While the external affairs minister is in China to celebrate 60 years of the establishment of India’s diplomatic relations with the People’s Republic of China, a hacking operation, originating in China, aimed at classified and restricted documents from the highest levels of the Indian Defense Ministry has come to light.
Canadian and United States computer security researchers, based at the Munk School of Global Affairs at the University of Toronto, who had been monitoring a spying operation for the past eight months, observing while the intruders, termed as Shadow Network, systematically hacked into personal computers in Indian defence ministry, Indian embassies, Indian corporate houses like Tatas and DLF and even India’s largest English language newspaper: The Times of India.
Advertisement
As recently as early March, the communications minister, Sachin Pilot, had told reporters that government networks had been attacked by China, but "not one attempt has been successful."
The Toronto based researchers said they contacted intelligence officials in India on March 24 and told them of the spy ring they had been tracking.
The Toronto based researchers were able to see some of the documents, including classified assessments about security in several Indian states, and confidential embassy documents about India’s relationships in West Africa, Russia and the Middle East.
Who was targeted?
It makes for a frightening list as the targets included (not limited to) the following:
Advertisement
- Diplomatic Missions and Government Entities
Sensitive information was taken from a member of the National Security Council Secretariat concerning secret assessments of India’s security situation in the states of Assam, Manipur, Nagaland and Tripura, as well as concerning the Naxalites and Maoists. In addition, the documents taken contain confidential information taken from Indian embassies regarding India’s international relations with and assessments of activities in West Africa, Russia/Commonwealth of Independent States and the Middle East, as well as visa applications, passport office circulars and diplomatic correspondence.
- National Security and Defence
Recovered documents included presentations relating to the following projects:
- Pechora Missile System - an anti-aircraft surface-to-air missile system.
- Iron Dome Missile System - a mobile missile defence system (Ratzlav-Katz 2010).
- Project Shakti - an artillery combat command and control system (Frontier India 2009).
- Academics/Journalists focused on the PRC
A variety of academic targets had been compromised, including those at the Institute for Defence Studies and Analyses (IDSA) as well as journalists at India Strategic defence magazine and FORCE magazine.
- Institutions:
- National Security Council Secretariat, India
- Diplomatic Missions: Computers at the Indian embassies in Kabul & Moscow, the Consulate General of India in Dubai, and the High Commission of India in Abuja, Nigeria were compromised
- Military Engineer Services (government construction agency that provides services to the Indian Army, Navy and Air Force, among others): Computers at the MES-Bengdubi, MES-Kolkata, MES(AF)-Bangalore, and MES-Jalandhar were compromised
- Military Personnel: Computers linked with the 21 Mountain Artillery Brigade in the state of Assam, the Air Force Station, Race Course, New Delhi and the Air Force Station, Darjipura Vadodara, Gujarat were compromised. The documents included those containing personal information on Saikorian alumni of the Sainik School, Korukonda, which prepares students for entry into the National Defence Academy and a detailed briefng on live fire exercises, surface-to-air missile systems and moving target indicators.
- Military Educational Institutions: Computers at the Army Institute of Technology in Pune, Maharashtra and the Military College of Electronics and Mechanical Engineering in Secunderabad, Andhra Pradesh were compromised. The hacked documents included “Project Shakti,” the Indian Army’s command and control system for artillery
- Institute for Defence Studies and Analyses
- Defence-oriented publications: computers at the India Strategic defence magazine and FORCE magazine were compromised
- Corporations hacked included YKK India Private Limited, DLF Limited, and TATA
- Maritime: Computers at the National Maritime Foundation and the Gujarat Chemical Port Terminal Company Limited were compromised
Advertisement
Among the information targeted were reports on several Indian missile systems. Some 1,500 letters sent from the Dalai Lama's office between January and November 2009 were also accessed by the hackers in this period of eight months under observations.
The documents accessed also included those related to the travel of NATO forces in Afghanistan. “It’s not only that you’re only secure as the weakest link in your network,” said Rafal Rohozinski, a member of the Toronto team. “But in an interconnected world, you’re only as secure as the weakest link in the global chain of information.”
Whodunnit?
Although the identity and motivation of the attackers remain unknown, the report is able to determine the location (Chengdu, PRC) as well as some
of the associations of the attackers through circumstantial evidence.
Advertisement
This operation is different from the Internet attacks identified by Google as also from Ghostnet, also operating from China, identified by the Canadian researchers last March.
Defence Ministry spokesperson Sitanshu Kar said that since the research paper had come out just today, the government would "study it and get to the bottom of it" and that they "had taken a serious view of the study" and that "a probe could be launched to check the leaks".
In Beijing, China dismissed the report and said it was firmly opposed to hacking and regards it as an international crime.
"We have been hearing frequently these kind of news and I do not know the purpose to stir up issues," Chinese Foreign Ministry spokesperson Jiang Yu said, replying to questions about reports of hacking of sensitive Indian sites.
Full text of the report: Shadows in the Cloud: Investigating Cyber Espionage 2.0:
