DOCSLIB.ORG

Proactive Cybersecurity: a Comparative Industry and Regulatory Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

PROACTIVE CYBERSECURITY: A COMPARATIVE INDUSTRY AND REGULATORY ANALYSIS Amanda N. Craig, JD*, Scott J. Shackelford, JD, PhD**, & Janine S. Hiller, JD*** ABSTRACT This Article analyzes recent business realities and regulatory trends shaping the proactive cybersecurity industry. To provide a framework for our discussion, we begin by describing the historical development of the industry and how it has been shaped by the applicable law in the United States and other G8 nations. We then catalogue the proactive cybersecurity practices of more than twenty companies, focusing on four case studies that we consider in the context of polycentric “global security assemblages.” Finally, we assess the emergence of proactive cybersecurity norms, both within industry and international law, and consider the implications of this movement on contemporary Internet governance debates about the role of the public and private sectors in regulating cyberspace. Ultimately, we maintain that proactive cybersecurity, especially if pursued with improved legal clarity and global cooperation, demonstrates an opportunity for polycentric partnerships to result in better protected IT assets. 1 Electronic copy available at: http://ssrn.com/abstract=2573787 TABLE OF CONTENTS INTRODUCTION ................................................................................................................................................. 3 I. A SHORT HISTORY OF PROACTIVE CYBERSECURITY: CONCEPTS, IMPLEMENTATION, AND LEGALITY ....................................................................................................... 8 A. THE EVOLUTION OF ACTIVE CYBER DEFENSE ....................................................................................................... 9 B. LEGAL UNCERTAINTY AND THE COMPUTER FRAUD AND ABUSE ACT ........................................................... 11 C. A COMPARATIVE ANALYSIS OF PROACTIVE CYBERSECURITY REGULATION ................................................ 13 1. In-Depth Comparative Case Study: Comparing the U.S. and UK Experiences with Proactive Cybersecurity ........................................................................................................................................................................ 14 2. Regulating “Unauthorized Access” Across the G8 ...................................................................................... 18 3. Understanding Singapore’s New Approach .................................................................................................... 22 D. THE PRIVATE SECTOR PUSHES FORWARD: A NEW ERA IN PROACTIVE CYBERSECURITY ....................... 25 II. THE PRIVATE SECTOR PROACTIVELY DEFENDS .................................................................. 29 B. SURVEY OF THE PROACTIVE CYBERSECURITY INDUSTRY ................................................................................. 32 C. ENTER CROWDSTRIKE ................................................................................................................................................ 35 D. FOCUSING ON FIREEYE ............................................................................................................................................. 36 E. HATCHING HAWKEYE ................................................................................................................................................. 38 F. STARTING STRONGARM .......................................................................................................................................... 39 G. SUMMARY ...................................................................................................................................................................... 43 III. GOVERNANCE TRENDS IN INTELLIGENCE-DRIVEN ACTIVE DEFENSE ................... 43 A. THE GROWTH OF POLYCENTRIC CYBERSECURITY ASSEMBLAGES ................................................................. 44 B. THE INTERSECTION OF PROACTIVE CYBERSECURITY AND INTERNET GOVERNANCE ................................ 47 C. AN EMERGING NORM OF PROACTIVE CYBERSECURITY? ................................................................................. 51 D. SUMMARY AND IMPLICATIONS FOR BUSINESSES AND POLICYMAKERS ......................................................... 54 CONCLUSION .................................................................................................................................................... 55 APPENDIX A: SAMPLE OF NON-G8 NATIONAL ACTIVE CYBER DEFENSE LAWS ............. 56 APPENDIX B: “PROACTIVE” CYBERSECURITY PRODUCTS AND SERVICES INDUSTRY MATRIX ............................................................................................................................................................... 