Tuesday, April 6, 2010


Tenzin Lekshay

An investigative report titled 'Shadows in the Cloud: Investigating Cyber Espionage 2 was released today jointly by Canadian based Information Warfare Monitor and Shadowserver Foundation. This 58 pages report categorically mentioned Chinese intrusions into the systems of Office of His Holiness the Dalai Lama, Tibetan Government in Exile, Tibetan organizations and support groups worldwide.

The report is available in http://bit.ly/aE1EHM

Here are summary of main findings of the report.

Complex cyber espionage network - Documented evidence of a cyber espionage network that compromised government, business, and academic computer systems in India, the Office of the Dalai Lama, and the United Nations. Numerous other institutions, including the Embassy of Pakistan in the United States, were also compromised. Some of these institutions can be positively identified, while others cannot.

Theft of classified and sensitive documents - Recovery and analysis of exfiltrated data, including one document that appears to be encrypted diplomatic correspondence, two documents marked “SECRET”, six as “RESTRICTED”, and five as “CONFIDENTIAL”. These documents are identified as belonging to the Indian government. However, we do not have direct evidence that they were stolen from Indian government computers and they may have been compromised as a result of being copied onto personal computers. The recovered documents also include 1,500 letters sent from the Dalai Lama’s office between January and November 2009. The profile of documents recovered suggests that the attackers targeted specific systems and profiles of users.

Evidence of collateral compromise - A portion of the recovered data included visa applications submitted to Indian diplomatic missions in Afghanistan. This data was voluntarily provided to the Indian missions by nationals of 13 countries as part of the regular visa application process. In a context like Afghanistan, this finding points to the complex nature of the information security challenge where risks to individuals (or operational security) can occur as a result of a data compromise on secure systems operated by trusted partners.

Command-and-control infrastructure that leverages cloud-based social media services - Documentation of a complex and tiered command and control infrastructure, designed to maintain persistence. The infrastructure made use of freely available social media systems that include Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo! Mail. This top layer directed compromised computers to accounts on free web hosting services, and as the free hosting servers were disabled, to a stable core of command and control servers located in the PRC.

Links to Chinese hacking community - Evidence of links between the Shadow network and two individuals living in Chengdu, PRC to the underground hacking community in the PRC.

At present, China has 384 million internet users under the watchful eyes of cyber police. Tens of thousands of Internet police, undercover and volunteer security guards were installed to monitor the internet after the cyber revolution hit China. In 2007, BBC reported that virtual officers were sent to patrol the internet and even the internet users can report illegal activities on the Beijing's Municipal Security Bureau's Internet Surveillance Centre. These cyber police not only act as patroling unit but also as a monitoring agent to intrude inside the personal informations of internet users.

During the 19th penal session of the 9th Standing Committe of the National People's Congress (NPC) of People's Republic of China (PRC) in 28 December 2000, decisions on Internet security was adopted whereby the Article 1 clearly mentioned invading computer information system, producing and spreading viruses, and interrupting normal network operation shall be considered as commiting crimes. But the Chinese government themselves are vigorously and secretly engaged in state cyber crimes by intruding into the systems of pro democratic activists and other vurnerable elements, and thus imprisoned them regularly.

In March 2010, Reporters Without Borders issued its latest list of Enemies of the Internet. China remains on the top with 72 of cyber dessidents including Tibetans languishing in prisons who were mostly charged with "divulging state secrets abroad."

In February 2010, with the mounting international pressures, China's Hubei Police seized the country's biggest hacker training website 'The Black Hawk Safety Net', established in 2005 and headquartered in Xuchang of the central Henan Province, which had more than 12,000 VIP members. Many more are still working undercovered within the paradigms of PRC which are literally protected and synchronized under the command of Chinese Communist leaders.

Over the years, China is notorously accused of hacking many governmental websites of countries around the globe which China still denies. Websites of prominent institutions, multinational companies and organizations are also not spared by the Chinese hackers.

Google's attempt of withdrawal from China in the recent past was not only about the issues of censorship within the terms of Chinese Communist Government in filtering Dalai Lama, Falun Gong and Tiananmen Square massacre, but more so with the infilteration of Chinese hackers into the Google network. The case of Tenzin Seldon's google mailing services in January 2010 was a clear example of Chinese high handedness of third party intrusion.

This current report of highlighting Chinese Cyber espionage is widely circulated and India significantly became a victim of Chinese menace, which was pressumebly targeted at India's defence shield.

Soon after the report came out, Prof. Brahma Chellaney instantly made his classic remark by saying, "While the Indian government sleeps, foreigners uncover China-based cyber spy ring that has stealing classified and restricted documents from the highest levels of the Indian Defense Ministry."

Strangely as usual, Chinese Foreign Ministry spokeswomen Jiang Yu denied the accusation by refering to the Report as "I don't know what evidence these people have, or what their motives are". She added that "Our policy is very clear. We resolutely oppose all internet crime, including hacking."


1) Shadows in the Cloud: Investigating Cyber Espionage 2, by Information Warfare Monitor and Shadowserver Foundation, 06 April 2010

2) The Current Situation of Cybercrimes in China by Zhang Jianwen

Lecturer National Prosecutors College, Beijing, China, November - December 2006

No comments:

Post a Comment