A group of researchers has linked a huge, China-based cyber espionage ring to the theft of thousands of documents — including classified information, visa applications, and personal identities — from “politically sensitive targets” around the world.
The command-and-control infrastructure of this so-called Shadow Network used platforms such as Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo Mail to maintain persistent control of infected computers. They also used Tor, a system designed to grant online anonymity to political protesters, crime victims, journalists and others. The network then attacked targets ranging from the Offices of the Dalai Lama to the United Nations as well as officials of the Indian and Pakistani governments. Not all the attacked organizations can be positively identified, but researchers are confident that India was the primary target.
This graphic shows the relationship of social sites (red), web domains (blue) and servers (green) in the hackers’ network:
Of the documents the researchers were able to recover, one was “encrypted diplomatic correspondence,” two were marked “SECRET,” six were “RESTRICTED” and five were designated “CONFIDENTIAL.” They also discovered the hackers had gotten access to a year’s worth of the Dalai Lama’s personal email. According to the researchers’ report, “The profile of documents recovered suggests that the attackers targeted specific systems and profiles of users.” And, as one member of the team told the New York Times, “I’ve not seen anything remotely close to the depth and the sensitivity of the documents that we’ve recovered.”
The Shadow Network is not linked to earlier attacks uncovered this year by Google and also based in China, nor is it related to GhostNet, a network identified by the same researchers as having targeted the community of Tibetan exiles.
However, this new network is linked to two individuals and a core of stable servers in Chengdu, People’s Republic of China. Chinese officials have repeatedly denied any government connection to these cyber espionage activities.
SHADOWS IN THE CLOUD: Investigating Cyber Espionage 2.0
Image courtesy of iStockphoto, bunhill
For more technology coverage, follow Mashable Tech on Twitter or become a fan on Facebook
Reviews: Facebook, Google Groups, Twitter, iStockphoto
Tags: china, cyber crime, hacker