61 2 Electronic copy available at: http://ssrn.com/abstract=2573787 INTRODUCTION In January 2015, as Sony Pictures struggled to revive its computer network after The Interview reportedly prompted a massive hack,1 cybersecurity firm FireEye demonstrated that the sorts of breaches that Sony experienced likely are not preventable with conventional network defenses.2 Indeed, while experts said that “Sony’s reputation is suffering” due to the hack, they also agreed that Sony “is hardly the only company at risk . .”3 Rather, FireEye likens traditional network defense tools, on which Fortune 500 companies spent much of their $71 billion information technology (“IT”) security budgets in 2014,4 as something akin to France’s pre-World War II “Maginot Line”—good in theory, but relatively easy to bypass in practice.5 Recent news headlines may seem evidence enough, as Target, Home Depot, and J.P Morgan Chase all announced major breaches in 2014.6 But FireEye’s January 2015 report goes much further, noting that a whopping 96 percent of the 1,600 computer networks that it monitored—from behind traditional network defenses—were breached in 2014.7 As such, FireEye argues, “organizations must consider a new approach to securing their IT assets . [they] can’t afford to The authors wish to thank Professors Amy Zegart, Larry Kramer, and Tiny Cuellar for their invaluable comments on this Article, as well as the research support of Scott Russell and Jonathan Brown. Scott in particular took the lead in developing the UK and Singapore case studies, for which we are indebted to him. The views expressed in this article are solely those of the authors and do not necessarily represent or reflect the position of Microsoft Corp. * Senior Cybersecurity Strategist, Microsoft Corporation. Disclaimer: The views expressed in this article are solely those of the author and do not necessarily represent or reflect the position of Microsoft Corporation. ** Assistant Professor of Business Law and Ethics, Indiana University; W. Glenn Campbell and Rita Ricardo- Campbell National Fellow, Stanford University. *** Professor of Business Law, Richard E. Sorensen Professor in Finance, Pamplin College of Business, Virginia Tech. 1 Thomas Halleck, Sony Corporation: Network is Still Down Following ‘The Interview’ Hack, INT’L BUS. TIMES (Jan. 8, 2015), http://www.ibtimes.com/sony-corporation-network-still-down-following-interview-hack-1778344; Dara Kerr and Roger Cheng, Sony CEO: We were the victim of a vicious and malicious hack, CNET (Jan. 5, 2015), http://www.cnet.com/news/sony-announces/. 2 Maginot Revisited: More Real-World Results from Real-World Tests, FIREEYE (2015), https://www2.fireeye.com/rs/fireye/images/rpt-maginot-revisited.pdf [hereinafter Maginot Revisited (2015)]. 3 John Guadiosi, Why Sony Didn’t Learn From its 2011 Hack, FORTUNE (Dec. 24, 2014), http://fortune.com/2014/12/24/why-sony-didnt-learn-from-its-2011-hack/. 4 Seth Rosenblatt, Modern Security Tactics Fail to Protect Against Malware, Study Finds, CNET (Jan. 8, 2015), http://www.cnet.com/news/modern-security-tactics-fail-to-protect-against-malware-new-study-finds/. 5 Maginot Revisited (2015), supra note 2; CYBERSECURITY’S MAGINOT LINE: A REAL-WORLD ASSESSMENT OF THE DEFENSE-IN-DEPTH MODEL, FIREEYE (2014), http://www2.fireeye.com/rs/fireye/images/fireeye-real-world- assessment.pdf. France created the Maginot Line during World War II to impede Nazi Germany’s invasion, but German forces bypassed the Maginot Line and invaded France from Belgium. See MARC ROMANYCH ET AL., MAGINOT LINE 1940: BATTLES ON THE FRENCH FRONTIER 27 (2012). 6 Sharon Tobias, 2014: The Year in Cyberattacks, NEWSWEEK (Dec. 31, 2014), http://www.newsweek.com/2014- year-cyber-attacks-295876. 7 Maginot Revisited, supra note 2, at 3. 3 passively wait for attacks. Instead, they should take a lean-forward approach that actively hunts for new and unseen threats.”8 But what constitutes a lean-forward approach, and why are more organizations not already taking one? The emerging field of proactive cybersecurity is complex, encompassing a range of activities also referred to as “active defense.” While “hacking back” is often a highly visible point of contention when discussing the role of private sector active defense,9 it is just one facet of the larger proactive cybersecurity movement, which includes technological best practices ranging from real-time analytics to cybersecurity audits promoting built-in resilience.10 Along with confusion about the range of activities that could be considered forward-leaning proactive cybersecurity, there remains ambiguity regarding the legality of some active defense techniques, including not only “hack back” but also “honeypots” and information sharing, two methods that have even been acknowledged
Recommended publications
  • By James Juo

