Feeds

Spies caught plundering secret Indian docs

Shadow Network busted

Security for virtualized datacentres

An espionage gang that infiltrated Indian government computer networks across the globe has been pilfering highly classified documents related to missile systems, national security assessments and the United Nations, according to researchers who tracked the intruders for eight months.

The gang, dubbed the Shadow Network, was monitored by researchers from the Munk School of Global Affairs at the University of Toronto and the SecDev Group. With assistance from colleagues at the Shadowserver Foundation, the white hat hackers watched the spies as they systematically compromised computers in government offices on multiple continents.

Shadow Network members also infiltrated the systems of Indian embassies in Kabul, Moscow and Dubai, India's Military Engineer Services, and several private companies. Reports they grabbed were frequently stamped with "Secret," "Restricted," and "Confidential" notices. The plundered documents also included a year's worth of personal email from the Dalai Lama.

The researchers are the same ones who last year discovered another stealthy spy ring dubbed Ghostnet. That group also stole documents from the Dalai Lama and from governments and corporations in more than 103 countries.

It was while following Ghostnet that the researchers stumbled onto the Shadow Network, which is believed to be a separate operation. By gaining access to the control servers Shadow Network spies used, the researchers were able to observe the theft of vast amounts of Indian government documents.

To conceal their tracks and to build redundancy into their operation, the spies configured their control servers to work with a wide range of free internet services, including Twitter, Google Groups, Baidu Blogs, and Yahoo Mail. The free services allowed the attackers to maintain control of compromised computers even if they lost contact with the command and control servers, the researchers said.

Following a trail of digital breadcrumbs, the researchers traced the attackers to China's Sichuan Province, though they noted it's hard to say conclusively that's where the individuals were located. Chinese government officials strongly denied the government was behind the attacks.

Members of the Shadowserver Foundation said they have already reported Shadow Network operations to China's National Computer Network Emergency Response Technical Team and called on the Chinese government to shutter the spy network.

The researchers' report, titled Shadows in the Cloud: An investigation Into Cyberespionage 2.0, is available here and there are additional details from The New York Times here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.