Report Alleges Vast Cyber Crime Syndicate in China
Researchers detail the efforts of the Shadow network, a sophisticated group of hackers working out of China who have managed to snag troves of sensitive information through a far-ranging cyber espionage operation.
A sophisticated network of hackers operating out of China has launched cyber attacks against the computer systems of the office of the Dalai Lama, the United Nations, the Indian government and other nations, according to a new report released this week.
Security researchers at the Information Warfare Monitor and the Shadowserver Foundation said they recovered a large quantity of sensitive documents in their investigation, including classified materials filched from India's national security agencies and what appeared to be encrypted diplomatic correspondence.
While they did not find any direct connection with the Chinese government, the authors of the report said that they determined that the core servers operated by the hackerswhich they dubbed the "Shadow network"were located in China.
They said that they identified two individuals associated with the Shadow network living in Chengdu, a city in southwest China.
The groups' report comes just two weeks after Google (NASDAQ: GOOG) moved its Internet operations off of the mainland to Hong Kong, a move that came in response to the government's Web filtering requirements and a wave of cyber attacks last year that the company said emanated from China.
Chinese government officials have responded with a series of pointed comments at Google defending their right to regulate the Internet under law and dismissing the allegations of the cyber attacks.
The official response to the report on the Shadow network was similar.
"Some reports have, from time to time, been heard of insinuating or criticizing the Chinese government...I have no idea what evidence they have or what motives lie behind," Jiang Yu, a spokeswoman for the Chinese Foreign Ministry, said at a media briefing. "Hacking is an international issue and should be dealt with by joint efforts from around the world."
The authors of the report called for an international summit to develop a code of conduct for cyberspace and improve coordination among governments in sharing information about threats and attacks.
The investigation into the Shadow network uncovered an intricate array of cloud-based and social media services the hackers used to carry out their espionage operations. Using free Web services like Google Groups, Twitter and Yahoo Mail, the hackers were able to direct compromised computers to free Web hosting services they controlled, and eventually moved them to a network of command-and-control servers in China.
The Information Warfare Monitor is a consulting coalition affiliated with the University of Toronto that focuses on cybersecurity research in at-risk countries. The Shadowserver Foundation is a group of volunteer security experts who monitor for malware, botnets and other threats.