"The Shadow Network": China-Based Hackers Targeted Governments, Corporations, and the United Nations

"The attacks look like the work of a criminal gang based in Sichuan Province, but as with all cyberattacks, it is easy to mask the true origin, the researchers said. Given the sophistication of the intruders and the targets of the operation, the researchers said, it is possible that the Chinese government approved of the spying....[T]he researchers observed the theft of a wide range of material, including classified documents from the Indian government and reports taken from Indian military analysts and corporations, as well as documents from agencies of the United Nations and other governments. "---New York Times (4-5-10)

Cyber criminals are becoming increasingly dangerous. For example, last November, a server used by the the Climate Research Unit (CRU) of East Anglia was allegedly hacked by criminals. So far, British authorities have not unmasked the culprits.

Today, the New York Times (4-5-10) has published an interesting article detailing how some Canadian and American computer experts uncovered a China-based cyber-espionage ring that "used an elaborate malware network that was based on social networking platforms, including Google groups, Blogspot, Twitter accounts and free web hosting services."

The New York Times (4-5-10) reports:

In a report [See "Shadows in the Cloud: Investigating Cyber Espionage 2.0"] issued Monday night, the researchers, based at the Munk School of Global Affairs at the University of Toronto, provide a detailed account of how a spy operation it called the Shadow Network systematically hacked into personal computers in government offices on several continents...

The new report shows that the India-focused spy ring made extensive use of Internet services like Twitter, Google Groups, Blogspot, blog.com, Baidu Blogs and Yahoo! Mail to automate the control of computers once they had been infected.

The Canadian researchers cooperated in their investigation with a volunteer group of security experts in the United States at the Shadowserver Foundation, which focuses on Internet criminal activity.

“This would definitely rank in the sophisticated range,” said Steven Adair, a security research with the group. “While we don’t know exactly who’s behind it, we know they selected their targets with great care.”

By gaining access to the control servers used by the second cyber gang, the researchers observed the theft of a wide range of material, including classified documents from the Indian government and reports taken from Indian military analysts and corporations, as well as documents from agencies of the United Nations and other governments.