A China-based gang of hackers broke into Indian government networks and stole classified data, according to North American security researchers who tracked the group for eight months.
The intruders used Twitter, Google, Yahoo and other platforms to steal confidential documents on India’s missile systems, internal security issues and its relationships with foreign countries, the University of Toronto research team said.
The Canadian and US computer security researchers released a report Monday describing how the “Shadow Network” had hacked into computers in India and around the world.
The research team said they had tracked the hackers to Chongqing and Chengdu in south western China, but their identities and motivations were unclear.
An earlier study by the team of an operation called GhostNet had focused on attacks on exiled Tibetan leaders and institutions. The report said those attacks had continued and hackers had obtained Dalai Lama’s personal email messages, among other data.
The gang had leveraged social networking sites, webmail providers and free hosting providers as “disposable command and control locations”, which were in turn connected to a “stable inner core of servers” located in China.
The report uncovered what researchers believe to be the address of one hacker in Chengdu, and say the person had attended the University of Electronic Science and Technology in that city.
The data recovered from 44 compromised computers - most of them in India – included encrypted diplomatic correspondence, secret assessments of the security situation in India’s northeast border states, and information about secret missile projects.
“This would definitely rank in the sophisticated range,” said Steven Adair, a security researcher who helped track the hacker gang, told the New York Times. “While we don’t know exactly who’s behind it, we know they selected their targets with great care.”
An Indian Defense Ministry spokesman said the department was looking into the report, but had no official statement.