gh0st-in-the-shell-network-security-in-the-himalayas/ http://www.infowar-monitor.net/2010/02/the-gh0st-in-the-shell-network-security-in-the-himalayas/#comments Fri, 05 Feb 2010 00:17:51 +0000 gwalton http://www.infowar-monitor.net/?p=5542 The Gh0st in the Shell [PDF] Abstract The town of Dharamsala in the Himalayas of India harbors not only the Tibetan government in-exile, but also a very unique Internet community operated by AirJaldi. The combination of high-profile clientele and naive users makes for a very interesting setting from a network security standpoint. Using packet capture and network intrusion detection systems (NIDS), we analyze the security of the network. Given the sensitive history between China and Tibet, and the general public’s penchant to support the freedom of Tibet, it would not be surprising for the Chinese government to be interested in the activities of the community in-exile. Therefore, we also look for evidence of malware targeted at this unique user-base. In our work, we find significant amounts of malicious activity in the traffic, including a solid link to a previously discovered high-profile spy network operated in China. Authors: Matthias Vallentin vallentin@icir.org Jon Whiteaker jbw@berkeley.edu Yahel Ben-David yahel@airjaldi.net ]]> The Gh0st in the Shell [PDF]

Abstract

The town of Dharamsala in the Himalayas of India harbors not only the Tibetan government in-exile, but also a very unique Internet community operated by AirJaldi. The combination of high-profile clientele and naive users makes for a very interesting setting from a network security standpoint. Using packet capture and network intrusion detection systems (NIDS), we analyze the security of the network. Given the sensitive history between China and Tibet, and the general public’s penchant to support the freedom of Tibet, it would not be surprising for the Chinese government to be interested in the activities of the community in-exile. Therefore, we also look for evidence of malware targeted at this unique user-base. In our work, we find significant amounts of malicious activity in the traffic, including a solid link to a previously discovered high-profile spy network operated in China.

Authors:

Matthias Vallentin vallentin@icir.org
Jon Whiteaker jbw@berkeley.edu
Yahel Ben-David yahel@airjaldi.net

]]> http://www.infowar-monitor.net/2010/02/the-gh0st-in-the-shell-network-security-in-the-himalayas/feed/ 0