China-based Cyber Espionage Ring Involved in Data Theft Exposed[Tuesday, 6 April 2010, 5:47 p.m.]
![]() |
| From left, Nart Villeneuve, Greg Walton and Ronald J. Deibert, researchers who monitored a China-based computer spying ring/Photo: Fred Lum/The Globe and Mail |
Dharamshala: A group of hackers operating in China’s Sichuan Province have been found intruding into computer network systems in India, the Offices of His Holiness the Dalai Lama, the United Nations and several other nations, Canadian and US computer security researchers said in a report issued Monday. The eight-month research project was a collaborative effort between Deibert’s Citizen Lab, the SecDev Group, an Ottawa-based private consultancy firm and the US Shadow Server Foundation.The Report titled “Shadows in the cloud: Investigating Cyber Espionage 2.0” contains an analysis of data which were stolen from politically sensitive targets and recovered during the course of the investigation. These include documents from agencies of the Indian national security establishments and 1,500 letters sent from the Dalai Lama’s office between January and November 2009.The office of His Holiness the Dalai Lama was aware of new hacking report. “These things are not new,” said Tenzin Taklha, a spokesman for the office of the Dalai Lama told The Associated Press. He said the office is working closely with the researchers to secure its computer systems.The report analyses the malware ecosystem employed by the Shadows’ attackers, which leveraged multiple redundant cloud computing systems, social networking platforms, and free web hosting services in order to maintain persistent control while operating servers located in the People’s Republic of China (PRC). “Although the identity and motivation of the attackers remain unknown, the report is able to determine location (Chengdu, PRC) as well as some of the associations of the attackers through circumstantial evidence,” the report noted.The researchers said it has found “evidence of links between the shadow network and two individuals living in Chengdu, PRC to the underground hacking community in the PRC”.The investigation employed a fusion methodology, combining technical investigation techniques, data analysis, and field research, to track and uncover the Shadow cyber espionage network. “We have no evidence connecting them to the government of China at this point,” researcher Ronald Deibert told Toronto Star, noting they are probably part of the criminal underground in China that may have a potential connection to the Chinese government. “That, of course, is probably impossible to verify.”When asked about the new report on Monday, a propaganda official in Sichuan’s capital, Chengdu, told The New York Times “it’s ridiculous” to suggest the Chinese government might have played a role.According to The New York Times, as recently as early March, the Indian communications minister, Sachin Pilot, told reporters that government networks had been attacked by China, but that “not one attempt has been successful.” But on 24 March, the Toronto researchers said, they contacted intelligence officials in India and told them of the spy ring they had been tracking. They requested and were given instructions on how to dispose of the classified and restricted documents.A Canadian research group involved in Tuesday’s report, the Information Warfare Monitor, released a similar report a year ago that said a cyberspy network, based mainly in China, hacked into classified documents from government and private organizations in 103 countries, including the computers of His Holiness the Dalai Lama and Tibetan exiles.





