The computer systems of scores of Indian embassies, military establishments and corporate bodies, as well as the email account of the Dalai Lama, were hacked by a Chinese cyber spy ring.
Hundreds of documents, including classified files, were stolen, says a Canadian cybersecurity team that monitored the ring — the Shadow Network — for eight months.
The Shadow Network focussed on India, especially its military. The Canadians, in effect, hacked the hackers and saw many documents themselves.
"We snuck behind the backs of the attackers and picked their pockets," team member Ronald Deibert told NYT.
The Chinese hackers stole foreign ministry reports on India’s policy in West Africa, Russia and West Asia. They got
National Security Council secretariat assessments of security situations in Assam, Nagaland, Tripura and Manipur as well as the Maoist problem.
The penetration of India’s defence establishments was remarkable. Three air force bases, two military colleges and an array of military institutes like the Army Institute of Technology, Pune, were broken into.
The Canadian team saw the hackers access over 300 military documents.
The hackers seemed interested in any defence information they could find: from sensitive issues like live fire exercises and Project Shakti — the army’s artillery command system — to more innocuous material like personnel files.
"This is a very serious, broad spectrum assault," said strategic technology expert Ajay Lele, whose own agency, the Institute for Defence and Security Analysis (IDSA), was robbed of 180 documents.
The Shadow Network broke into computers of analysts and stole reports on India’s missile systems. It hacked those of
academics and journalists for work on Kashmir. Data was also stolen from firms like Tata and DLF. The Canadians informed
Indian intelligence on March 24 and were instructed on how to dispose of the classified data.
The ring is believed to be based in Chengdu, in China’s Sichuan province. The cybersleuths, based at the University of Toronto’s Munk School of Global Affairs, avoided saying this was government-approved but did say it was "possible".
Chinese foreign ministry spokesperson Jiang Yu said: "We have from time to time heard of this kind of news. I don’t know the purpose to stir up these issues."
However, the Indian security establishment has little doubt the Shadow Network is cast by Beijing. Says K. Santhanam, former IDSA head: "These rings are normally consortia in which Chinese academia, intelligence and military work together."
Indian officials said the foreign ministry server was breached last year and a security audit "traced the Internet protocol addresses left in the wake of the hacking back to mainland China". The air force too reported an officer’s account being hacked last month and the Net trail led back to China.
The hackers had a clear India focus, says the report. Of 130 Net protocol addresses compromised, 62 were from India.