Made in China: Cyber-spying system, with focus on India
Reports of a China-based cyber spy network targetting the Indian military and the consequent alert sounded by Army authorities may be only the tip of the iceberg — investigations have revealed a fully dedicated India-specific espionage system aimed at business, diplomatic, strategic and academic interests.
The detailed research and investigations carried out by Canada-based authors of the report ‘Shadows in the Cloud’ and experts from India’s NTRO have pointed to a command and control system that used free web-hosting services and social networking sites like Twitter, Baidu blogs and Google. These accounts were manipulated by a “core” of servers based in Chengdu in China.
The report, released in early April, received fairly wide publicity but its fuller implications are only now beginning to sink in. The largely India-centric cyber warfare system is described as “son of ghost net”, an allusion to a Chinese effort to infiltrate the Tibetan exile community. The current investigations also began in Dharamshala but revealed a larger intent linked to an underground hacking community in Chengdu.
An email used in ghostnet turned up in the Shadows probe as well and is identified as losttemp33@hotmail and was associated with Xfocus and Isbase, two popular Chinese hacking forums and possibly was a student of master hackers Glacier and Sunwear. The individual is believed to have studied at University of Electronic Science and Technology at Chengdu in Sichuan.
The Canadian team used a domain name system (DNS) sinkhole to turn IP addresses into domain names by grabbing suspect servers abandoned after ghostnet investigations. The list of compromised Indian computers is disturbing: machines at Indian missions at Kabul, Moscow, Dubai, Abuja, US, Serbia, Belgium, Germany, Cyprus, UK and Zimbabwe were infected.
A machine at the National Security Council Secretariat was tapped as were computers at military engineering services at Kolkata, Bangalore and Jalandhar. Computers linked to the 21 Mountain Artillery Brigade, the Air Force Station at Race Course Road opposite the PM’s residence, the Army Institute of Technology at Pune and Military College of Electronics and Mechanical Engineering at Secunderabad were also compromised.