Tuesday, April 06, 2010

China accused of hacking, again

Computer security researchers from Canada and the United States have identified a spy operation in China which has systematically hacked into personal computers in government offices across several continents. The researchers, based at the Munk School of Global Affairs at the University of Toronto, have provided detailed accounts of how the spy operation it calls the Shadow Network worked. In addition they reveal the extent of information gleaned which may may have far reaching implications.

According to reports, the hackers managed to obtain classified assessments about security in several Indian states, confidential embassy documents about India's relationships in West Africa, Russia and the Middle East, and reports on several Indian missile systems. The intruders also managed to obtain documents related to the travel of NATO forces in Afghanistan. Even the Dalai Lama's personal e-mail messages stretching back at least 12 months had been stolen according to the researchers.

While the researchers involved in uncovering the spying operation conceded that it was possible to mask the true origins of such attacks, the sophistication of the intruders and the targets of the operation have led to the conclusion that the attacks were probably approved by the Chinese government. "This would definitely rank in the sophisticated range," said Steven Adair, a security research with the group. "While we don't know exactly who's behind it, we know they selected their targets with great care."

"But an important question to be entertained is whether the P.R.C. will take action to shut the Shadow Network down," the report says, referring to the People's Republic of China. "Doing so will help to address longstanding concerns that malware ecosystems are actively cultivated, or at the very least tolerated, by governments like the P.R.C. who stand to benefit from their exploits though the black and gray markets for information and data."

The report concludes that Shadow was controlled from China and attributes responsibility for the network to "one or more individuals with strong connections to the Chinese criminal underground." However, it did not rule out the possibility of a connection between these individuals and the Chinese government. "Given the often murky relationships that can exist between this underground and elements of the state, the information collected by the Shadow network may end up in the possession of some entity of the Chinese government," the report said [NYT / nartv.org / ComputerWorld]. It is not the only report to point a finger at China as being the source of cyberattacks. Symantec has also released a report [PDF] which says China is responsible for distributing more malware than any other country. However in terms of that distributed by email, the US topped the list [CNET].

Last week the Foreign Correspondents' Club of China (FCCC) said there had been at least eight cases of Yahoo e-mail hacks in recent weeks. Yahoo e-mail accounts belonging to foreign journalists based in China and Taiwan were said to have been targeted, though it is not known if any information was gathered through the attacks. Clifford Coonan, a reporter for the Irish Times, told the AFP news agency that he had an error message when he logged into his Yahoo account. "I don't know who's doing it, what happened. They (Yahoo) haven't given any information, but it seems to be happening to journalists and academics in China, so that's why it's a little suspicious," he said. In January this year Google said it and several other companies had been the target of cyberattacks originating in China. That and other issues prompted the search giant to close its China based search engine, Google.cn, and redirect all traffic to its Hong Kong based server which is not subject to the same strict censorship regulations as those on the mainland [BBC].

tvnewswatch, Beijing, China

No comments: