A group of Canadian computer security researchers have released Tuesday a new report that shows how a China-based cyber spying ring used popular Web social networking services and email accounts to steal national security information from the Indian government and hack into business and computer networks in countries across the globe.
Researchers at University of Toronto's Citizens Lab say they monitored the activities of the cyber spy ring for eight months. During that time, researchers say they observed how the hacking operation, called the "Shadow Network," used popular Internet services such as Twitter, Google Groups and Yahoo Mail to break into computers and take information from Indian diplomatic offices in Moscow, Kabul, Abuja and Dubai.
The report says that the data stolen from computers in India included documents marked "secret" and "confidential." The data included information about missile systems, China-India relations as well as business, personal and financial information.
Confidential visa applications from citizens of more than a dozen countries were also among the documents stolen.
Researchers say they also recovered 1,500 e-mails sent from the Dalai Lama's office between January and November of last year.
According to the report, computers were compromised in every continent across the globe, except for Australia and Antartica.
Ronald Deibert, a member of the Tornoto team says that what Citizens Lab uncovered was only the result of partial observations of the "shadow network's operations". "Although India comes out looking obviously, quite compromised, quite bad here, the network itself could have compromised many, many other victims. We only had a little slice of what we were able to observe," he said.
Nart Villeneuve, another member of the team says that while the report traces the source of the attacks to computer servers in the central city of Chengdu, China, there was no hard evidence linking the attacks to the Chinese government.
"In fact, we've actually had very healthy cooperation with the Chinese CERT, the Computer Emergency Response Team, who are actively working to understand what we've uncovered. And have indicated, that they will work to deal with this BOTNET they way they deal with any other BOTNET to investigate it and shut it down," he said.
He says that the cooperation of China's CERT has been a very encouraging development.
The report notes, however, that an important question on the road ahead is whether or not the Chinese government takes action to shut the network down.
Villeneuve adds that finding out who was ultimately behind the attacks is not easy. He notes that targets of China's hacking community are wide and varied as is the makeup and factions within the Chinese government and its military. "I don't doubt that some of the sensitive information that was aquired, might eventually find its way to elements within the Chinese government that might find it useful. But I don't think there is any direct connection between the attackers and the government. At least at this time," he said.
He adds that the reasearch highlights a growing problem of abuse of computer infrastructure in China and the increasingly blurred lines between cyber crime and cyber espionage. "There is growing evidence that a lot of cyber criminal groups that used to operate in Russia and the Ukraine have moved a lot of their infrastructure to servers in China," he said.
Deibert says that as country's around the globe - the United States included - rush to militarize cyber space and adopt offensive military attack capabilities it is creating a new market for cyber criminals that needs to be addressed. "It's that climate, I think, that creates opportunities for cyber crime to find a market for political espionage," he said.
There was no immediate comment from India's government on the report, but China's Foreign Ministry responded by questioning the motives of those releasing the report.
Foreign Mininistry spokeswoman Jiang Yu was quoted by state media in China as noting that hacking is an international issue that should be dealt with by joint efforts from around the globe.