Feeds

Spies caught plundering secret Indian docs

Shadow Network busted

Internet Security Threat Report 2014

An espionage gang that infiltrated Indian government computer networks across the globe has been pilfering highly classified documents related to missile systems, national security assessments and the United Nations, according to researchers who tracked the intruders for eight months.

The gang, dubbed the Shadow Network, was monitored by researchers from the Munk School of Global Affairs at the University of Toronto and the SecDev Group. With assistance from colleagues at the Shadowserver Foundation, the white hat hackers watched the spies as they systematically compromised computers in government offices on multiple continents.

Shadow Network members also infiltrated the systems of Indian embassies in Kabul, Moscow and Dubai, India's Military Engineer Services, and several private companies. Reports they grabbed were frequently stamped with "Secret," "Restricted," and "Confidential" notices. The plundered documents also included a year's worth of personal email from the Dalai Lama.

The researchers are the same ones who last year discovered another stealthy spy ring dubbed Ghostnet. That group also stole documents from the Dalai Lama and from governments and corporations in more than 103 countries.

It was while following Ghostnet that the researchers stumbled onto the Shadow Network, which is believed to be a separate operation. By gaining access to the control servers Shadow Network spies used, the researchers were able to observe the theft of vast amounts of Indian government documents.

To conceal their tracks and to build redundancy into their operation, the spies configured their control servers to work with a wide range of free internet services, including Twitter, Google Groups, Baidu Blogs, and Yahoo Mail. The free services allowed the attackers to maintain control of compromised computers even if they lost contact with the command and control servers, the researchers said.

Following a trail of digital breadcrumbs, the researchers traced the attackers to China's Sichuan Province, though they noted it's hard to say conclusively that's where the individuals were located. Chinese government officials strongly denied the government was behind the attacks.

Members of the Shadowserver Foundation said they have already reported Shadow Network operations to China's National Computer Network Emergency Response Technical Team and called on the Chinese government to shutter the spy network.

The researchers' report, titled Shadows in the Cloud: An investigation Into Cyberespionage 2.0, is available here and there are additional details from The New York Times here. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.