Tuesday, April 6, 2010

Chinese hacking of India's secure data causes alarm


Canadian and U.S researches at the university of Toronto monitoring the hacking of a shadow spy network over the period of eight months have tracked it to servers based in China and specifically individuals based in Chengdu in central China




The report titled "Shadow in the Clouds" had launched an attack on Indian computers which transfered their control to Chinese control centers. Sensitive information from the Indian National Security and about 1.500 email from the Dalia Lama have already been stolen.





China of course denied their role and as of now there is no real hard evidence that the espionage was backed by the Chinese government.





"I do not know what evidence these people have or what their motives are," said Chinese Foreign Ministry spokeswoman Jiang Yu. "We resolutely oppose all forms of cyber crime, including hacking."






The authors of the report, entitled "Shadows in the Cloud" and involving the Information Warfare Monitor and Shadowserver Foundation groups, said they weren't surprised by China's reaction, but added that the evidence speaks for itself.

The report describes a world in which governments are racing to militarize cyberspace, creating an environment ripe for crime and espionage.




Among the compromised systems subject to a massive data breach is the Shakti, the Indian Army's artillery combat and control system, as well as India's mobile missile defense system known as Iron Dome, according to Indianexpress.com.


The eight-month investigation -- which researchers said is ongoing -- found that the Dalai Lama's office was targeted in the attacks between January and November 2009.






The malware used to compromise victims typically involved an element of social engineering, to convince recipients to open infected files. The attackers used PDF, PPT, and DOC files to exploit old and recent vulnerabilities in Adobe Acrobat and Acrobat Reader, Microsoft Word 2003 and Microsoft PowerPoint 2003.


The report concludes by warning that the selling points of cloud computing -- reliability, distribution, and redundancy -- are the very properties that make cloud services attractive to cybercriminals.



"Clouds provide criminals and espionage networks with convenient cover, tiered defenses, redundancy, cheap hosting and conveniently distributed command and control architectures," the report says. "They also provide a stealthy and very powerful mode of infiltrating targets who have become accustomed to clicking on links and opening PDFs and other documents as naturally as opening an office door. What is required now is a much greater refection on what it will take, in terms of personal computing, corporate responsibility and government policy, to acculturate a greater sensibility around cloud security."









An original post by

Sociolatte



No comments:

Post a Comment