HOME

TheInfoList



Click Here for Items Related To - Shadow Network
OR:
Shadow Network on:   [Wikipedia]   [Google]   [Amazon]

The Shadow Network is a China-based computer espionage operation that stole classified documents and emails from the
Indian government The Government of India (ISO: Bhārata Sarakāra, legally the Union Government or Union of India or the Central Government) is the national authority of the Republic of India, located in South Asia, consisting of 36 states and union territor ...
, the office of the
Dalai Lama The Dalai Lama (, ; ) is the head of the Gelug school of Tibetan Buddhism. The term is part of the full title "Holiness Knowing Everything Vajradhara Dalai Lama" (圣 识一切 瓦齐尔达喇 达赖 喇嘛) given by Altan Khan, the first Shu ...
, and other high-level government networks. This incident is the second cyber espionage operation of this sort by China, discovered by researchers at the
Information Warfare Monitor The Information Warfare Monitor (IWM) was an advanced research activity tracking the emergence of cyberspace as a strategic domain. Created in 2003, it closed in January 2012. It was a public-private venture between two Canadian institutions: The ...
, following the discovery of GhostNet in March 2009. The Shadow Network report "Shadows in the Cloud: Investigating Cyber Espionage 2.0" was released on 6 April 2010, approximately one year after the publication of "Tracking GhostNet." The cyber spying network made use of Internet services, such as
social networking A social network is a social structure consisting of a set of social actors (such as individuals or organizations), networks of Dyad (sociology), dyadic ties, and other Social relation, social interactions between actors. The social network per ...
and
cloud computing Cloud computing is "a paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand," according to International Organization for ...
platforms. The services included
Twitter Twitter, officially known as X since 2023, is an American microblogging and social networking service. It is one of the world's largest social media platforms and one of the most-visited websites. Users can share short text messages, image ...
,
Google Groups Google Groups is a service from Google that provides discussion groups for people sharing common interests. Until February 2024, the Groups service also provided a gateway to Usenet newsgroups, both reading and posting to them, via a shared user ...
,
Baidu Baidu, Inc. ( ; ) is a Chinese multinational technology company specializing in Internet services and artificial intelligence. It holds a dominant position in China's search engine market (via Baidu Search), and provides a wide variety of o ...
,
Yahoo Mail ! Mail (also written as Yahoo Mail) is an email service offered by the American company Yahoo, Inc. The service is free for personal use, with an optional monthly fee for additional features. Business email was previously available with the Yah ...
,
Blogspot Blogger is an American online content management system founded in 1999 that enables its users to write blogs with time-stamped entries. Pyra Labs developed it before being acquired by Google in 2003. Google hosts the blogs, which can be acc ...
, and blog.com, which were used to host
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
and infect computers with malicious software.


Discovery

The Shadow Net report was released following an 8-month collaborative investigation between researchers from the Canada-based Information Warfare Monitor and the United States Shadowserver Foundation. The Shadow Network was discovered during the GhostNet investigation, and researchers said it was more sophisticated and difficult to detect. Following the publication of the GhostNet report, several of the listed command and control servers went offline; however, the cyber attacks on the Tibetan community did not cease. The researchers conducted field research in Dharamshala, India, and with the consent of the Tibetan organizations, they were able to monitor the networks in order to collect copies of the data from compromised computers and identify command and control servers used by the attackers. The field research done by the Information Warfare Monitor and the Shadowserver Foundation found that computer systems in the Office of His Holiness the Dalai Lama (OHHDL) had been compromised by multiple malware networks, one of which was the Shadow Network. Further research into the Shadow Network revealed that, while India and the Dalai Lama's offices were the primary focus of the attacks, the operation compromised computers on every continent except Australia and Antarctica. The research team recovered more than 1,500 e-mails from the Dalai Lama's Office along with a number of documents belonging to the Indian government. This included classified security assessments in several Indian states, reports on Indian missile systems, and documents related to India's relationships in the Middle East, Africa, and Russia. Documents were also stolen related to the movements of
NATO The North Atlantic Treaty Organization (NATO ; , OTAN), also called the North Atlantic Alliance, is an intergovernmental organization, intergovernmental Transnationalism, transnational military alliance of 32 Member states of NATO, member s ...
forces in Afghanistan, and from the
United Nations Economic and Social Commission for Asia and the Pacific United may refer to: Places * United, Pennsylvania, an unincorporated community * United, West Virginia, an unincorporated community Arts and entertainment Films * ''United'' (2003 film), a Norwegian film * ''United'' (2011 film), a BBC Two f ...
(UNESCAP). The hackers were indiscriminate in what they took, which included sensitive information as well as financial and personal information.


Origin

The attackers were tracked through e-mail addresses to the Chinese city of
Chengdu Chengdu; Sichuanese dialects, Sichuanese pronunciation: , Standard Chinese pronunciation: ; Chinese postal romanization, previously Romanization of Chinese, romanized as Chengtu. is the capital city of the Chinese province of Sichuan. With a ...
in Sichuan province. There was suspicion, but no confirmation, that one of the hackers had a connection to the University of Electronic Science and Technology in Chengdu. The account of another hacker was linked to a Chengdu resident who claimed to know little about the hacking.


References


External links


Shadowserver Foundation

Citizen Lab

The SecDev Group
(dead
archive

Information Warfare Monitor
{{Hacking in the 2010s Cyberwarfare by China Spyware Cyberattacks Cyberwarfare Espionage projects Cybercrime in India 2010 in China Mass intelligence-gathering systems Cyberattack gangs Chinese advanced persistent threat groups China–India relations Chinese information operations and information warfare Tibetan diaspora in India 14th Dalai Lama Hacking in the 2010s Political repression in China 2010 crimes in India 2010s in Himachal Pradesh Dharamshala Central Tibetan Administration