Views: 4939|Replies: 16

Researchers Track Cyber-espionage Ring to China [Copy link] 中文

Rank: 4

Post time 2010-4-6 18:02:01 |Display all floors
Researchers in the U.S. and Canada have tracked and documented a sophisticated cyber-espionage network based in China, dubbed Shadow, that targeted computers in several countries, including systems belonging to the Indian government and military.

The Shadow network of compromised computers was detailed in a report released Tuesday by the Information Warfare Monitor -- a project involving researchers at the University of Toronto's Munk Center for International Studies and The SecDev Group - and the Shadowserver Foundation. Information Warfare Monitor is the group that uncovered and documented GhostNet, a similar cyber-espionage ring, last year.

The release of the latest report, which details the scope of the Shadow network and discusses some of the Indian government documents that were stolen, was first covered by The New York Times.

"We were able to document another network of compromised government, business, and academic computer systems in India, the Office of the DL, and the United Nations as well as numerous other institutions, including the Embassy of Pakistan in the United States," wrote Nart Villeneuve, the SecDev's chief research officer and a research fellow at the Citizen Lab at the University of Toronto's Munk Center for International Studies, in a b log post.

Shadow is the latest example of cyber-espionage efforts linked to China, including attacks on Google's Gmail system that ultimately led the company to close the censored search engine it built for China. Like other such networks, like GhostNet, targeted malware is believed to have allowed the attackers to compromise specific computer systems.

The cyber-espionage ring behind the Shadow network, which was traced to Chengdu, in China's S ichuan province, used social media and blogs to control computers they had compromised using malware.

"In total, we found three Twitter accounts, five Yahoo Mail accounts, 12 Google Groups, eight B logspot b logs, nine Baidu b logs, one Google Sites and 16 b logs on b that were being used as part of the attacker's infrastructure," the report said, noting that these services were being misused and were not compromised.

These services helped the attackers to circumvent efforts that might otherwise have blocked their access to compromised systems.

"The use of social networking platforms, b logs and other services offered by trusted companies allows the attackers to maintain control of compromised computers even if direct connections to the command and control servers are blocked at the firewall level," it said.

The primary focus of the attackers appears to be the Indian government.

The "vast majority" of the 44 compromised computers identified by the researchers are either in India or belong to Indian government and m ilitary organizations, the report said, citing an analysis of stolen documents recovered from the Shadow network.

"Having reported this incident to the China C E R T  - which handles s ecurity incidents in China   - I look forward to working with them to shut down this malware network," Villeneuve said, referring to China's National Computer Network Emergency Response Technical Team ( C N C E R T  ).

C N C E R T    did not respond to a request for comment about the Shadow network.

"During our investigation, we recovered documents that are extremely sensitive from a national s ecurity perspective as well as documents that contain sensitive information that could be exploited by an adversary for intelligence purposes," the report said.

Several documents recovered were labeled "s ecret," "r estricted" or "c onfidential" and originated from India's National S ecurity Council Secretariat and Indian embassies abroad.

In addition, the Shadow network targeted Indian academics and journalists with a "keen interest" in China, the report said, citing the recovery of stolen documents discussing Chinese military exports, Chinese policy on T eiwan and Sino-Indian relations, as well as other topics related to China.

The Shadow network also collected personal information on individuals belonging to Indian government and military organizations that could be used in future attacks, it said.

The report concludes that Shadow was controlled from China and attributes responsibility for the network to "one or more individuals with strong connections to the Chinese criminal underground." However, it didn't rule out the possibility of a connection between these individuals and the Chinese government.

"Given the often murky relationships that can exist between this underground and elements of the state, the information collected by the Shadow network may end up in the possession of some entity of the Chinese government," it said.

(Owen Fletcher, in Beijing, contributed to this report.)

[ Last edited by rockmybaby at 2010-4-6 06:06 PM ]

Use magic tools Report

Rank: 8Rank: 8

Post time 2010-4-6 18:04:52 |Display all floors
Where's manoj when you need him :)
Good Gweilo: My job is the ideological quality control

Use magic tools Report

Rank: 4

Post time 2010-4-6 18:08:48 |Display all floors
here is the source, but it is anyways all over the net (spreads like wild fire)

h ttp://w ww.pcworld.c om/businesscenter/article/193522/researchers_track_cyberespionage_ring_to_china.h tml

Use magic tools Report

Rank: 4

Post time 2010-4-6 23:52:56 |Display all floors
India and China relations ?

Use magic tools Report

Rank: 8Rank: 8

Post time 2010-4-7 00:01:03 |Display all floors

C N C E R T was build for domestic use...

and it got out of hand just beyond anyone's power  

Use magic tools Report

Rank: 8Rank: 8

Post time 2010-4-7 00:02:17 |Display all floors
Is this called an evidence or just speculation from "virtual" world?

They should mentioned that the US still controls world's most DNS and virtually controls internet world.

It's like complaining about your neighbor's tiny dog pet when you raise a lion in your garden.

Use magic tools Report

Rank: 4

Post time 2010-4-7 00:04:00 |Display all floors
You can "baidu" it ...

it is all over the internet now.

Use magic tools Report

You can't reply post until you log in Log in | register

Contact us:Tel: (86)010-84883548, Email:
Blog announcement:| We reserve the right, and you authorize us, to use content, including words, photos and videos, which you provide to our blog
platform, for non-profit purposes on China Daily media, comprising newspaper, website, iPad and other social media accounts.