Feeds

Spies caught plundering secret Indian docs

Shadow Network busted

Beginner's guide to SSL certificates

An espionage gang that infiltrated Indian government computer networks across the globe has been pilfering highly classified documents related to missile systems, national security assessments and the United Nations, according to researchers who tracked the intruders for eight months.

The gang, dubbed the Shadow Network, was monitored by researchers from the Munk School of Global Affairs at the University of Toronto and the SecDev Group. With assistance from colleagues at the Shadowserver Foundation, the white hat hackers watched the spies as they systematically compromised computers in government offices on multiple continents.

Shadow Network members also infiltrated the systems of Indian embassies in Kabul, Moscow and Dubai, India's Military Engineer Services, and several private companies. Reports they grabbed were frequently stamped with "Secret," "Restricted," and "Confidential" notices. The plundered documents also included a year's worth of personal email from the Dalai Lama.

The researchers are the same ones who last year discovered another stealthy spy ring dubbed Ghostnet. That group also stole documents from the Dalai Lama and from governments and corporations in more than 103 countries.

It was while following Ghostnet that the researchers stumbled onto the Shadow Network, which is believed to be a separate operation. By gaining access to the control servers Shadow Network spies used, the researchers were able to observe the theft of vast amounts of Indian government documents.

To conceal their tracks and to build redundancy into their operation, the spies configured their control servers to work with a wide range of free internet services, including Twitter, Google Groups, Baidu Blogs, and Yahoo Mail. The free services allowed the attackers to maintain control of compromised computers even if they lost contact with the command and control servers, the researchers said.

Following a trail of digital breadcrumbs, the researchers traced the attackers to China's Sichuan Province, though they noted it's hard to say conclusively that's where the individuals were located. Chinese government officials strongly denied the government was behind the attacks.

Members of the Shadowserver Foundation said they have already reported Shadow Network operations to China's National Computer Network Emergency Response Technical Team and called on the Chinese government to shutter the spy network.

The researchers' report, titled Shadows in the Cloud: An investigation Into Cyberespionage 2.0, is available here and there are additional details from The New York Times here. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.