China cyber-spies target 'India and Dalai Lama'

Reuters
Wednesday 07 April 2010 05:31 EDT
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A cyber-espionage group based in southwest China stole documents from the Indian Defense Ministry and emails from the Dalai Lama's office, Canadian researchers said in a report on Tuesday.

The cyber-spies used popular online services, including Twitter, Google Groups and Yahoo Mail, to hack into computers, ultimately directing them to communicate with command and control servers in China.

The report, entitled "Shadows in the Clouds", said the spy network was likely run by individuals with connections to the Chinese criminal underworld. Information might have been passed to branches of the Chinese government, it added.

"We did not find any hard evidence that links these attacks to the Chinese government," said Nart Villeneuve, who, like the other authors of the report, is a researcher at the University of Toronto's Munk School of Global Affairs.

"We've actually had very healthy co-operation with the Chinese computer emergency response team, who are actively working to understand what we've uncovered and have indicated they will work to deal with this ... It's been a very encouraging development," Villeneuve told a Toronto news conference.

In Beijing, a Chinese Foreign Ministry spokeswoman said Chinese "policy is very clear. We resolutely oppose all Internet crime, including hacking."

A year ago, the same researchers described a systematic cyber-infiltration of the Tibetan government-in-exile, which they dubbed GhostNet.

"The social media clouds of cyberspace we rely upon today have a dark, hidden core, There is a vast subterranean ecosystem to cyberspace within which criminal and espionage networks thrive," said the Munk School's Ron Diebert.

Attacks using online social networks to gain trust and access have garnered more attention since Google announced in January that it, along with more than 20 other companies, had suffered hacking attacks out of China. Google ultimately withdrew its Chinese-language search service from the mainland.

The data gathered by the researchers showed that security breaches at one group can result in the theft of confidential information from another organization, a factor that makes it hard to distinguish the ultimate origins of the cyber-spying.

"Anti-virus systems as they stand at the moment are not terribly effective with these kinds of targeted attacks," said researcher Greg Walton, advising the use of digital signatures and software that strips out all attachments from emails.

Stolen documents recovered by the researchers contained sensitive data taken from India's National Security Council Secretariat. They included secret assessments of the security situation in northeastern states bordering Tibet, Bangladesh and Myanmar, as well as insurgencies by Maoists.

Information supplied by visa-seekers to the Indian embassy in Afghanistan and the Indian and Pakistani embassies in the United States were also compromised, the report said.

"We have heard about the hacking report and the concerned department is looking into the case," said Sitanshu Kar, a spokesman for the Indian Defense Ministry.

Some command and control centres listed in the GhostNet report went offline but provided leads for the latest probe.

Internet domains used in both attacks resolved to an IP address in Chongqing, a large city in southwest China, while addresses in the nearby city of Chengdu were used to control Yahoo Mail accounts used in the attacks, the report said.

It traced part of the network to individuals in Chengdu who are graduates of the University of Electronic Science and Technology of China and alleged to have links with the Chinese hacking community.

The researchers said that taking emails from the Dalai Lama's office allowed the spies to track who might be contacting the Tibetan spiritual leader, who China accuses of seeking Tibetan independence.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in