Chinese-based online spy ring uncovered by Canadian researchers
A large number of agents related to online espionage have been uncovered by Canadian researchers. It was revealed that this "Shadow Network" of internet spies was located in China and targeted a plethora of victims through seemingly-harmless means like Twitter, e-mail, and other forms of social media.
This incredible hacker operation was done to obtain sensitive information and data from users living all over the world.
In what was a year-long effort, the Canadian investigation revealed that the army of hackers has infiltrated into the servers of dozens of countries and different organizations worldwide. This breach managed to place top secret information into the hands of foreign agents.
Stolen documents that are now recovered show sensitive data was the main objective of the operation, like Indian missile system's top-secret files and confidential visa applications from different countries, Canada included.
The report, that will soon be made public today, is destined to expose one of the biggest spy rings to have ever been revealed. This was made possible thanks to the joint efforts of researchers from the University of Toronto, the Shadowserver Foundation, and the security firm SecDev Group. Controversy will soon rise as the findings - the inner works of a dark organization - are brought into the light.
The investigators found what appears to be a global network of botnets - multiple computers placed throughout the world controlled remotely without the knowledge of their rightful owners - made to report to Chinese servers. Following the botnet trail, the researchers were able to locate where the stolen files were stashed, alongside a glimpse of what kind of information the army of hackers is targeting.
This was made possible by understanding how the hacker group thought and acted. Ron Deibert, one of the lead researchers from the Munk School of Global Affairs, explained that they "essentially went behind their back" and "picked their pockets".
"Shadows in the Cloud" is the name of the soon-to-be-made-public report. This kind of research is not a novelty, as it comes a year after the same team discovered "GhostNet" a similar spy ring featuring the same Chinese link. Because of that previous investigation, the researchers were able to use information from it and found websites tied to a gigantic operation that is now being uncovered.
The one thing the investigators haven't been able to pinpoint is the true head of the entire organization. The report does not accuse the Chinese government in any way as there's no conclusive information on who's truly behind the operation.
The only precedent is GhostNet, which the Chinese government has denied any involvement with. The GhostNet operation infected 103 countries and all 1300 infected computers were linked to Chinese-based servers.
Suspiciously enough, the most targeted country by these attacks is Tibet - which its leader, the Dalai Lama, has most of his computers compromised by the spy ring. Almost every single e-mail sent to or from the Dalai Lama's offices since 2009 appears to be documented in the hacked files, the researchers claim in their report.
Another close neighbor of China, India, has suffered more than their fair share of attacks. Canadian researchers have recovered plenty of Indian documents, including military-related project funding, information on fire exercises and missile projects, and documents from the national security council deemed top-secret by authorities.
Several other countries have been compromised as well. One of the biggest examples is that of visa applications done by Canadian citizens. These applications were obtained from multiple computers located at different Indian embassies all over the world. Embassies in Moscow, Dubai, Nigeria, among other countries were corrupted to achieve this goal.
A lead investigator from SecDev Group claims such a spy ring and the enormous amount of sensitive data collected marks the start of a new era in online spying. Years ago, hackers acted as lone wolves looking for a quick and easy payday - for example, using ransomware on private businesses. This newly found operation reveals hackers are now targeting sensitive information that could be sold to anyone willing to pay.
There's certain culpability among different countries for this recent hacker-related development. SecDev Group makes a correlation with art theft - things stolen are of very high value, but only if you can find a paying customer. The next step in this investigation is to find who is buying - or worse, asking for - top-secret data from foreign countries. So far, there's not a good answer to this question.
Shockingly enough, the very same researchers found themselves compromised by the spy ring. Several computers located at the University of Western Ontario were connected to the Chinese-based botnet - and now suspected to having surrendered files to the hackers. There's no information on how they became affected so far. Similar cases were found at NYU - New York University - and Kaunas University in Lithuania. The botnet appears to be spread all over the world.
The genius and brilliancy of this network was found in its structure. It's simple enough for anyone to understand. The so-called "command servers" issued instructions to infected computers through connectors engaged with the victims.
The connectors were innocent - or seemingly innocent - networks like Twitter accounts, Google groups, and multiple e-mails. These connectors were used to send links and files to a person working for what seems to be targeted organizations. Once that person opens the attachment or links sent by the botnet, the computer receives a command and starts dumping information into the Chinese servers. The very same user is not aware of this interaction but shares all his data with the attackers.
The entire investigation will work as a warning to world governments, researchers explain. Countries are as strong as their weakest link is - while any piece of information might be safely locked away in a cabinet, as soon as it finds its way online it might be compromised. This seems to be what happened to the Indian authorities.
Researchers also claim there's no competent Canadian cybersecurity strategy, as has been the case for years. What once was looked over as unimportant is now beginning to look like a major security risk that it's been yet evaluated.