Shadow Network
   HOME

TheInfoList



OR:

The Shadow Network is a China-based computer espionage operation that stole classified documents and emails from the Indian government, the office of the Dalai Lama, and other high-level government networks. This incident is the second cyber espionage operation of this sort by China, discovered by researchers at the
Information Warfare Monitor The Information Warfare Monitor (IWM) was an advanced research activity tracking the emergence of cyberspace as a strategic domain. Created in 2003, it closed in January 2012. It was a public-private venture between two Canadian institutions: The ...
, following the discovery of
GhostNet GhostNet () is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an advanced persistent threat, or a network actor that spies ...
in March 2009. The Shadow Network report "Shadows in the Cloud: Investigating Cyber Espionage 2.0" was released on 6 April 2010, approximately one year after the publication of "Tracking GhostNet." The cyber spying network made use of Internet services, such as
social networking A social network is a social structure made up of a set of social actors (such as individuals or organizations), sets of dyadic ties, and other social interactions between actors. The social network perspective provides a set of methods for an ...
and cloud computing platforms. The services included Twitter, Google Groups, Baidu,
Yahoo Mail Yahoo! Mail is an email service launched on October 8, 1997, by the American company Yahoo, Inc. The service is free for personal use, with an optional monthly fee for additional features. Business email was previously available with the Yahoo! ...
, Blogspot, and blog.com, which were used to host
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
and infect computers with malicious software.


Discovery

The Shadow Net report was released following an 8-month collaborative investigation between researchers from the Canada-based Information Warfare Monitor and the United States
Shadowserver Shadowserver Foundation is a nonprofit security organization that gathers and analyzes data on malicious Internet activity (including malware, botnets, and computer fraud), sends daily network reports to subscribers, and works with law enforcemen ...
Foundation. The Shadow Network was discovered during the GhostNet investigation, and researchers said it was more sophisticated and difficult to detect. Following the publication of the GhostNet report, several of the listed command and control servers went offline; however, the cyber attacks on the Tibetan community did not cease. The researchers conducted field research in Dharamshala, India, and with the consent of the Tibetan organizations, they were able to monitor the networks in order to collect copies of the data from compromised computers and identify command and control servers used by the attackers. The field research done by the Information Warfare Monitor and the Shadowserver Foundation found that computer systems in the Office of His Holiness the Dalai Lama (OHHDL) had been compromised by multiple malware networks, one of which was the Shadow Network. Further research into the Shadow Network revealed that, while India and the Dalai Lama's offices were the primary focus of the attacks, the operation compromised computers on every continent except Australia and Antarctica. The research team recovered more than 1,500 e-mails from the Dalai Lama's Office along with a number of documents belonging to the Indian government. This included classified security assessments in several Indian states, reports on Indian missile systems, and documents related to India's relationships in the Middle East, Africa, and Russia. Documents were also stolen related to the movements of NATO forces in Afghanistan, and from the United Nations Economic and Social Commission for Asia and the Pacific (UNESCAP). The hackers were indiscriminate in what they took, which included sensitive information as well as financial and personal information.


Origin

The attackers were tracked through e-mail addresses to the Chinese city of
Chengdu Chengdu (, ; Simplified Chinese characters, simplified Chinese: 成都; pinyin: ''Chéngdū''; Sichuanese dialects, Sichuanese pronunciation: , Standard Chinese pronunciation: ), Chinese postal romanization, alternatively Romanization of Chi ...
in Sichuan province. There was suspicion, but no confirmation, that one of the hackers had a connection to the
University of Electronic Science and Technology The University of Electronic Science and Technology of China (UESTC) is a national public research university in Chengdu, Sichuan, China. It was founded in 1956 instructed by the Premier Zhou Enlai. UESTC was established on the basis of the incorp ...
in Chengdu. The account of another hacker was linked to a Chengdu resident who claimed to know little about the hacking.


References


External links


Shadowserver Foundation

Citizen Lab

The SecDev Group

Information Warfare Monitor
{{Hacking in the 2010s Cyberwarfare by China Spyware Cyberattacks Cyberwarfare Espionage projects Cybercrime in India