A China-based network stole Indian military secrets, hacked the Dalai Lama’s office and computers around the world in an elaborate cyber espionage scheme, Canadian researchers said Tuesday.
Researchers at the University of Toronto’s Citizen Lab said they documented a “complex ecosystem of cyber-espionage that systematically compromised government, business, academic and other computer networks in India, the offices of the Dalai Lama, the UN and several other countries.”
Data stolen from dozens of hacked computers mostly in India contained sensitive information about missile systems and artillery designs and Sino-Indian relations, they said in a report titled Shadows in the Cloud.
Personal, financial and business information of citizens from 31 countries was accessed, including from Canadian visa applications.
“We recovered one document that appears to be an encrypted diplomatic correspondence, two documents classified as ‘SECRET,’ six as ‘RESTRICTED’ and five as ‘CONFIDENTIAL,’” the researchers said.
At a press conference, researcher Greg Walton said these were “very targeted and deliberate attacks.”
“They suggest to us a shift is occurring from criminal and industrial espionage in cyberspace to a possibility of political espionage, whether that is directed by government or not,” he said.
Walton explained the attacks “were specifically crafted to hit individuals, usually in positions of power.”
He said state spies, or criminal groups aiming to sell information to governments are likely involved. “We believe a market has emerged for this,” he said.
The researchers traced the attacks to southern China, “and to known entities within the criminal underground of the PRC [People’s Republic of China].”
At one point, they even tracked down and chatted online with an unidentified suspect.
China denied involvement in the attacks cited in the Citizen Lab report, which comes just weeks after Google effectively shut down its China search engine over censorship and cyber-attacks.
“Some reports have, from time to time, been heard of insinuating or criticizing the Chinese government ... I have no idea what evidence they have or what motives lie behind,” Chinese Foreign Ministry spokeswoman Jiang Yu (姜瑜) said.
The report highlighted what it said was “an obvious correlation to be drawn between the victims, the nature of the documents stolen, and the strategic interests of the Chinese state.”
Recovered files detailed India’s security situation in Assam, Manipur, Nagaland and Tripura states, India’s international relations with West Africa, Russia and the Middle East, and concerned Naxalite and Maoist “extremists.”
One file contained personal information on a member of India’s Directorate General of Military Intelligence. About 1,500 letters sent from the Dalai Lama’s office in 2009 were also recovered.
The researchers said the attacks would start with the opening of an attachment in an email seemingly sent by a familiar person, infecting computers.
The hackers would then misuse services such as Twitter, Google Groups, Blogspot and Yahoo Mail to send “new malicious binaries to compromised computers” ordering them to transfer documents to a “drop zone.”
The Canadian researchers traced the cyber-attacks to servers in Chengdu, China, but could not identify the culprits. Chengdu is home to the Chinese military’s technical reconnaissance bureaus tasked with signals intelligence collection.
Several infected computers were also found to be “checking in” with a server in nearby Chongqing, China, where organized crime groups reportedly operate online.
“We have no evidence in this report of the involvement of the People’s Republic of China or any other government in the Shadow network ... or that the attackers were directed in some manner — either by sub-contract or privateering — by agents of the Chinese state,” the report concluded.
“But an important question to be entertained is whether the PRC will take action to shut the Shadow network down,” the report said.
Tropical Storm Gaemi strengthened into a typhoon at 2pm yesterday, and could make landfall in Yilan County tomorrow, the Central Weather Administration (CWA) said yesterday. The agency was scheduled to issue a sea warning at 11:30pm yesterday, and could issue a land warning later today. Gaemi was moving north-northwest at 4kph, carrying maximum sustained winds near its center of up to 118.8kph and gusts of 154.8kph. The circumference is forecast to reach eastern Taiwan tomorrow morning, with the center making landfall in Yilan County later that night before departing from the north coast, CWA weather forecaster Kuan Shin-ping (官欣平) said yesterday. Uncertainty remains and
SEA WARNING LIKELY: The storm, named Gaemi, could become a moderate typhoon on Wednesday or Thursday, with the Taipei City Government preparing for flooding A tropical depression east of the Philippines developed into a tropical storm named Gaemi at 2pm yesterday, and was moving toward eastern Taiwan, the Central Weather Administration (CWA) said. Gaemi could begin to affect Taiwan proper on Tuesday, lasting until Friday, and could develop into a moderate typhoon on Wednesday or Thursday, it said. A sea warning for Gaemi could be issued as early as Tuesday morning, it added. Gaemi, the third tropical storm in the Pacific Ocean this typhoon season, is projected to begin moving northwest today, and be closest to Taiwan on Wednesday or Thursday, the agency said. Today, there would likely
DISRUPTIONS: The high-speed rail is to operate as normal, while several airlines either canceled flights or announced early departures or late arrivals Schools and offices in 15 cities and counties are to be closed today due to Typhoon Gaemi, local governments announced last night. The 15 are: Taipei, New Taipei City, Taoyuan, Tainan, Keelung, Hsinchu and Kaohsiung, as well as Yilan, Hualien, Hsinchu, Miaoli, Chiayi, Pingtung, Penghu and Lienchiang counties. People should brace for torrential rainfall brought by the storm, with its center forecast to make landfall on the east coast between tonight and tomorrow morning, the Central Weather Administration (CWA) said. The agency issued a sea warning for the typhoon at 11:30pm on Monday, followed by a land warning at 11:30am yesterday. As of
CASUALTY: A 70-year-old woman was killed by a falling tree in Kaohsiung as the premier warned all government agencies to remain on high alert for the next 24 hours Schools and offices nationwide are to be closed for a second day today as Typhoon Gaemi crosses over the nation, bringing torrential rain and whipping winds. Gaemi was forecast to make landfall late last night. From Tuesday night, its outer band brought substantial rainfall and strong winds to the nation. As of 6:15pm last night, the typhoon’s center was 20km southeast of Hualien County, Central Weather Administration (CWA) data showed. It was moving at 19kph and had a radius of 250km. As of 3pm yesterday, one woman had died, while 58 people were injured, the Central Emergency Operation Center said. The 70-year-old