tailieunhanh - The Gh0st in the Shell: Network Security in the Himalayas

We have been encouraged with the model of the Defense Industrial Base (DIB) pilot program where DIB companies, ISPs, and the government share information, including classified information, with one another to improve operational security among the participants, much like the model described above. This new entity should utilize lessons from this successful sharing of specific and actionable classified information. In order to utilize private sector and government information, this new active defense entity should coordinate with existing information sharing structures such as the Information Sharing and Analysis Centers (ISACs), the National Cybersecurity and Communications Integration Center (NCCIC), the. | The Gh0st in the Shell Network Security in the Himalayas Matthias Vallentin vallentin@ Jon Whiteaker jbw@ Yahel Ben-David yahel@ Abstract The town of Dharamsala in the Himalayas of India harbors not only the Tibetan government in-exile but also a very unique Internet community operated by AirJaldi. The combination of high-profile clientele and naive users makes for a very interesting setting from a network security standpoint. Using packet capture and network intrusion detection systems NIDS we analyze the security of the network. Given the sensitive history between China and Tibet and the general public s penchant to support the freedom of Tibet it would not be surprising for the Chinese government to be interested in the activities of the community in-exile. Therefore we also look for evidence of malware targeted at this unique user-base. In our work we find significant amounts of malicious activity in the traffic including a solid link to a previously discovered high-profile spy network operated in China. 1 Introduction The town of Dharamsala in the rural Indian state of Himachal-Pradesh has become the headquarters of the Tibetan Community-in-Exile and the home for its spiritual leader . the Dalai Lama. Since the Dalai Lama fled Chinese-occupied Tibet in 1959 this little Himalayan town grew to host a large number of pro-Tibetan NGOs and many related nonprofit organizations supporting the community and its struggle to regain its land and freedom. In recent years the Tibetan community has learned to harness the Internet as its key communications medium which is effectively connecting them with the rest of the world. Enabling affordable Internet access to this mountainous and rural area was no simple challenge the AirJaldi wireless network 1 which spans over a radius of 80km in and around Dharamsala plays a key role in overcoming these constraints and has quickly grown to connect more than 10 000 users to the Internet. The intense