Print 26 comment(s) - last by dsx724.. on Apr 11 at 12:16 PM

Chinese hackers stole information from a variety of parties. While the attacks related to rivals or enemies of the government, the Chinese government claims not to have been involved and says its investigating the incident.  (Source: LIFE)

The attacks originated from the Southern China city of Chengdu.  (Source: CJ Report)
Report authors say Chinese government is cooperating to investigate the situation

Cybersecurity researchers at the University of Toronto's Munk School of Global Affairs claim to have discovered a massive campaign of cyberespionage carried out by members of China's underground hacking rings.  The campaign zeroed in on high profile targets in India, including Tibetan exiles and the Indian Defense Ministry.  

The attackers used attacks on social networking, blogging, and email services, such as Twitter, Google Groups, and Yahoo Mail to gain access to individual computers, forcing them to communicate with attack servers in China.  The authors of the study "Shadows in the Clouds" say that the underworld cybercriminals likely stole information to try to make a profit and may have passed information on to the Chinese government.

The information stolen from the Indian military includes secret assessments of the security situation in northeastern states bordering Tibet, Bangladesh and Myanmar, as well as insurgencies by Maoists.

On the surface, the Chinese government has pledged a thorough investigation in response to the incident.  Describes Nart Villeneuve at the University of Toronto, "We did not find any hard evidence that links these attacks to the Chinese government.  We've actually had very healthy co-operation with the Chinese computer emergency response team, who are actively working to understand what we've uncovered and have indicated they will work to deal with this ... It's been a very encouraging development."

A Chinese foreign ministry spokesperson stated, "[Chinese] policy is very clear. We resolutely oppose all internet crime, including hacking."

It seems more than mere coincidence, though, that the attacks targeted Tibet's government in exile and Dalai Lama, whom China views as enemies.  Last year the Tibetans were hit by a much larger attack, which the University of Toronto researchers dubbed "GhostNet".  Describes Munk School's Ron Diebert, "The social media clouds of cyberspace we rely upon today have a dark, hidden core, There is a vast subterranean ecosystem to cyberspace within which criminal and espionage networks thrive."

University of Toronto researchers say that most antivirus programs are currently ineffective in preventing attacks on social networks or email services, which were a major source of these compromises.  The researchers suggest stripping attachments from all external email and instead transferring files over a secure channel like SFTP.

The recent attacks affect the U.S. too as the attackers stole private data from visa-seekers to the Indian embassy in Afghanistan and the Indian and Pakistani embassies in the United States.

According to researchers, the IP's used in part of the attacks were traced to Chongqing, a large city in southwest China, while addresses in the nearby city of Chengdu were used to control Yahoo Mail accounts used in the attacks.  Graduates of the University of Electronic Science and Technology of China reportedly owned some of the servers used in the attacks and may have masterminded the entire scheme.

China has been rather friendly to India of late, trying to leverage the issue of global warming to align the south Asian nation against the U.S.  India and China are the world's most populous countries, each with over a billion people.  They also are fast becoming world superpowers in research and industry.  With that growth has come clashes, both between each other and between the world's current economic leader, the United States.  

China and India's relationship has been damaged by the Chinese occupation of Tibet, a small province that borders India.  India and the U.S. have also taken issue to China's censorship policies and with the fact that China does little to stop hackers from attacking foreigners, and in some cases its own citizens.  As many of these attacks target political or economic rivals of the government, there seems to be government involvement in some cases, even if there's no evidence to explicitly prove that the government is supporting the cyberintrusions.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: The Picture of the City
By ekv on 4/10/2010 2:34:35 AM , Rating: 2
Ok, thank you for your analysis of "Shadows in the Cloud." While I don't necessarily agree with your conclusions I appreciate the time you spent.

I do agree that network security is fundamental to network engineering, from programming to protocols to the physical layer itself. However, I believe there is a slight nuance tween network security and cyber-security. I would suggest that cyber-security takes human factors more into account. For example, political structures and initiatives. The PRC does have a formal information warfare strategy called 'Integrated Network Electronic Warfare' that consolidates the offensive mission for both computer network attack and EW under PLA General Staff Department's 4th Dept. (Electronic Countermeasures)"... (p.6, NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved Report_16Oct2009)

Upon reading and reflecting on your post a couple times, I keep asking myself 'what are you looking for?' Perhaps it is a cultural difference in regards to what constitutes factual evidence. For example, if Google says they were hacked and then they pull out of China, what does that say? Google in general is not stupid. So to me it says Google has sufficient evidence to suspect government involvement. Evidence to the point of losing billions of dollars. Now, since I'm not a network engineer I don't ask them to show me the ISP data. So who do I trust? Trust is a term I'm sure you're familiar with 8) I know who I trust and I even know why. Even though I don't trust Google in general, I trust them in this specific instance. What I'm really curious about is, are you ignoring this on purpose? Is this an anomalous data point? what evidence would convince you that indeed a hack took place that was sponsored by the PRC?

Keep in mind that ... "[A]ttribution of cyber penetrations and malicious cyber activity is difficult, and even quite sensitive, because if one describes how attribution is achieved, it tells the intruder how to modify its operations and make them more effective." (p.2, Larry M. Wortzel, China's Approach to Cyber Operations)

For instance, you're 3rd point mentions a thousand people being arrested, but I cannot find any news articles on this event. In general, at this point, I'd have to trust you on that fact, but you haven't provided evidence or a link, etc. Do you see what I'm driving at?

RE: The Picture of the City
By dsx724 on 4/11/2010 12:16:42 PM , Rating: 2

Google pulled out of China not because of external hack. There were internal IP theft issues. Chinese employees of Google were stealing codebase for all of Google products. Google didn't have much market share to lose but it did have a lot to lose in terms of IP and techniques. The only way to remedy this was to shut down all Chinese operations with regards to search. The hacking is just a justification to cover up what we all know about the disregard by Chinese people of IP. Money makes everything possible in China so any competitor can bribe said Google employees for a price to carry out a theft or open a vulnerability. Google deemed this risk or the number of occurrences too high to continue operations in China since government is providing no assistance to prosecute those responsible.

My problem with Shadow is that it is a political piece and not a technical piece. Although clearly there is no link to the government of China, it does a lot in the way of attributing the attacks to the government. I am not a supporter of the government but lay blame where it is due. You can't blame the US government for the actions of the KKK.

Most of these points come from contextual information that are too significant to ignore. Unlike Shadow in the Cloud, I have no political goal in looking at the data and the circumstances surrounding this. Cleverly crafted information lead to the Iraq War on an unfound basis. I would hate our foreign policy to be based on stupid reports like these.

"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki