Made in China: Cyber-spying system, with focus on India


Write Comment     |     E-Mail To a Friend     |     Facebook     |     Twitter     |     Print
TNN

NEW DELHI: Reports of a China-based cyber spy network targetting the Indian military and the consequent alert sounded by Army authorities may be only the tip of the iceberg -- investigations have revealed a fully dedicated India-specific espionage system aimed at business, diplomatic, strategic and academic interests.

The detailed research and investigations carried out by Canada-based authors of the report ’Shadows in the Cloud’ and experts from India’s NTRO have pointed to a command and control system that used free web-hosting services and social networking sites like Twitter, Baidu blogs and Google. These accounts were manipulated by a "core" of servers based in Chengdu in China.

The report, released in early April, received fairly wide publicity but its fuller implications are only now beginning to sink in. The largely India-centric cyber warfare system is described as "son of ghost net", an allusion to a Chinese effort to infiltrate the Tibetan exile community. The current investigations also began in Dharamshala but revealed a larger intent linked to an underground hacking community in Chengdu.

An email used in ghostnet turned up in the Shadows probe as well and is identified as losttemp33@hotmail and was associated with Xfocus and Isbase, two popular Chinese hacking forums and possibly was a student of master hackers Glacier and Sunwear. The individual is believed to have studied at University of Electronic Science and Technology at Chengdu in Sichuan.

The Canadian team used a domain name system (DNS) sinkhole to turn IP addresses into domain names by grabbing suspect servers abandoned after ghostnet investigations. The list of compromised Indian computers is disturbing: machines at Indian missions at Kabul, Moscow, Dubai, Abuja, US, Serbia, Belgium, Germany, Cyprus, UK and Zimbabwe were infected.

A machine at the National Security Council Secretariat was tapped as were computers at military engineering services at Kolkata, Bangalore and Jalandhar. Computers linked to the 21 Mountain Artillery Brigade, the Air Force Station at Race Course Road opposite the PM’s residence, the Army Institute of Technology at Pune and Military College of Electronics and Mechanical Engineering at Secunderabad were also compromised.

Thinktanks such as the Institute for Defence Studies and Analyses and publications like India Strategic and FORCE were also targeted as were corporations like DLF Limited, Tata and YKK India. Computers at the National Maritime Foundation and Gujarat Chemical Port Terminal Compnay were also hit.

On-ground investigations at Dharamshala, where the Tibetan exile community is headquartered, showed that computers were beaconing with server ’jdusnemsaz’ in Chongqing in China. Interestingly, while Chengdu has a military research bureau, Chongqing is host to several triads -- criminal networks with connections to the Chinese government and Communist Party.

In a lucky break, the Canadian team was able to recover data being removed by attackers and discovered a list of compromised computers. Registering and monitoring four of the domain names revealed by the earlier ghostnet probe, they reached those used in the shadows network like www.assam2008.net, aaa.msnxy,net, sysroots.net, www.lookbyturns.com and www.macfeeresponse.org.

The investigations showed that the infected email or social networking accounts were infiltrated with malware which then allowed the compromised computer to receive more sophisticated software through attachments. All through, there was a core of master servers based in China that kept a close check on infiltration of computers and transfer of all sorts of documents from personal details to missile analysis to safe drop zones.


Write your Comments on this Article
Your Name
Native Place / Place of Residence
Your E-mail
Your Comment   You have characters left.
Security Validation
Enter the characters in the image above
    
Disclaimer: Kindly do not post any abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful material or SPAM. BelleVision.com reserves the right to block/ remove without notice any content received from users.
GTI MarigoldGTI Marigold
Anil Studio
Badminton Sports AcademyBadminton Sports Academy

Now open at Al Qusais

Veez Konkani IllustratedVEEZ Konkani

Weekly e-Magazine

New State Bank of India, Customer Service Point
Cool House ConstructionCool House Construction
Uzvaad FortnightlyUzvaad Fortnightly

Call : 91 9482810148

Your ad Here
Power Care
Ryan Intl Mangaluru
Ryan International
pearl printing
https://samuelsequeira.substack.com/publish
Omintec
Kittall.ComKittall.Com

Konkani Literature World

Konkanipoetry.com
Bluechem