BEIJING/OTTAWA (Reuters) – A cyber-espionage group based in southwest China stole documents from the Indian Defence Ministry and emails from the Dalai Lama’s office, Canadian researchers said in a report yesterday.
The cyber-spies used popular online services, including Twitter, Google Groups and Yahoo Mail, to hack into computers, ultimately directing them to communicate with command and control servers in China.
The report, entitled “Shadows in the Clouds”, said the spy network was likely run by individuals with connections to the Chinese criminal underworld. Information might have been passed to branches of the Chinese government, it added.
“We did not find any hard evidence that links these attacks to the Chinese government,” said Nart Villeneuve, who, like the other authors of the report, is a researcher at the University of Toronto’s Munk School of Global Affairs.
“We’ve actually had very healthy co-operation with the Chinese computer emergency response team, who are actively working to understand what we’ve uncovered and have indicated they will work to deal with this … It’s been a very encouraging development,” Villeneuve told a Toronto news conference.
In Beijing, a Chinese Foreign Ministry spokeswoman said Chinese “policy is very clear. We resolutely oppose all Internet crime, including hacking.”
A year ago, the same researchers described a systematic cyber-infiltration of the Tibetan government-in-exile, which they dubbed GhostNet.
“The social media clouds of cyberspace we rely upon today have a dark, hidden core. There is a vast subterranean ecosystem to cyberspace within which criminal and espionage networks thrive,” said the Munk School’s Ron Diebert.
Attacks using online social networks to gain trust and access have garnered more attention since Google announced in January that it, along with more than 20 other companies, had suffered hacking attacks out of China. Google ultimately withdrew its Chinese-language search service from the mainland.
The data gathered by the researchers showed that security breaches at one group can result in the theft of confidential information from another organization, a factor that makes it hard to distinguish the ultimate origins of the cyber-spying.