For eight months, researchers based at the Munk Centre for International Studies at the University of Toronto worked with independent computer analysts in the United States to monitor the activities of a gang of Chinese hackers based in the central city of Chengdu.
The Munk Centre was responsible for the discovery of GhostNet last year, an enormous Chinese hacking network that had penetrated 103 countries and almost 1,300 computers. One-third of the targets were highly sensitive, including foreign ministries, embassies and even a computer at Nato headquarters.
The new report builds on the previous research, and reveals for the first time the sort of information that Chinese hackers are searching for. "After the [GhostNet] report was published, several of the command and control servers listed went offline. However, targeted cyber attacks against Tibetan interests and various governments did not suddenly cease," the researchers revealed.
With the help of the Tibetan government in exile, the researchers were able to start monitoring the hackers and managed to retrieve some of the stolen documents. "The recovered documents include 1,500 letters sent from the Dalai Lama’s office between January and November 2009," said the new report, entitled Shadows in the Cloud.
In addition, "dozens of high-level government networks, embassies, international organisations and others have been penetrated and confidential, sensitive, and private documents stolen."
The hackers allegedly stole classified reports about the security in several Indian states, and about several Indian missile systems, including the new Shakti artillery system and the Iron Dome mobile missile defence system. The hackers also stole documents about the movements of Nato workers in Afghanistan.
The report said the aim of the attacks appeared to be increasingly political, but stopped short of accusing the Chinese government of orchestrating the cybercrime. It added that the evolution of social networking had opened up new ways for hackers to exploit loopholes and spread viruses.
Concerns about Chinese cyber-attacks have deepened in the past year, after Google partly blamed a series of hacker attacks for its withdrawal from the Chinese mainland. Two attacks on foreign journalists in China have occurred in the last two weeks, with several Yahoo! accounts being breached and a malicious virus sent to reporters in Shanghai masquerading as an official government email. The website of the Foreign Correspondents’ Club in Beijing was also shut after persistent attacks.
The researchers said the hackers appeared to be based in Chengdu and that one member of the gang could be affiliated with the city’s prestigious University of Electronic Science and Technology. A spokesman for the university, who would only give his name as Mr Xu, said he was unaware of the report and declined to comment if the university had disciplined any hackers in the past.
A spokesman for the Chinese Foreign ministry said the country condemned hacking, but that there was no official government response.
He added: "My personal view is that this is an attempt by the foreign media to spin the issue of hacking for political purposes, especially since this report is related to Tibet. The report appears groundless and comes from an institute that is not credible." @ http://www.telegraph.co.uk/news/worldnews/asia/china/7559103/Chinese-hackers-steal-Dalai-Lamas-emails.html