Tweet
Hackers
Date: Tue. Apr. 6 2010 12:41 PM ET
Canadian and U.S. researchers say a group of China-based hackers have managed to pilfer sensitive computer data from an array of worldwide targets, including from the offices of the Dalai Lama and the United Nations.
The researchers from the University of Toronto, the Ottawa-based SecDev security group and the U.S.-based Shadowserver Foundation, say the hackers are based in the city of Chengdu, in the southwestern Chinese province of Sichuan.
Having recovered copies of stolen documents, the researchers say the hackers have managed to steal classified information in some cases, demonstrating their capability to reach into the computers of major governments and organizations.
In addition to stealing data held by the UN and the Office of the Dalai Lama, the attackers also infiltrated the cyber networks of the national security wing of the Indian government. Some of the data taken from the Indian government involved information that Canadian visa applicants had provided.
The hackers used many routine online programs and websites, including e-mail programs and Twitter, to gain the information they were seeking. By developing a network that leveraged social networking websites, webmail providers and other online services, the researchers say the attackers issued commands through these portals to compromised machines to steal the data they were interested in.
Ronald Deibert, of the Munk Centre of International Studies at the University of Toronto, said computer users in developing countries -- citing both the Office of the Dalai Lama and Indian government as examples -- may be put at increasing risk of espionage as more and more users make use of new online products and technologies.
"There has been, I think, a rush to embrace new information and communication technologies around the world -- especially in developing countries -- without corresponding attention to security," Deibert said at a news conference on Tuesday morning.
Deibert said many governments and organizations have not fully considered the "risks and vulnerabilities of this radical transparency and radical network environment" that exists today.
As a result, many governments and organizations in the developing world "find themselves in a challenging situation to deal with the new security vulnerabilities as they arrive."
Using some of the fingerprints the hackers left on the web, the U.S. and Canadian researchers were able to pinpoint the origin of the attacks to a location in Chengu. But they are not sure to what degree -- if any -- the Chinese government approves of such activities taking place within their country.
"The relationship between the Chinese state and the hacker community is very unclear," Nart Villeneuve, the lead technical investigator on the project, said at the same news conference where Deibert was speaking.
Pointing to the fact that the group "did not find any hard evidence" linking Beijing to the attacks being studied, Villenueve said it is still possible that the Chinese government could be interested in obtaining the information retrieved through the attacks.
"I don't doubt that some of the sensitive information that was acquired, might find its way to elements within the Chinese government that may find it useful, but I don't think there is any direct connection between the attackers and the government, at least at this time," he said.
China has been identified in separate reports as the country where attacks on Google and other countries have also originated.
In Beijing, the Chinese government remains defensive about such allegations.
"We have from time to time heard this kind of news. I don't know the purpose of stirring up these issues," said Foreign Ministry spokeswoman Jiang Yu.
"We are firmly opposed to various kinds of hacking activities through the Internet."
The Canadian and U.S. researchers detail their findings in a new report entitled: "Shadows in the Cloud: Investigating Cyber Espionage 2.0." It was released Tuesday, when it was released online and covered in various media reports, including mention in the New York Times and Toronto Star.
Deibert suggests the report should be a wake-up call to governments that are too complacent about their risks in the current online world.
It's the same story in Canada, which Deibert told the press conference is a country that is also at risk.
"For it's part, the Canadian government has neither a domestic cybersecurity strategy or a foreign policy for cyberspace," Deibert said.
"The Shadow report should offer a wake-up call that rectifies this situation, or we may find that we are the next victim of the Shadows and GhostNets of cyberspace," he said, alluding to the names of two major hacker networks his group has researched.
With files from The Canadian Press and The Associated Press
Date: Tue. Apr. 6 2010 12:41 PM ET
Canadian and U.S. researchers say a group of China-based hackers have managed to pilfer sensitive computer data from an array of worldwide targets, including from the offices of the Dalai Lama and the United Nations.
The researchers from the University of Toronto, the Ottawa-based SecDev security group and the U.S.-based Shadowserver Foundation, say the hackers are based in the city of Chengdu, in the southwestern Chinese province of Sichuan.
Having recovered copies of stolen documents, the researchers say the hackers have managed to steal classified information in some cases, demonstrating their capability to reach into the computers of major governments and organizations.
In addition to stealing data held by the UN and the Office of the Dalai Lama, the attackers also infiltrated the cyber networks of the national security wing of the Indian government. Some of the data taken from the Indian government involved information that Canadian visa applicants had provided.
The hackers used many routine online programs and websites, including e-mail programs and Twitter, to gain the information they were seeking. By developing a network that leveraged social networking websites, webmail providers and other online services, the researchers say the attackers issued commands through these portals to compromised machines to steal the data they were interested in.
Ronald Deibert, of the Munk Centre of International Studies at the University of Toronto, said computer users in developing countries -- citing both the Office of the Dalai Lama and Indian government as examples -- may be put at increasing risk of espionage as more and more users make use of new online products and technologies.
"There has been, I think, a rush to embrace new information and communication technologies around the world -- especially in developing countries -- without corresponding attention to security," Deibert said at a news conference on Tuesday morning.
Deibert said many governments and organizations have not fully considered the "risks and vulnerabilities of this radical transparency and radical network environment" that exists today.
As a result, many governments and organizations in the developing world "find themselves in a challenging situation to deal with the new security vulnerabilities as they arrive."
Using some of the fingerprints the hackers left on the web, the U.S. and Canadian researchers were able to pinpoint the origin of the attacks to a location in Chengu. But they are not sure to what degree -- if any -- the Chinese government approves of such activities taking place within their country.
"The relationship between the Chinese state and the hacker community is very unclear," Nart Villeneuve, the lead technical investigator on the project, said at the same news conference where Deibert was speaking.
Pointing to the fact that the group "did not find any hard evidence" linking Beijing to the attacks being studied, Villenueve said it is still possible that the Chinese government could be interested in obtaining the information retrieved through the attacks.
"I don't doubt that some of the sensitive information that was acquired, might find its way to elements within the Chinese government that may find it useful, but I don't think there is any direct connection between the attackers and the government, at least at this time," he said.
China has been identified in separate reports as the country where attacks on Google and other countries have also originated.
In Beijing, the Chinese government remains defensive about such allegations.
"We have from time to time heard this kind of news. I don't know the purpose of stirring up these issues," said Foreign Ministry spokeswoman Jiang Yu.
"We are firmly opposed to various kinds of hacking activities through the Internet."
The Canadian and U.S. researchers detail their findings in a new report entitled: "Shadows in the Cloud: Investigating Cyber Espionage 2.0." It was released Tuesday, when it was released online and covered in various media reports, including mention in the New York Times and Toronto Star.
Deibert suggests the report should be a wake-up call to governments that are too complacent about their risks in the current online world.
It's the same story in Canada, which Deibert told the press conference is a country that is also at risk.
"For it's part, the Canadian government has neither a domestic cybersecurity strategy or a foreign policy for cyberspace," Deibert said.
"The Shadow report should offer a wake-up call that rectifies this situation, or we may find that we are the next victim of the Shadows and GhostNets of cyberspace," he said, alluding to the names of two major hacker networks his group has researched.
With files from The Canadian Press and The Associated Press