About a year ago, a group of security researchers in Toronto affiliated with the Munk Centre for International Studies uncovered the existence of an international botnet called Ghostnet, and discovered that it may be a Chinese espionage tool used against Tibetan citizens. It was one of the largest botnet networks at the time, and the Chinese government has repeatedly denied accusations that they were behind the espionage, despite the sociopolitical nature of the targets.
Now, a year later, the same group of researchers have discovered a previously unknown branch of the Ghostnet Network that primarily targets India. After extensive research and monitoring, they have determined that the GhostNet network is more sophisticated and robust than previously assumed.
Called GhostNet 2.0 by some, the control servers sending commands to infected PCs all over the world were using cloud-based social networking services like Twitter, Facebook, and Google to communicate with the botnet, raising concerns that the open nature of the cloud will lead to dangerous opportunities for botnet herders around the globe to more easily conceal their actions.
According to Ars Technica, The accusations against China for backing the botnet remain inconclusive. The report points to the location of the likely origin of the attacks, Chengdu Province, and explains that it's a site of an Army technical reconnaissance bureau. However, the location is also close a known organized crime community in Chongquing, another possible explanation. The Chinese government has been known to hire independent contractors to do their cyber-work, so the culprit could very well be a mix of the two theories.
Regardless of who is behind GhostNet, there is no denying that it's a huge leap forward in the sophistication of the botnet industry. As more and more services head toward the cloud, and as more and more services adopt more open models, the botnet herders will no doubt jump on the opportunity to copy GhostNet, and use the open infrastructures to their advantage.