    By James Juo

    , by James Juo • AT AGE 14, Aaron Swartz was working with leading tech­ extortion by threat of damage to a computer.9 In addition nologists to craft standards for openly sharing informa­ to traditional computer hacking, the statute also has tion on the Interner.! He then helped Lawrence Lessig with been asserted against employees who take trade secrets Creative Commons, which promotes the use of simple, stored on their employer's computer before leaving to join standardized copyright licenses that give the public per­ the competition. IO In 1984, Congress enacted the CFAA mission to share and use creative works.2 At 19, he was to criminalize the hacking of computers in connection with a founding developer of Reddit, a widely used social national security, financial records, and government prop­ news Web site where users can post news links and vote erty.11 The statute was originally designed to cover unau­ on them.3 Aaron later became a political activist for thorized access of such protected computers having a Internet freedom and social justice issues and formed the specified federal interesr. 12 advocacy group Demand Progress.4 At 26, facing a crim­ The CFAA has been expanded a number of times. 13 inal trial under the Computer Fraud and Abuse Act For example, a 1994 amendment expanded the statute to (CFAA) for allegedly circumventing computer restric­ allow private entities to assert a civil cause of action and tions to an online database of academic articles, Aaron obtain compensatory damages and other equitable relief. 14 Swartz hanged himself in January.s In 1996, the CFAA was further amended to expand the Since then, Internet groups have criticized the U.S.
  • Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism

    Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism

    Journal of Strategic Security Volume 6 Number 5 Volume 6, No. 3, Fall 2013 Supplement: Ninth Annual IAFIE Article 3 Conference: Expanding the Frontiers of Intelligence Education Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins The University of Texas at El Paso Follow this and additional works at: https://scholarcommons.usf.edu/jss pp. 1-9 Recommended Citation Adkins, Gary. "Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism." Journal of Strategic Security 6, no. 3 Suppl. (2013): 1-9. This Papers is brought to you for free and open access by the Open Access Journals at Scholar Commons. It has been accepted for inclusion in Journal of Strategic Security by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism This papers is available in Journal of Strategic Security: https://scholarcommons.usf.edu/jss/vol6/iss5/ 3 Adkins: Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins Introduction The world has effectively exited the Industrial Age and is firmly planted in the Information Age. Global communication at the speed of light has become a great asset to both businesses and private citizens. However, there is a dark side to the age we live in as it allows terrorist groups to communicate, plan, fund, recruit, and spread their message to the world. Given the relative anonymity the Internet provides, many law enforcement and security agencies investigations are hindered in not only locating would be terrorists but also in disrupting their operations.
  • The Lost Nuance of Big Data Policing

    The Lost Nuance of Big Data Policing

    THE LOST NUANCE OF BIG DATA POLICING 94 TEX. L. REV. __ (forthcoming 2015) Jane Bambauer* The third party doctrine permits the government to collect consumer records without implicating the Fourth Amendment. The doctrine strains the reasoning of all possible conceptions of the Fourth Amendment and is destined for reform. So far, scholars and jurists have advanced proposals using a cramped analytical model that attempts to balance privacy and security. They fail to account for the filterability of data. Filtering can simultaneously expand law enforcement access to relevant information while reducing access to irrelevant information. Thus, existing proposals will distort criminal justice by denying police a resource that can cabin discretion, increase distributional fairness, and exculpate the wrongly accused. This Article offers the first comprehensive analysis of third party data in police investigations by considering interests beyond privacy and security. First, it shows how existing proposals to require suspicion or a warrant will inadvertently conflict with other constitutional values, including equal protection, the First Amendment, and the due process rights of the innocent. Then it offers surgical reforms that address the most problematic applications of the doctrine: suspect-driven data collection, and bulk data collection. Well-designed reforms to the third party doctrine will shut down the data collection practices that most seriously offend civil liberties without impeding valuable, liberty-enhancing innovations in policing.
  • Malware to Crimeware

    Malware to Crimeware

    I have surveyed over a decade of advances in delivery of malware. Over this daVid dittRich period, attackers have shifted to using complex, multi-phase attacks based on malware to crimeware: subtle social engineering tactics, advanced how far have they cryptographic techniques to defeat takeover gone, and how do and analysis, and highly targeted attacks we catch up? that are intended to fly below the radar of current technical defenses. I will show how Dave Dittrich is an affiliate information malicious technology combined with social security researcher in the University of manipulation is used against us and con- Washington’s Applied Physics Laboratory. He focuses on advanced malware threats and clude that this understanding might even the ethical and legal framework for respond- ing to computer network attacks. help us design our own combination of [email protected] technical and social mechanisms to better protect us. And ye shall know the truth, and the truth shall make you free. The late 1990s saw the advent of distributed and John 8:32 coordinated computer network attack tools, which were primarily used for the electronic equivalent of fist fighting in the streets. It only took a few years for criminal activity—extortion, click fraud, denial of service for competitive advantage—to appear, followed by mass theft of personal and financial data through quieter, yet still widespread and auto- mated, keystroke logging. Despite what law-abid- ing citizens would desire, crime does pay, and pay well. Today, the financial gain from criminal enter- prise allows investment of large sums of money in developing tools and operational capabilities that are increasingly sophisticated and highly targeted.
  • Download Legal Document

    Download Legal Document

    UNITED STATES DISTRICT COURT EASTERN DISTRICT OF NEW YORK IN RE ORDER REQUIRING APPLE, INC. TO ASSIST IN THE EXECUTION OF A SEARCH WARRANT ISSUED BY THIS COURT. No. 1:15-mc-01902-JO BRIEF OF AMICI CURIAE AMERICAN CIVIL LIBERTIES UNION, NEW YORK CIVIL LIBERTIES UNION, ELECTRONIC FRONTIER FOUNDATION, AND JENNIFER GRANICK AND RIANA PFEFFERKORN Arthur Eisenberg Esha Bhandari Mariko Hirose Alex Abdo New York Civil Liberties Union American Civil Liberties Union 125 Broad Street, 19th Floor Foundation New York, NY 10004 125 Broad Street, 18th Floor Tel: 212-607-3300 New York, NY 10004 [email protected] Tel: 212-549-2500 [email protected] Jennifer Stisa Granick (CA Bar #168423) Andrew Crocker Director of Civil Liberties* Nathan D. Cardozo Riana Pfefferkorn (CA Bar #266817) Electronic Frontier Cryptography Policy Fellow* Foundation Stanford Law School 815 Eddy Street Center for Internet and Society San Francisco, CA 94109 559 Nathan Abbott Way Tel: 415-436-9333 Stanford, CA 94305 [email protected] Tel: 650-736-8675 [email protected] * For affiliation purposes only TABLE OF CONTENTS TABLE OF AUTHORITIES .............................................................................................................ii SUMMARY OF ARGUMENT .........................................................................................................2 BACKGROUND ...............................................................................................................................3 ARGUMENT .....................................................................................................................................3
  • The Question of State Sponsored Cyber Terrorism and Espionage Student Officer

    The Question of State Sponsored Cyber Terrorism and Espionage Student Officer

    st th The Hague International Model United Nations Qatar 2020 | 21 ​ – 24 ​ of January 2020 ​ ​ ​ ​ ​ Forum: The Security Council Issue: The Question of State sponsored cyber terrorism and espionage Student Officer: Sebastian Santoni Position: President Introduction On the 27th of April 2007, Estonia experienced the first of a series of cyber attacks which would go on to shape laws, policies, and attitudes within and outside its borders. The country was bombarded by thousands of independent actors, resulting in the complete loss of most internet services for three weeks. The Estonian parliament, banks and media were all targeted in the midst of political disagreements with Russia. Although not the first incident of cyber terrorism, this was definitely one of the most destructive, managing to make an entire country go offline. In response, the world’s first ever regulations concerning actions in cyberspace were drafted, hoping to prevent such incidents from occurring in the future. However, incidents of cyber terrorism and espionage continued and remain a major threat to international security. Not only can they create mistrust and paranoia between nations, but also paralyse the organizations and resources core to their economic, social and political stability. This is especially true when such acts are initiated by countries and their related bodies, placing the world’s most sophisticated technology in the wrong hands. As members of the United Nations, it is the responsibility of countries to use their resources, voices and cooperation to strengthen international cyber security and work towards a world where state-sponsored cyber terrorism and espionage are void. Organizations such as the Kaspersky Lab and the Cooperative Cyber Defence Center of Excellence have made strides toward combating the issue, although they are restricted by an acute lack of relevant treaties and laws.
  • Trend Micro Deep Discovery Advisor 2.95 Administrator's Guide

    Trend Micro Deep Discovery Advisor 2.95 Administrator's Guide

    Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes, and the latest version of the applicable user documentation, which are available from the Trend Micro website at: http://docs.trendmicro.com/en-us/enterprise/deep-discovery-advisor.aspx Trend Micro, the Trend Micro t-ball logo, InterScan, and ScanMail are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright © 2013 Trend Micro Incorporated. All rights reserved. Document Part No.: APEM25797/121119 Release Date: January 2013 Patents pending The user documentation for Trend Micro Deep Discovery Advisor introduces the main features of the software and installation instructions for your production environment. Read through it before installing or using the software. Detailed information about how to use specific features within the software are available in the online help file and the online Knowledge Base at Trend Micro’s website. Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro document, please contact us at [email protected]. Please evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp Table of Contents Preface Preface ..............................................................................................................
  • WORLD WAR C : Understanding Nation-State Motives Behind Today’S Advanced Cyber Attacks

    WORLD WAR C : Understanding Nation-State Motives Behind Today’S Advanced Cyber Attacks

    REPORT WORLD WAR C : Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks Authors: Kenneth Geers, Darien Kindlund, Ned Moran, Rob Rachwald SECURITY REIMAGINED World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks CONTENTS Executive Summary ............................................................................................................................................................................................................................................................................................................... 3 Introduction ............................................................................................................................................................................................................................................................................................................................................... 4 A Word of Warning ................................................................................................................................................................................................................................................................................................................. 5 The FireEye Perspective ...........................................................................................................................................................................................................................................................................................
  • KOOBFACE: Inside a Crimeware Network

    KOOBFACE: Inside a Crimeware Network

    JR04-2010 KOOBFACE: Inside a Crimeware Network By NART VILLENEUVE with a foreword by Ron Deibert and Rafal Rohozinski November 12, 2010 WEB VERSION. Also found here: INFOWAR http://www.infowar-monitor.net/koobface MONITOR JR04-2010 Koobface: Inside a Crimeware Network - FOREWORD I Foreword There is an episode of Star Trek in which Captain Kirk and Spock are confronted by their evil doppelgängers who are identical in every way except for their more nefarious, diabolical character. The social networking community Facebook has just such an evil doppelgänger, and it is called Koobface. Ever since the Internet emerged from the world of academia and into the world-of-the-rest-of-us, its growth trajectory has been shadowed by the emergence of a grey economy that has thrived on the opportunities for enrichment that an open, globally connected infrastructure has made possible. In the early years, cybercrime was clumsy, consisting mostly of extortion rackets that leveraged blunt computer network attacks against online casinos or pornography sites to extract funds from frustrated owners. Over time, it has become more sophisticated, more precise: like muggings morphing into rare art theft. The tools of the trade have been increasingly refined, levering ingenuous and constantly evolving malicious software (or malware) with tens of thousands of silently infected computers to hide tracks and steal credentials, like credit card data and passwords, from millions of unsuspecting individuals. It has become one of the world economy’s largest growth sectors—Russian, Chinese, and Israeli gangs are now joined by upstarts from Brazil, Thailand, and Nigeria—all of whom recognize that in the globally connected world, cyberspace offers stealthy and instant means for enrichment.
  • Digital Switzerlands

    Digital Switzerlands

    ARTICLE DIGITAL SWITZERLANDS KRISTEN E. EICHENSEHR† U.S. technology companies are increasingly standing as competing power centers that challenge the primacy of governments. This power brings with it the capacity to bolster or undermine governmental authority, as well as increasing public demands for the companies to protect users from governments. The companies’ power raises serious questions about how to understand their role. Scholars have proposed varying conceptions, suggesting that the companies should be understood as public utilities, information fiduciaries, surveillance intermediaries, or speech governors. This Article takes up another possibility, one suggested by the companies themselves: that they are “Digital Switzerlands.” The Digital Switzerlands concept encompasses two ideas: (1) that the companies are on par with, not subordinate to, the countries that try to regulate them, and (2) that they are, in some sense, neutral. This Article critically evaluates the plausibility of these claims and explores how the companies differ from other powerful private parties. The Digital Switzerlands concept sheds light on why the companies have begun to resist both the U.S. government and foreign governments, but it also means that the companies do not always counter governments. Understanding the relationship between companies, users, and governments as triangular, not purely hierarchical, * This Article reflects developments through February 2019, when it was finalized for publication. † Assistant Professor, UCLA School of Law. For
  • Perception Versus Punishment in Cybercrime James T

    Perception Versus Punishment in Cybercrime James T

    Journal of Criminal Law and Criminology Volume 109 Article 4 Issue 2 Spring Spring 2019 Perception Versus Punishment in Cybercrime James T. Graves Alessandro Acquisti Ross Anderson Follow this and additional works at: https://scholarlycommons.law.northwestern.edu/jclc Part of the Criminal Law Commons Recommended Citation James T. Graves, Alessandro Acquisti, and Ross Anderson, Perception Versus Punishment in Cybercrime, 109 J. Crim. L. & Criminology 313 (1019). https://scholarlycommons.law.northwestern.edu/jclc/vol109/iss2/4 This Criminology is brought to you for free and open access by Northwestern Pritzker School of Law Scholarly Commons. It has been accepted for inclusion in Journal of Criminal Law and Criminology by an authorized editor of Northwestern Pritzker School of Law Scholarly Commons. 0091-4169/19/10902-0313 THE JOURNAL OF CRIMINAL LAW & CRIMINOLOGY Vol. 109, No. 2 Copyright © 2019 by James T. Graves, Alessandro Acquisti & Ross Anderson Printed in U.S.A. CRIMINOLOGY PERCEPTION VERSUS PUNISHMENT IN CYBERCRIME JAMES T. GRAVES, ALESSANDRO ACQUISTI & ROSS ANDERSON* TABLE OF CONTENTS I. INTRODUCTION .............................................................................. 314 II. BACKGROUND .............................................................................. 317 A. Factors Affecting Sentencing Under the Computer Fraud and Abuse Act ................................................................ 317 1. Maximum Sentences ................................................. 317 2. Sentencing Guidelines ..............................................
  • GHOSTNET April 2016 Sreepriya Chalakkal

    GHOSTNET April 2016 Sreepriya Chalakkal

    STUDYOFGHOSTNET April 2016 sreepriya chalakkal 1 Introduction 4 2contentsHistory 5 2.1 Tibet-China conflict . 5 2.2 Cyber attack on Tibet . 5 3 Target and Motivation 6 4 Attack Strategy 7 5 Operation 8 5.1 Client and server design . 8 5.2 Dissecting the Ghost suite . 10 5.3 GhostRAT Network communication . 11 6 Detection Avoidance 11 7 Countermeasures 12 7.1 Field investigation . 12 7.2 Defense techniques . 12 7.3 Protection against APTs . 12 8 Conclusion 13 9 Bibiliography 14 Figure 1 The conflict region of Tibet . 6 Figurelist of2 figuresThe GhostNet Client . 9 Figure 3 GhostRAT capabilities . 10 Figure 4 GhostRAT components . 11 Figure 5 Detection with stream analysis . 13 1 My sincere thanks to Professor Karsten Bsufka and guide Leily Bah- namacknowledgement for all their support and encouragement. Leily Bahnam helped with giving valuable suggestions for my presentation. She also re- viewed my report and taught important lessons on scientific writing. Professor Karsten Bsufka helped with giving direction on different research areas in autonomous security. He also helped with provid- ing interesting reading materials that invoked in me more interest in the subject. It was a joyful experience to read about advanced persis- tent threats in general and also getting into the details of GhostNet. Having completed the seminar, I am motivated to study more about advanced persistent threats and botnets. I also realise the intricacies and details that needs to be taken care of while writing a scientific report. 2 The report discusses the history, motivation, operation and detection ofabstract an advanced persistent threat (APT) called GhostNet.